Implement passwordless security without changing your existing infrastructure: With BALTECH readers, you can now make use of FIDO2’s enhanced security features offline – no server-based verification required.
What is FIDO2?
FIDO2 is an open standard for passwordless authentication. Its goal is to make authentication not only more convenient and faster, but above all more secure as it eliminates password-related risks such as phishing.
Implementation is based on asymmetric encryption. A core component is an external authenticator such as a card that holds the user’s private key. This key must be applied to the card during encoding, which is also possible retrospectively for cards already in the field.
Why authentication on the server doesn’t always work
Typically, FIDO2 requires server software to verify the private key on the card. However, this approach doesn’t work in every scenario, especially when FIDO2 needs to be integrated in existing infrastructures. Take access control projects, for example: Here you’ll mainly have host protocols such as Wiegand or OSDP that aren’t compatible with FIDO2 as neither of these protocols support the bidirectional online connection that’s needed between card and server.
BALTECH readers perform authentication offline
Our implementation takes authentication offline by shifting it from the server into the reader – no extra server software required. Upon successful authentication, the reader forwards the card’s ID to your existing host system, be it an access control system, embedded PC or a multi-functional printer (MFP).
Contact us for your custom firmware
To support FIDO2, you’ll currently need custom reader firmware. We’re happy to create this for you on request, also at short notice, and support you with any questions coming up.
