Meanwhile, the International Telecommunication Union has approved two new international standards to overcome the security limitations of passwords, addressing biometric authentication on mobile devices and the use of external authenticators, such as mobile devices, to authenticate Web users.
The new standards are under the responsibility of the ITU standardisation expert group for security, ITU-T Study Group 17.
The specifications were submitted to ITU by the FIDO Alliance (‘Fast Identity Online’), an industry consortium focused on developing open specifications for interoperable strong user authentication leveraging public key cryptography. The approval of the FIDO specifications as ITU international standards is expected to stimulate their adoption globally.
FIDO UAF 1.1 (Universal Authenticator Framework 1.1) – standardised as ITU X.1277 – supports advanced biometric authentication on mobile devices.
CTAP (Client-to-Authenticator Protocol) – standardised as ITU X.1278 – enables the use of external authenticators such as FIDO security keys and mobile devices to authenticate Web users over USB (Universal Serial Bus), NFC (Near-field communication) and BLE (Bluetooth® Low Energy).
CTAP and W3C’s Web Authentication specification (WebAuthn) together comprise the FIDO2 specifications.
ITU and FIDO collaboration
“ITU-T Study Group 17 will continue to strengthen its collaboration with the FIDO Alliance,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “These two FIDO Alliance specifications, adopted as ITU standards recently, are being widely used in various industries such as the financial sector to provide strong online authentication based on public key cryptography and various user verification methods. These new ITU standards will provide a concrete basis for the two FIDO specifications to be adopted across the 193 ITU Member States.”
“Our working group within ITU-T Study Group 17 was pleased to be able to collaborate with the FIDO Alliance to promote the standardisation of state-of-the-art security technologies,” said Abbie Barbir, Rapporteur for ITU’s working group on ‘Identity management architecture and mechanisms’ (Q10/17). “This work will help address and solve the security limitations of passwords.”
Brett McDowell, executive director of the FIDO Alliance, said: “The FIDO Alliance is working to improve online authentication through open standards based on public key cryptography that make authentication stronger and easier to use than passwords or OTPs. One of the ways that we fulfill this mission is by submitting our mature technical specifications to internationally recognised standards groups like ITU-T for formal standardisation. This recognition from ITU-T, arguably the highest bar in ICT standardisation, illustrates the maturity of FIDO authentication technology and complements our web standardisation work with the World Wide Web Consortium (W3C).”