Product Documentation
The most secure policy possible for Android.
- Requires Android 9+ mobile device
- Requires biometrics enabled on device
- Requires app built with SACL
- Uses TEE or Secure Element on device
- Uses Android Key Attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "RestrictedSKFSPolicy-Android-Key",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1695937015",
"endDate": "1760103870871",
"system": {
"did": 6,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": ["required"],
"userPresenceTimeout": 30,
"allowedAaguids": ["b93fd961-f2e6-462f-b122-82002247de78"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["none"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["direct"],
"formats": ["android-key"]
},
"registration": {
"displayName": "required",
"attachment": ["platform"],
"discoverableCredential": ["required"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {
"uvm": {
"allowedMethods": ["presence", "fingerprint", "passcode", "voiceprint", "faceprint", "eyeprint", "pattern", "handprint"],
"allowedKeyProtections": ["hardware", "secureElement"],
"allowedProtectionTypes": ["tee", "chip"]
}
},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 6,O=StrongKey",
"serialnumber": "700627357",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbWgAwIBAgIEKcK5nTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1OTEzWhcNMjQwOTI1MTg1OTEzWjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAWlZox09zN19Vh5DUO54kBePTEnxMNTWQxD9tUPvgt3Yn3LnkbbO+6Jc4ma44uumxXE6i68ubGUGepZ58vSh7WQoAXa/SFmVj9TQ89S/V6iFPsH9HWph5arUuWH7CFUN1vGVa8NnC6y1+SgtETT4fPQrvQJabJ2UN2Qb0kyTcu3LghcCjQjBAMB0GA1UdDgQWBBTav/jV8r+BUeGrAcpJ7ayhf+Lm5TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GMADCBiAJCANimjdqLZJgx0D3e6tiaSDphw6WKnDmEVNKoQ6x5e++g+OjfonP+UbkowZ9u0jM1JOi5jIsDyGxnAUvLXXzd0SXNAkIAnmh5GIKIl6HGZnqNNFU4eBKERu967rHHP+FH9sPkbL7RLbtrgC5OTdMM3UZ8fKFG5ABvlQihrvmbSxiFzEDcjWk=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 6,O=StrongKey",
"serialnumber": "2085019176",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEfEbeKDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1OTI0WhcNMjQwOTI1MTg1OTI0WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCSzCb3WzETVIa/PNrR04f+WKHNwwYj7Eu0PIZfm9UyrXr5jgfgT8JuKaKwaI2IMUeDF3j5Xf+AUemR1rW0Ns9ijQjBAMB0GA1UdDgQWBBS+cPcR3RB68pcqCCp0L18RU2yqxDAfBgNVHSMEGDAWgBTav/jV8r+BUeGrAcpJ7ayhf+Lm5TAMBggqhkjOPQQDBAUAA4GLADCBhwJBFxHYxgmeCL6fpPcjKB+h1Iw/lqVxqBvI/7WVFKdtAbXh1nw5L4S5/+86sv93POIGh+EmvOc+2nKL5gCWIeeAvn0CQgEGKRRJhQt+4YWP0Evvb4r4/LO7ZVj+NOEqL8liKvLB6aoBbOi3/AaPuAxq0dRtjtzSqpOcctjYEYuG7ZCsnHg2ow==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 6,O=StrongKey",
"serialnumber": "661800299",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBjCCAWegAwIBAgIEJ3JFazAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1OTQwWhcNMjQwOTI1MTg1OTQwWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDttddO8u9KUNwHWmxzdPD0kM2k06Sk8ZhzqV22l4OcMaz83OoDXHsjU99Tgz0ycE+n2oGPVOBMhFlUoLskWnwWjQjBAMB0GA1UdDgQWBBTs/srHvvjD8GjT0pXi9DcfLEQ3QDAfBgNVHSMEGDAWgBTav/jV8r+BUeGrAcpJ7ayhf+Lm5TAMBggqhkjOPQQDBAUAA4GKADCBhgJBL0FTJiO7nHhv0O5RLgx5D1cCtGurf47WSnFIEnywSpPmDIn0/QaIhDg8KbntQ1C1X18HOvG3m9XnITMqVKxHfbsCQU6zmEqQER47QOXTsaWC89omBeOs5ojTmfY06NMCxgK3S/9HmeqAwqlimDMPrt7WkTUsDHoCPdug0t6yyU7gNmOl-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 6,O=StrongKey",
"serialnumber": "1476049803",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEV/q7izAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1OTU3WhcNMjQwOTI1MTg1OTU3WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABME+wgCoJ3B8XrFzmBLBrBfa3npqeO0Qm1azycBBt0FtCSdHPWt1Zypb5xQeCeSsrj2FkZ7Ttg3p4e4Wi7CMuqujQjBAMB0GA1UdDgQWBBSnVXCCaRL5JBSMhRfwbhaP1Vda5TAfBgNVHSMEGDAWgBTav/jV8r+BUeGrAcpJ7ayhf+Lm5TAMBggqhkjOPQQDBAUAA4GMADCBiAJCAUi8HCEDTmbYB3Z3XSqPhBsJAGovwqWQK9nqcgalnKCrOKeO1vuV+AsDKsX1NnfZ6shVaQl1Cy19KD2HtviF3JuOAkIA0nSWOk/aBcHDPJQvls2rwSMc8KTir6xlU2kOorB3fGuki1K2O72ec69tTkIq34so1DIiHLJtwefL1HdlboydT74=-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 6,O=StrongKey",
"serialnumber": "2034271027",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkOgAwIBAgIEeUCDMzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNjUzWhcNMjQwOTI1MTkwNjUzWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLFEeyGzx1fZ0U49a4R0WhzinM1COYkcB8oV2ADFZPfS6t2pp7zrU5sNlvg9+vUxyfRHnPaICPWh5TFt6wZ1OpzXoXPXcxKP5aYbDyORWYvD5s/uQicZO+sXL7BKOAhF9QmRHVBoIoVeumHCcnIevVKBKz90jOAuA9VCGvz+mGecYp+zySpFMNSoNRVC9+LIykotrNUPhYaPVs5KN4B8XkoOuSnwSctgTYeERrsYHKeqJ16UQFcqPGZ6LE2UtrMzO0+7tZh8pazhJyPzM7A8RFSjfRKvcO/XaH8pBkhyM4NW4kmV06fNFOFmFnlk3vY9CNyYXDb6layPVw+Z9KLpfnAgMBAAGjUjBQMB0GA1UdDgQWBBSY4TJYCfOOnwS0A38jcLJsJL/wFTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU2r/41fK/gVHhqwHKSe2soX/i5uUwDAYIKoZIzj0EAwQFAAOBigAwgYYCQSLpFsubzNJ3tn1gQs+0hneodO6SkA2td9gxMhe3mLempgHLuzuQ6zXvMgIQmnNOIrg7/pNGpoQCL+a+o6HmTZ2+AkF0UoDAfl7fSRS6NSQc2NcPKCKJb2HDXNuITfJykXCMHxsdSyENiH6HOacdR6Hkdw2cKPJF1DP9kvr+db0FYqsLNw==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 6,O=StrongKey",
"serialnumber": "1214712690",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIESGcLcjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNzA5WhcNMjQwOTI1MTkwNzA5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZbTkC1300wRw2eg2MKNNvMbk0XZtK08cLkMegoAGOmtChnLWwlQh73VvSmh6e2lRgOQGlb1PckD1Z2wOLuo288iTrikKdalSQRrNIMGqKO1S9Jk8tElcesnW3sXwFZudseHJGJvTljE0eqTQfzAmLuZKpept38Gl3nxpSW5QtWCvXkSj7qgdv2c2RjuwHeATGrRlSgT4sXfv+zml2L6Otzwmxhd37lAxf8gMtgXBJtui+2Fbr77Qt9IlxbTdptaDx9+a8PzN3fUSlmtshMw3WdAXaFPjAuMnZ1pzaXCUiuCLZsl7U5NZc0/3rGwftz3YNCFVnRTaCa2s9bAU+NJf/AgMBAAGjUjBQMB0GA1UdDgQWBBSGhP9sc2P3ZAdagCkwEv1TQPxlEjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU2r/41fK/gVHhqwHKSe2soX/i5uUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgDqmJ5JM5uVuCfQFlhcqdcaWjUHB7wBdum9NlTreD/jr8v5A6VeHNfENS2Znm5CR4pfTBLWFxVhXCxAFtOqRT5mawJCAe38mvZAyVgYwh9H61EPVN/Da5GKe3v4E8ToykS7QwWWRU2xjK37r7EdesKGJe+bJcIrxtEebyBV8vWOMMS87Gws-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 6,O=StrongKey",
"serialnumber": "758554105",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIELTad+TAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNzI1WhcNMjQwOTI1MTkwNzI1WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW7xRfANIlKfP4YW4pnw3gbK5zv51KVjSs0XPDPqlD5Q3Hgfem3/Y+//6pQCAMR/1SwhjyMRxf0+yj20ioU59srqLHKBuiqT2cMwagtSIH5aKbQ7U8wTYfE2rF/GFmQZpzzyunUQLrucaYQGD+Kc3L0YqDUEris3b5gs0R5WPPzNGbyYaxX+Pm+Y7+dfR68vQ7UICWGMLMsh5g6NEn8czuMTZHIVG4HGmiXs/A88pr5czh+X8vlcN/0kCRxJGw1vN7u1c9XqCyYbLkGuxKtXpWEfEFfAUE5PN207n13jRqtvyS4dslmWvlRWUJ0nQoroGnSTi7kcjpUlhz/+UpIML7AgMBAAGjUjBQMB0GA1UdDgQWBBRBrIoDRtYyUwBpgmC7b3dNiux9sDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU2r/41fK/gVHhqwHKSe2soX/i5uUwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgGM8Z0GoqUGMb2KHFSZVHuFIhWInAak9kdwr/Xv5wSVU3kGkk9+Y6dUrBsBwCHEaudM0KpZ6PEdpVOE1hgI/8tk6QJCAI/PSbYYpef1UON+RSqz4HvYNuxDk3B39JhgdN0boK5ObNmoq/X3OP9EwMfC0vpLprmfCVRk9rUVlAmgdqq8cCrL-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 6,O=StrongKey",
"serialnumber": "2034271027",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkOgAwIBAgIEeUCDMzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDYxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNjUzWhcNMjQwOTI1MTkwNjUzWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA2MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLFEeyGzx1fZ0U49a4R0WhzinM1COYkcB8oV2ADFZPfS6t2pp7zrU5sNlvg9+vUxyfRHnPaICPWh5TFt6wZ1OpzXoXPXcxKP5aYbDyORWYvD5s/uQicZO+sXL7BKOAhF9QmRHVBoIoVeumHCcnIevVKBKz90jOAuA9VCGvz+mGecYp+zySpFMNSoNRVC9+LIykotrNUPhYaPVs5KN4B8XkoOuSnwSctgTYeERrsYHKeqJ16UQFcqPGZ6LE2UtrMzO0+7tZh8pazhJyPzM7A8RFSjfRKvcO/XaH8pBkhyM4NW4kmV06fNFOFmFnlk3vY9CNyYXDb6layPVw+Z9KLpfnAgMBAAGjUjBQMB0GA1UdDgQWBBSY4TJYCfOOnwS0A38jcLJsJL/wFTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU2r/41fK/gVHhqwHKSe2soX/i5uUwDAYIKoZIzj0EAwQFAAOBigAwgYYCQSLpFsubzNJ3tn1gQs+0hneodO6SkA2td9gxMhe3mLempgHLuzuQ6zXvMgIQmnNOIrg7/pNGpoQCL+a+o6HmTZ2+AkF0UoDAfl7fSRS6NSQc2NcPKCKJb2HDXNuITfJykXCMHxsdSyENiH6HOacdR6Hkdw2cKPJF1DP9kvr+db0FYqsLNw==-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.