Smart Card Fido U2F Applet

[JavaCardOS]

U2F is an open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers or client software needed.

Fido U2F is a javacard applet which is a FIDO compliance program running in java smartcard platform.This code implements the FIDO U2F specifications being developed at http://fidoalliance.org/, and it was based on U2FToken and ledger-u2f-javacard.

Note:

1. You can also view this applet from GitHub or SourceForge.
2. This Applet has been successfully compiled in JCIDE, and it has been tested with JC30M48CR.

[Bob2002]

The Mission of the FIDO (Fast IDentity Online) Alliance is to change the nature of online authentication by:

• Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.

• Operating industry programs to help ensure successful worldwide adoption of the Specifications.

• Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.

[tieuhaoluong]

Hi all,
What's different from U2F Version 1.0 & 1.1?

[UNKNwYSHSA]

Hi all,
What's different from U2F Version 1.0 & 1.1?

From the name of specification, v1.1 is a Draft version.
For more technique details, you have to read the specifications and find out differents.

[tay00000]

I know that this is a rather old topic so probably I might be missing something.

I am recently deciding to test out U2F applet by @Javacardos and also the cards bought from @Javacardos.

Applet installed on card with no problems.

When I insert card into card reader and visited Yubico's U2F demo page (https://demo.yubico.com/u2f?tab=register), I noticed that nothing is going through to the card and the reader as I am not registering any sort of commands being passed to the card.

Am I right that using card and reader by default on a web browser is not going to work until I do something like mentioned in an old post via
(https://javacardos.com/javacardforum/vi ... &hilit=u2f) ?

[tay00000]

Probably some side knowledge in case people are wondering. I was reading something regarding how Windows handles USB drivers and it doesn't allow HID, CCID and mass storage access via the default Windows driver and thus Zadig must be used to swap out for a USB driver that allows WebUSB.

So no go for WebUSB and no one has come up with a working WebUSB with CCID for production grade solution yet.

Now what about the FIDO route ? Apparently it only supports HID tokens for contact insertion and NFC has to be done over a phone with NFC capability and a FIDO capable application like Google Auth installed and of course an NFC device with FIDO applet too. That is too much a hassle. Similarly, the BLE route is the least chosen due to it being not easy to obtain tokens with BLE. Similarly a phone with BLE and with a phone app and a BLE token must be used. So for desktop access ... no luck unless the hardware is capable of HID with FIDO settings for HID as well in it's HID descriptors.