In recent months there have been two developments in the recognition of FIDO as an option for Europe’s enterprises and governments who are looking to implement robust digital identity solutions. One is the accreditation of the Czech government for a new eID solution using FIDO2 and the other is the EU Cybersecurity Agency (ENISA) Remote ID Proofing report, which highlights the role FIDO2 plays in eIDAS.
FIDO for eIDAS
ENISA’s Remote ID Proofing report, published in March 2021, describes the current remote identity proofing laws, regulations, practices, and supporting standards for European countries. Specifically, the report is based on the ETSI TR 119 460 and ETSI TS 119 461 documents. Documents which describe the policies and practices for remote identity proofing, with a particular focus on eIDAS. The AMLD5 directive to prevent money laundering, and EU directives on issuing ID cards and the exchange of identity information are also covered from a legal perspective.
Within the report FIDO2 is cited as a technology that can be used in eID solutions. In a FIDO Alliance white paper, the concept of how FIDO2 works as part of an eID scheme is described. Essentially, eIDAS regulation has introduced three levels of assurance for electronic identification; low, substantial, and high. Each assurance level has clear criteria on how it is met and the FIDO standard enables authentication implementations to meet eIDAS requirements for assurance levels Substantial or High. The assurance level met depends on the FIDO authenticator’s security levels.
There are seven key criteria and associated requirements which need to be met for a FIDO eIDAS deployment but requirements do marginally differ from country to country.
Czech FIDO2 eIDAS accreditation
Only a matter of weeks ago, the Czech ministry of interior moved forwards with issuing a eIDAS accreditation for the Czech domain registry CZ.NIC, enabling their identity provider mojeID to deploy FIDO2 as an eID scheme at the eIDAS assurance level of High.
The conditions set by the Czech government are:
- The FIDO2 authenticator is FIDO certified at Level 2 (or higher)
- The FIDO2 authenticator is based on a secure element that is certified at FIPS 140-2 Level 3 or Common Criteria EAL4 + AVA_VAN.5
- The FIDO2 authenticator has a PIN set and the PIN is required for all transactions at level of assurance High
- Username and password are used in conjunction with FIDO2
Recognition of FIDO as a robust method of authentication continues to grow across Europe, underpinned by the recent ENISA report on remote identity proofing and use of FIDO2 for the Czech eID scheme.
Intercede’s MyID is a credential management system which includes FIDO2 authentication server and FIDO management capabilities for organisations to set FIDO policy controls, manage FIDO credentialed devices and benefit from a centralised audit of their deployment. MyID also provides user-friendly methods of device collection for end users and can unify FIDO and PKI credential management.
Intercede is a sponsor of this month’s FIDO Alliance’s Authenticate Virtual Summit: Focus on Europe, which takes place on 17 June 2021. Register for the event here.
To find out more about MyID’s FIDO credential management capabilities visit here: https://www.intercede.com/fido/
If you would like a demo of MyID’s FIDO capability, contact us now using the form below.