Windows Hello Hardware authenticator vs Windows Hello Software authenticator
289 views
Skip to first unread message
MANIRATHNAM V
Dec 14, 2023, 5:14:56 AM12/14/23
to fido...@fidoalliance.org
I have two windows machine one machine aaguid defined in FIDO MDs data as a Windows Hello Hardware authenticator also attestation type as attca (TPM attestation) and other machine aaguid defined in FIDO MDs data as a Windows Hello Software authenticator also attestation type as basic surrogate (Packed Attestation).my question is in which condition the machines defines as hardware and software authenticator.can anyone please explain this.
Alex Seigler
Dec 14, 2023, 6:15:06 AM12/14/23
to MANIRATHNAM V, fido...@fidoalliance.org
My organization has seen the same, specifically since 23H2 update, some machines work fine with TPM attestation as before, others are now giving packed or none attestations without x5c. This is preventing registrations with IdP (Okta) that does
attestation validation against MDS for the Windows Hello Hardware Authenticator aaguid. We have a case open with MSFT for an explanation.
From: fido...@fidoalliance.org <fido...@fidoalliance.org> on behalf of MANIRATHNAM V <manira...@gmail.com>
Sent: Thursday, December 14, 2023 5:14:36 AM
To: fido...@fidoalliance.org <fido...@fidoalliance.org>
Subject: [FIDO-DEV] Windows Hello Hardware authenticator vs Windows Hello Software authenticator
Sent: Thursday, December 14, 2023 5:14:36 AM
To: fido...@fidoalliance.org <fido...@fidoalliance.org>
Subject: [FIDO-DEV] Windows Hello Hardware authenticator vs Windows Hello Software authenticator
I have two windows machine one machine aaguid defined in FIDO MDs data as a Windows Hello Hardware authenticator also attestation type as attca (TPM attestation) and other machine aaguid defined in FIDO MDs data as a Windows Hello Software authenticator
also attestation type as basic surrogate (Packed Attestation).my question is in which condition the machines defines as hardware and software authenticator.can anyone please explain this.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAPzqBv0HOHtQpY7M%2Bvms4rJbHWYusW-3QvQDYqbBS9UcuDTuRA%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAPzqBv0HOHtQpY7M%2Bvms4rJbHWYusW-3QvQDYqbBS9UcuDTuRA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages