Authenticator Certification Level 3+ (L3+) evaluates FIDO Authenticator protection against moderate or high effort software and hardware attacks. The confidence in the Authenticator\u2019s security properties is high and the risk for having a successful attack is mitigated.<\/p>\n
At this level, an attacker should be hindered from performing successful attacks at the chip level (e.g. IC package opened\/decapsulated and attack equipment can act directly on the silicon chip) with high professional electronic lab equipment within weeks to months.<\/p>\n
For L3+, the Authenticator is required to conform to a solution included in FIDO Allowed Restricted Operating Environment and Allowed Cryptography lists as part of the Authenticator Security Requirements.<\/p>\n
Examples of implementations that will meet Level 3+ Security Requirements:<\/p>\n
If your implementation does not meet these requirements, please visit Authenticator Level 2<\/a>.<\/p>\n Depending on your current implementation and the Level you wish to complete the process varies slightly. The scenarios below will help determine the next steps:<\/p>\n Certification levels are only for Authenticators; Clients and Servers can complete Functional Certification<\/a>.<\/p>\n If you are completing FIDO Certification for the first time for this implementation, the first step for certification is to start with Functional Certification<\/a>.<\/p>\n Functional Certification tests conformance to the specifications and Interoperability with FIDO Clients and Servers.<\/p>\n No Security Requirements are tested during Interoperability Testing for L3+, but the Functional Certification<\/a> steps are still required.<\/p>\n After Functional Certification, the implementation continues on to the process outlined in the Authenticator Certification Policy, and on the Authenticator Certification Levels<\/a> page.<\/p>\n It is required that the Level 3+ Vendor Questionnaire be evaluated by a FIDO Accredited Security Laboratory as part of the Security Evaluation step of Authenticator Certification. The Vendor is responsible for choosing and working with one of the FIDO Accredited Security Laboratories<\/a> to complete the Security Evaluation.<\/p>\n All L3+ implementers must create an account for FIDO Certification, you can request an account<\/a>, or login<\/a>.<\/p>\n Functionally Certified Authenticators seeking L3+ Certification do not have added interoperability requirements as these were already met during the functional certification process. The next required step is to complete the Vendor Questionnaire – as is detailed in the Authenticator Certification Policy and on the Authenticator Certification Levels<\/a> page.<\/p>\n It is required that the Level 3+ Vendor Questionnaire be evaluated by a FIDO Accredited Security Laboratory as part of the Security Evaluation step of Authenticator Certification. The Vendor is responsible for choosing and working with one of the FIDO Accredited Security Laboratories<\/a> to complete the Security Evaluation.<\/p>\n Implementations completing Authenticator Certification Level 3 or above that use biometric authentication is required to complete the Biometrics Certification<\/a> prior to starting Authenticator Certification (including the Security Evaluation).<\/p>\n All L3+ implementers must create an account for FIDO Certification, you can request an account<\/a>, or login<\/a>.<\/p>\n Fees are per implementation certified and must be paid before a Certificate will be issued.<\/p>\n For an overview of the different Certification options and fees, please review the Authenticator Certification Scenarios<\/a> page.<\/p>\n For an overview of certification fee pricing for this level and all others, please review the\u00a0User Authentication Certification Fees page<\/a>.<\/p>\n There is no FIDO Alliance Fee for a Laboratory Evaluation. The cost for the Security Evaluation will depend on the Accredited Security Laboratory<\/a> used by the Vendor.<\/p>\n Implementers can Login<\/a> to view their Dashboard.<\/p>\n
\nNext Steps<\/h2>\n
Client or Server Implementation<\/h3>\n
New Authenticator Implementation<\/h3>\n
Functionally Certified Authenticator Implementation<\/h3>\n
Biometric Certification and Authenticator Certification Relationship<\/h3>\n
\nCertification Fees<\/h2>\n
Laboratory Security Evaluation Fees<\/h3>\n
\nImplementer Dashboard<\/h3>\n