FIDO – Core Principles

[Free] Fido - Core Principles

An introductory guide for understanding the basis of FIDO – Free Course

Added on March 8, 2025 Development 2 min read

What you’ll learn

  • Identify the pieces that make up FIDO
  • Understand the creation and registration of credentials
  • Grasp the use of credentials for the authentication
  • Recognize properties in an authenticator
  • Realize security properties in FIDO

Requirements

  • No programming experience needed (in this course we don't delve into code)

Description

The course introduces the FIDO2 technology by identifying its constituent parts, along with their properties, responsibilities, relationships and the specific interactions among them. As a bonus, it concludes by explaining the details for some of the security characteristics offered by FIDO2.

The elements that make up FIDO2 are:

  • On the Client (e.g. User’s Device) side

    • Relying Party

      • The entity that needs to leverage FIDO2 capabilities and thus who initiates a FIDO2 registration or authentication.

    • Client (e.g. Browser or App)

      • What ties together the Relying Party and the Authenticator

      • The communication between Relying Party and Client is ruled by the WebAuthn specification.

      • The communication between Client and Authenticator is governed by the CTAP2 (Client to Authenticator Protocol version 2) specification

    • Authenticator

      • The cryptographic module that creates and uses the cryptographic keys that enable the FIDO2 technology.

  • On the Server side

    • FIDO2 Server

      • The entity that verifies the FIDO2 operation and that ultimately decides whether the FIDO2 action that occurred on the User’s side is honored or not.

    • Metadata Service

      • The entity (which is always the FIDO Alliance) who governs the registered FIDO2 authenticators and maintains the properties associated to them

      • The FIDO2 Server might use it to help in making a decision on how much what occurred on the User’s side can be trusted or not.

The interactions between the User and FIDO occur in two different instances:

  • Registration

    • When a FIDO2 credential, which is nothing other than a cryptographic key, is generated by the Authenticator with the participation of the User, and then part of the resulting cryptographic material is shared to the FIDO2 Server for further verification.

  • Authentication

    • When a FIDO2 credential is used, with participation of the User, and then the resulting authentication material is shared to the FIDO2 Server for further verification.

As a way to appreciate some of the security benefits that FIDO2 offers, an analysis comparing FIDO2 and passwords is included at the end of the course. This comparison is viewed from two different angles:

  • Credential Theft

  • Phishing

Author(s): Jose Luis Rios Trevino

92
FREE 0 FREE COURSE
Coupon Scorpion
Coupon Scorpion

The Coupon Scorpion team has over ten years of experience finding free and 100%-off Udemy Coupons. We add over 200 coupons daily and verify them constantly to ensure that we only offer fully working coupon codes. We are experts in finding new offers as soon as they become available. They're usually only offered for a limited usage period, so you must act quickly.

Check Out These Related Coupons
      About Coupon Scorpion

      Coupon Scorpion is the ultimate resource for 100% off and free Udemy coupons. We scour the web like madmen, looking for working coupons to save you money. Coupons don't last long so subscribe to our service to get instant notifications.

      Contact | Privacy Policy | Disclosure | Web Hosting

      Coupon Scorpion
      Logo