FIDO UAF1.0 ASM For Android
FIDO UAF1.0 ASM allows for secure transactions between a user and an authenticator. An authenticator can check whether a user is enrolled, unblock a user, or even trigger the enrollment process. ASMs must map the status code of the authenticator to the corresponding ASM status code. An authenticator can also fail an authentication operation if it does not match the required format.
In order to be compliant with the FIDO Specification, both the authenticator and the attacker must have the same model device and software versions. The AAID and Attestation Keys must also be the same. The FIDO UAF1.0 ASM specification provides detailed information on each parameter. The following is a summary of the different parts of this Specification. If you are not sure about any of the details, you can consult the FIDO Alliance.
Authentication: Using FacetID or CallerID to guarantee authentication between two UAF protocol entities is not enough. Authentication information must also be included in the response. If one or both of the entities is compromised, the remote server can detect this and terminate the protocol. This means that attackers cannot intercept authentication information and steal credentials. This is why a strong authentication protocol is necessary to avoid data exchanging between two UAF-enabled devices.
Authenticator: The authenticator generates a pair of Authentication Keys associated with a user profile. The authenticator sends a public key signed with the Attestation Key to a remote server. The server verifies the signature by the Attestation Public Key before granting the user access. Authenticator responds with a response message containing the signature of the Authentication Keys.