How to bridge PKI to FIDO on computers and mobiles without any installation?

In 2001 NIST encouraged and later mandated the use of PKI for the protection of highly sensitive information on-line. In 2013 the FIDO Alliance was formed with the objective of creating a secure passwordless authentication system that worked across the more popular applications and across multiple platforms.

NIST SP 800-157 says the use of FIDO as an extension of its public key infrastructure is OK for lightweight assets while still requiring full PKI for high-security assets. In 2018 FIDO’s Public Policy and Privacy Working Group (P3WG) said Governments and businesses around the world are looking to enhance Public Key Infrastructure (PKI)-based authentication systems with complementary, comparable technologies such as those built around the FIDO Alliance specifications. This approach can extend the benefits of authentication rooted in public key cryptography to a wider array of applications and users without sacrificing the well-known benefits of PKI.

Like all good ways forward the interim solution is a compromise waiting for the complex details of the future integrated security plans to be hammered out. What is the ideal compromise? We need a single USB/NFC token that supports both FIDO and PKI, without installation of middleware or APP and which works across Windows, Mac, iPhone and Android. And the good news is that such a USB/NFC token already exists, the Idem Key Plus from GoTrustID Inc.

The Idem Key Plus is a certified FIDO2 and FIDO U2F Security Key using the USB interface or NFC interface for iPhone/Android connections. It is also a PKI token with a patent pending design to bridge FIDO 2 commands to access PKI certificates using the WebAuth API. What about middleware like PKCS#11 library or mobile APP installation? This is only necessary in the legacy systems. The PKI web applications on computers and mobiles use WebAuth API to execute the PKI functions of Idem Key Plus without any additional middleware or APP installation. It works with Windows 10 with all latest versions of browsers including Edge, Chrome, Firefox, macOS with browsers of Safari 13.0.4 and latest Chrome, Android 7 with latest Chrome and iOS 13.3 with Safari using the NFC interface. Of course, GoTrustID is still keeping PKCS#11 middleware for legacy systems in Windows and Mac.

So now with the Idem Key Plus you can move forward in harmony. Sign on to your Windows 10 passwordlessly, work as a Security Key to authenticate the most popular applications like Google, Facebook, Twitter, Dropbox and many more and also access your mission critical applications using PKI. This is an interim solution at its best!