ITU officially recognizes two FIDO Alliance standards for biometrics and strong authentication
The FIDO Alliance is closing out 2018 on a high note, with the recognition of two of its international standards by the International Telecommunications Union’s Telecommunication Standardization Sector (ITU-T). With the announcement, FIDO UAF 1.1 and CTAP have been established as official ITU standards, or ITU-T Recommendations, for global ICT infrastructure.
FIDO UAF 1.1 is a mobile standard for authentication on the user’s device with biometrics and other modalities instead of a password. CTAP is part of the FIDO2 specifications along with the W3C Web Authentication standard, and includes FIDO U2F 1.2, allowing external authenticators such as FIDO Security Keys and mobile devices to be used as external authenticators for authentication with supporting browsers and operating systems. The recognition of FIDO2 by the ITU was first revealed during the 2018 FIDO Taipei Seminar earlier this month.
“The FIDO Alliance is working to improve online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or OTPs. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognized standards groups like ITU-T for formal standardization,” comments Brett McDowell, executive director of the FIDO Alliance. “This recognition from ITU-T, arguably the highest bar in ICT standardization, illustrates the maturity of FIDO authentication technology and complements our web standardization work with the World Wide Web Consortium (W3C).”
ITU members, including national administrators and representatives of the world’s leading ICT companies, approved the ITU-T Recommendations formed under the responsibility of ITU-T Study Group 17, the UN ICT body’s standardization expert group for security.
“ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance. These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods,” says ITU-T Study Group 17 Chairman Heung Youl Youm. “These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”
“Our working group within ITU-T Study Group 17 was pleased to be able to collaborate with the FIDO Alliance to promote the standardization of state-of-the-art security technologies,” adds Abbie Barbir, Rapporteur for ITU’s working group on ‘Identity management architecture and mechanisms’ (Q10/17). “This work will help address and solve the security limitations of passwords.”