Product Documentation
The most secure policy possible for Android.
- Requires Android 9+ mobile device
- Requires biometrics enabled on device
- Requires app built with SACL
- Uses TEE or Secure Element on device
- Uses Android Key Attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-Android-Key",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1745341841",
"endDate": "1760103870871",
"system": {
"did": 6,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": [
"required"
],
"userPresenceTimeout": 30,
"allowedAaguids": [
"b93fd961-f2e6-462f-b122-82002247de78"
],
"transport": [
"usb",
"internal"
]
},
"subdomains": {
"enabled": false,
"allowedSubdomains": [
]
},
"relatedOriginRequests": {
"enabled": false
},
"digitalAssetLinks": {
"enabled": false
},
"algorithms": {
"curves": [
"secp256r1",
"secp384r1",
"secp521r1",
"curve25519"
],
"rsa": [
"none"
],
"signatures": [
"ES256",
"ES384",
"ES512",
"EdDSA",
"ES256K"
]
},
"attestation": {
"conveyance": [
"direct"
],
"formats": [
"android-key"
]
},
"registration": {
"displayName": "required",
"attachment": [
"platform"
],
"discoverableCredential": [
"required"
],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
"uvm": {
"allowedMethods": [
"presence",
"fingerprint",
"passcode",
"voiceprint",
"faceprint",
"eyeprint",
"pattern",
"handprint"
],
"allowedKeyProtections": [
"hardware",
"secureElement"
],
"allowedProtectionTypes": [
"tee",
"chip"
]
}
},
"mds": {
"authenticatorStatusReport": [
{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
},
{
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
},
{
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
},
{
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}
]
},
"jwt": {
"algorithms": [
"ES256",
"ES384",
"ES521"
],
"duration": 30,
"required": [
"rpid",
"iat",
"exp",
"cip",
"uname",
"agent"
]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 6,O=StrongKey",
"serialnumber": "1407182327055208063",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbegAwIBAgIIE4dQ3vJVTn8wCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU5NDdaFw0yNjA0MjIxNjU5NDdaMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABn2hc8fkpxs8PoAJz9M7f+H+myWcAa16T+vl1jbw05zuU1IPcQn2cH+AXKBjdcJDtIcXXeD5Z9wwxUcsa0LXJK1gDADQDWA+ruCM93g3bkEa6ZeqPwi+bDP6j7IwL3OiIaFuYVSXronUhRS0NH71uhn8ayjVI33n9a4aognVFvzJEoyKNCMEAwHQYDVR0OBBYEFKdyCs4XQHgGFQ7ebsXRphaMNnDnMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMEA4GLADCBhwJBYNoixFl+//k1P5f+iYAwnNx/TUmZJcW+w98dB5iZjYgfa4iYcalpqe93APxfXUgJpDzA95CNPb24hpvrGld3c7ACQgEePjbDzbFvv6TIVN4fsMRLFQmdM0qn7rHpc81uA9LxUZy+ld/tVG4IW04hGpUFKiNOcINJQgqQZYy2SPxT4kENbg==-----END CERTIFICATE-----",
"jwtcerts": {
"default": [
{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 6,O=StrongKey",
"serialnumber": "2631079417588616245",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBjCCAWmgAwIBAgIIJIN4yk02DDUwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNjU5NTlaFw0yNjA0MjIxNjU5NTlaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+5uTWusfhs/GxqhtCy8yxo2qhH1tAoyMd/ixpn/m/ohk5ftoxOnpyL1joZL0o9tlZUS8sFmix4elxLX2XnEEpaNCMEAwHQYDVR0OBBYEFHN05IkBjiyA8BGWuUWwgTjZWlx7MB8GA1UdIwQYMBaAFKdyCs4XQHgGFQ7ebsXRphaMNnDnMAoGCCqGSM49BAMEA4GKADCBhgJBcQE2xsIECUHNEW5jEtxLBRirGOj8XVnw0wUvCdjteYRxMSaJPXQrLEha29MpoQYFDmzfGXJniUG3zb2btI1HXioCQV26BCicc12uh5+XF0We52dASZ6Z6qIjo7Wp5pUa7PlWIKwqSxH0EKrLwKwm3RIJO0Bc+1mogp24ush+D4iqcenP-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 6,O=StrongKey",
"serialnumber": "5257544716949188646",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWmgAwIBAgIISPaNEHx88CYwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzAwMTZaFw0yNjA0MjIxNzAwMTZaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj4QzffeGuZ5AVv8C4GrI8j9BUAvo2+qzhGL+hiBxwrQjth86gOjsEmJg4VJ9aQNFt+i+bOBtLmMZawhJQuzoAKNCMEAwHQYDVR0OBBYEFOup9HtT9OKNzeEMyY9v0e24VHi1MB8GA1UdIwQYMBaAFKdyCs4XQHgGFQ7ebsXRphaMNnDnMAoGCCqGSM49BAMEA4GLADCBhwJBSyB9j/rJsq/eXGY8ZkT7Gg+pb34nbLffy53MFbA1TZMSDkQMDUqfIq9UkAa+HhK0/gcQfwwp3ntDg5lr0EPD1OoCQgFntIm/dtv3/1S3s4czgcBUCd2MpvaFcp9opwwPPYGZp3nx6awfZmD5CjpYRLoSWwpX7qNv28aEa6t8pL529Ti05Q==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 6,O=StrongKey",
"serialnumber": "4829982960570899847",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWmgAwIBAgIIQweL6YwEnYcwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzAwMzRaFw0yNjA0MjIxNzAwMzRaMEAxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxGjAYBgNVBAMTEVNLRlMgSldUIFNpZ25lciAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh3XSh0FAhIzIEiwef7jbs1eml4nzTDWM2XAMlorIp7nI8Dh7XCAKWxcaBZrnNkrEXReH/BKPXCoI0kOboZ3+nqNCMEAwHQYDVR0OBBYEFDD9bWK0/PNK3zO+IJJzJAjlX/hXMB8GA1UdIwQYMBaAFKdyCs4XQHgGFQ7ebsXRphaMNnDnMAoGCCqGSM49BAMEA4GMADCBiAJCAbKQ3o/AyuTzFQ/a9Un8bpZYIJR91qXKopColGA4FBUb1AWG/eSCP7tebgm6F96x1Qt0HnDovucwPayOLK4cUgG1AkIB9+WTLZQaP+R49IS4v4NLWldEpSQPNWx7SGmP1elTETmxQgvZE2pJGO1PZYCB8ffe4UVRYrXBFX8KeRB0phZXNzM=-----END CERTIFICATE-----"
}
]
},
"samlcerts": {
"default": [
{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 6,O=StrongKey",
"serialnumber": "-5068545070503112613",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5TCCAkagAwIBAgIJALmo6RzYmtBbMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNzU4WhcNMjYwNDIyMTcwNzU4WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6JPzw6GRBDtU0dfANxY/nxPab1D64vTf0+6dyXkZRbI6weOveCKU4WgrySFgr7THPqQmRnQGdbjLNvbAgg1Er5FgL0F6SQZCPGNrTFqn+1KwtvZG6QDSsVH5/HfvDwmL8UMEYQ4DCBg4SCLbbkVZlaUISLkehKoTfsjFzz7Ah3gGYA3LlAq9ofA1qCX7cH762cC0BbrA+lPHEtwX4HZDPTqQYc/zC+OhrQlOUZ2i/srdMMlfQV0/M7rTVigJaqnEsCqShL1PtM69zLOfyoKYlPvEzrU85cnSeHBgDNbWu52O+4VwO9EHQafMu54Ee6sGOxxo1FHvb7A9lBjMZisc3AgMBAAGjUjBQMB0GA1UdDgQWBBQMMc7ZBKWKnbEnYzKLwp698DCgejAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUp3IKzhdAeAYVDt5uxdGmFow2cOcwCgYIKoZIzj0EAwQDgYwAMIGIAkIB6MeB1GHLUpSXE5LTe7TrvyrfQUpcmweC4v9xiPihEexuXp8UT4G99/2R0MbiQ+3FyrnDR9V+0Sbr1miUJnavL3YCQgGgQ8C+DNKrqXIKIV0Tk0E7PTc/hny9eQGbK/qFr/jGaXeiy1GzlaDvcj+MqHebIpcgSIkwIPW5MfsAFzKPUJI+MA==-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 6,O=StrongKey",
"serialnumber": "9156590421493926096",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkWgAwIBAgIIfxK+eYLjyNAwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA4MTZaFw0yNjA0MjIxNzA4MTZaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJUkg4BkLY8G7QPGZEcQsPwzDhjzqU+Sfj8FyqIsoX5yg/99qmLz7EsJVelRQZVlenXv4x8yX24c9m8nCc7Ot22+QUWGWZtKlo2F4g4CmEafMCHdtIGhzxpJHIFyN1kJ4L6r59LHaZpV5Lda9gowzs8InfZxWGdjJx7ZrLNw1/Y9YD/Tta1xw0BhZ68xzLzdxxFYS+PjwLCxlzP1CuTlT18kqe3DUhlDJ3WdTb/KS4MBXSDvYV+Zc6Uq25t0b/WMyHBJQJb/EkLm4IZ3uv9PVBx4jXRHfC2civR1uwLGOKuqopP/ObSg3Dl55/SrrZzlxwMBt43nUj6TCO5yNIDmHjsCAwEAAaNSMFAwHQYDVR0OBBYEFNcYV/dVe2qfX0seZEB+4jyVMzIzMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSncgrOF0B4BhUO3m7F0aYWjDZw5zAKBggqhkjOPQQDBAOBiwAwgYcCQgFgzHfJNAXWcoD3XqZ+QwDqz9GGE+Mtu339duRruo0SbAJ+eEsBVkAQ78mLyG/Ei9D6J4uGO7vz4Deu/60ObxrvpQJBU2axsF3XoPmlvjKL8nHOfEsm/O2PPjmgXjNhbKWT4lGjYp4lLSTszeQfcmtKcgPK+Zu/qvKDl0g+GiLds1eVRNQ=-----END CERTIFICATE-----"
},
{
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 6,O=StrongKey",
"serialnumber": "8300513963028771929",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkWgAwIBAgIIczFZeKt/9FkwCgYIKoZIzj0EAwQwSzESMBAGA1UEChMJU3Ryb25nS2V5MQ4wDAYDVQQLEwVESUQgNjElMCMGA1UEAxMcU3Ryb25nS2V5IEZJRE8gU2VydmVyIFJvb3RDQTAeFw0yNTA0MjIxNzA4MzNaFw0yNjA0MjIxNzA4MzNaMEExEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxGzAZBgNVBAMTElNLRlMgU0FNTCBTaWduZXIgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFNpzOpgzUGawDeiVNGgmrEtdx95N5QrsXRDLYdV0NSr1Gw+uexHY/na60RtZyxx+azFfv1QSmo3GDsFWYivqCxJ4KScSVvqWiFOLjknO1c3Bx82JjyMScwSuZMNeiQTr6ODQLH6Ja7vFjaMhtoa+sfPGl/h43n1zHTHYIu3M30ve8E5/NcaJlZlA319RxvG9pZQ91bsGsQUS0JcT7RHThIovk6oXUwJGH5Y75QfxokFtBdvPJm6QJ/XQkfyPuUHFi+40DnPbGZ7pcDhephG4fX3XgnOd7QxWbUF0VLoNOqUVo+0I6A1mozZ9tW06/tq8bfVrDkdMgGVF5ouqgVFSECAwEAAaNSMFAwHQYDVR0OBBYEFOitLjjv77pb3uE/hMBn1zp1w2tXMA4GA1UdDwEB/wQEAwIHgDAfBgNVHSMEGDAWgBSncgrOF0B4BhUO3m7F0aYWjDZw5zAKBggqhkjOPQQDBAOBjAAwgYgCQgDcY09tIxRDfKcKXJlACHkbeuUBDsi8Rb2VKDqdfS0VP3yzBUL2Srex70jz/oaPAEKI1cgQkjdHj5FvC+om6nyzcgJCAWKU1o5fetFWtJwKri9SBAFETRSLxHkAZ3TsPYPs4Q0ZL2kcmatbA+TGHUWVs4eBTDIbZv6Jkl58lYWfWpKiM8xX-----END CERTIFICATE-----"
}
],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 6,O=StrongKey",
"serialnumber": "-5068545070503112613",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5TCCAkagAwIBAgIJALmo6RzYmtBbMAoGCCqGSM49BAMEMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjUwNDIyMTcwNzU4WhcNMjYwNDIyMTcwNzU4WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6JPzw6GRBDtU0dfANxY/nxPab1D64vTf0+6dyXkZRbI6weOveCKU4WgrySFgr7THPqQmRnQGdbjLNvbAgg1Er5FgL0F6SQZCPGNrTFqn+1KwtvZG6QDSsVH5/HfvDwmL8UMEYQ4DCBg4SCLbbkVZlaUISLkehKoTfsjFzz7Ah3gGYA3LlAq9ofA1qCX7cH762cC0BbrA+lPHEtwX4HZDPTqQYc/zC+OhrQlOUZ2i/srdMMlfQV0/M7rTVigJaqnEsCqShL1PtM69zLOfyoKYlPvEzrU85cnSeHBgDNbWu52O+4VwO9EHQafMu54Ee6sGOxxo1FHvb7A9lBjMZisc3AgMBAAGjUjBQMB0GA1UdDgQWBBQMMc7ZBKWKnbEnYzKLwp698DCgejAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUp3IKzhdAeAYVDt5uxdGmFow2cOcwCgYIKoZIzj0EAwQDgYwAMIGIAkIB6MeB1GHLUpSXE5LTe7TrvyrfQUpcmweC4v9xiPihEexuXp8UT4G99/2R0MbiQ+3FyrnDR9V+0Sbr1miUJnavL3YCQgGgQ8C+DNKrqXIKIV0Tk0E7PTc/hny9eQGbK/qFr/jGaXeiy1GzlaDvcj+MqHebIpcgSIkwIPW5MfsAFzKPUJI+MA==-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.