Product Documentation

A very secure policy:

  • Requires user verification: Biometrics, PIN, or Pattern
  • Requires restricted algorithm: ECDSA
  • Uses Android SafetyNet attestation

Please follow this link to learn more about the FIDO Policy definitions.

{
   "FidoPolicy": {
      "name": "RestrictedSKFSPolicy-Android-SafetyNet",
      "copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
      "version": "2.0",
      "startDate": "1695937015",
      "endDate": "1760103870871",
      "system": {
         "did": 4,
         "requireCounter": "mandatory",
         "integritySignatures": true,
         "userVerification": ["required"],
         "userPresenceTimeout": 30,
         "allowedAaguids": ["b93fd961-f2e6-462f-b122-82002247de78"],
         "transport": ["usb", "internal"]
      },
      "crossOrigin": {
         "enabled": false,
         "allowedOrigins": []
      },
      "algorithms": {
         "curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
         "rsa": ["none"],
         "signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
      },
      "attestation": {
         "conveyance": ["direct"],
         "formats": ["android-safetynet"]
      },
      "registration": {
         "displayName": "required",
         "attachment": ["platform"],
         "discoverableCredential": ["required"],
         "excludeCredentials": "enabled"
      },
      "authentication": {
         "allowCredentials": "enabled"
      },
      "authorization": {
         "maxdataLength": 256,
         "preserve": true
      },
      "rp": {
         "id": "strongkey.com",
         "name": "FIDOServer"
      },
      "extensions": {},
      "mds": {
         "authenticatorStatusReport": [{
            "status": "FIDO_CERTIFIED_L1",
            "priority": "1",
            "decision": "IGNORE"
         }, {
            "status": "FIDO_CERTIFIED_L2",
            "priority": "1",
            "decision": "ACCEPT"
         }, {
            "status": "UPDATE_AVAILABLE",
            "priority": "5",
            "decision": "IGNORE"
         }, {
            "status": "REVOKED",
            "priority": "10",
            "decision": "DENY"
         }]
      },
      "jwt": {
         "algorithms": ["ES256", "ES384", "ES521"],
         "duration": 30,
         "required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
      },
      "signcerts": {
         "rootca": {
            "subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 4,O=StrongKey",
            "serialnumber": "1903408431",
            "pemcert": "-----BEGIN CERTIFICATE-----MIICVTCCAbWgAwIBAgIEcXO1LzAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzA1WhcNMjQwOTI1MTg1NzA1WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBYMv6wHuMxx7dxHZ6E2MNrKI2lDH3//XJAtoI0aex0ZWmhkUxFLkV8cwFcNLhxLpBjKSqGdK6W8aQpSD6xsh+b7IBi8p7Vq6/TUghfhgaAyJFYd33KR7zfpu46I3VVqSKNpKIYjZBsdpB92MO7+ZnzqZnjuAxZLz1c1sUOTSBgbWeW9CjQjBAMB0GA1UdDgQWBBTmC8DH0wPv5hpOqk83Qch/mv+QZDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GLADCBhwJBYBPeZhWl60J4jD5+DwSvgYLIvEeLW61RoOoUus8/YiM+2ZW5ksOjZ7zGDxv1x+SXlagsqAcedKVSvSjrmzZphGwCQgEDaLUK9CIE7tLzzMwLDUetEP4Qx2/2A16Fmz+NimD+CtY5l+QYjim/WKYcGBBQgGnkWj4jOEImMfI/Y626wskfbQ==-----END CERTIFICATE-----",
            "jwtcerts": {
               "default": [{
                  "subjectdn": "CN=SKFS JWT Signer 1,OU=DID 4,O=StrongKey",
                  "serialnumber": "520033527",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEHv8U9zAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzE3WhcNMjQwOTI1MTg1NzE3WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMQbTiXomTFAKatu9PHe/tHHvJL+vERUZIOUQvHFIrQ5MDeke4bHz4+ykEtsJnAvcDD1NfRT+hiPgVccWVRF3oSjQjBAMB0GA1UdDgQWBBQJhbRu2fNQ4OakQ+/CsDtikMsIozAfBgNVHSMEGDAWgBTmC8DH0wPv5hpOqk83Qch/mv+QZDAMBggqhkjOPQQDBAUAA4GMADCBiAJCAby5myeFbVRMnU7aEXxvHsHUXU4RkoXmsjFGDdXYC71Faz8/VpFKl+8WSWT9cEeoq0Sd4QqVPPrRF8PLucQB7kwVAkIBdIMpL8fEa67VA28ZsYdKiF5WCML/0TX69pBaGgNTn9EOdBeyY+bim/fZSMsLEw2uGdl22CUF0MwFJMwXYnT4RFo=-----END CERTIFICATE-----"
               }, {
                  "subjectdn": "CN=SKFS JWT Signer 2,OU=DID 4,O=StrongKey",
                  "serialnumber": "1861869988",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIEbvnhpDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzMzWhcNMjQwOTI1MTg1NzMzWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP4eul8YIFk4M926fShj9Ms8PrY0pTjQrZrcyld8QMoL4HWfBGYU46l6udwLqBS4EkWV61JoRx9ckB0J/m3/UKCjQjBAMB0GA1UdDgQWBBRXvUkGZzGlkUj1/kexZGSHNiqH9zAfBgNVHSMEGDAWgBTmC8DH0wPv5hpOqk83Qch/mv+QZDAMBggqhkjOPQQDBAUAA4GMADCBiAJCANEElehFbnp5DANe2dPTRZM7/xJwm4jJZgVMAxRUhvtDtr7OWUVKH286lDRy30i8qnd7sgEO3oUgzHGtMgUT31PkAkIB6bB8MpoOK8hYP0NS1OU33dxdiS5zeOUDxE8zmM7wMkjQ6AfIlWhNBbWLaSTeIFqBdm0Q01e2A495QZZcSSI7yOA=-----END CERTIFICATE-----"
               }, {
                  "subjectdn": "CN=SKFS JWT Signer 3,OU=DID 4,O=StrongKey",
                  "serialnumber": "1346154862",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEUDyxbjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NzQ5WhcNMjQwOTI1MTg1NzQ5WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF/KaBeuMEokXVAqJT8onffaohNwLEHY7Kol/gCIOJQhrrlHXuTwhrgI6n1aLCD5mDCJCRLI6slBnMdaXncW8eajQjBAMB0GA1UdDgQWBBTrNktmp0/9V7u+gDvXixZSmKk7LzAfBgNVHSMEGDAWgBTmC8DH0wPv5hpOqk83Qch/mv+QZDAMBggqhkjOPQQDBAUAA4GLADCBhwJCAcS7ZOvHVhYDvm1E9t3xDfILUiMLcp5VAQMjWcSWgo2Ofp6Cpn1cl5wIBsr/NE15j33DBtDCbQtqgbD7Y83gKNi5AkExHYhD8L+V91jzPy//Gppf4nHndFujzVEifVSHQkjGtRI+uVgOMPy85655pEoQ0UR6pidB6KnE46wi76TBJDDMzw==-----END CERTIFICATE-----"
               }]
            },
            "samlcerts": {
               "default": [{
                  "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 4,O=StrongKey",
                  "serialnumber": "1657889361",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEYtFiUTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTA2WhcNMjQwOTI1MTkwNTA2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsivCqX7rc4kFa53HWHptN01PyFygOz6P3uPOKxzq7ZIax4SecpvBiGWQ/OXLaw+u3lvDNdhC+XkB8zdSbjd7XU6SgAGEzzyxtr7XH0xv6h7OCVscvzsXcTIdnbyVvY/2UHnvqOp0X3Saj04JEZj3rZrltbHl3QOq9+wLClGufnBpnEKLbzgrz/JKS5o0A6T8rrG5pM/f0EH/fudx8d0vevbHBbZ0XsE9Q7OcXsLbseHVwmQqfCZTW3d55tOM54gLJD1KQ7Fyl2mhmM2LlsFa4HbGuCZE/byXga4bEtbJUTfSpgJhOcValIiMKZNSd2GdWf6DuvXyeExCoh4Nhf/UHAgMBAAGjUjBQMB0GA1UdDgQWBBRF8QKXOMaOcIXO5bIjzLdQkbT5/zAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgC0/3llomWy2uxI/Ce3Eoy6VIsIVghBGU+TIQyRT4yKFYZo9fWigyZy/Wsxh0FrQA88jvSFbMoU+5+1R34VzP4ThgJCAKlkK17HMrZqZBJX0S+hJHkMLmgZu3WY7iT6yzGJOHOpvdfF+8vjB72aJc35mKCcNbicQgBbc3kOvokvDiU3Brq+-----END CERTIFICATE-----"
               }, {
                  "subjectdn": "CN=SKFS SAML Signer 2,OU=DID 4,O=StrongKey",
                  "serialnumber": "1803990656",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIEa4a2gDAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTIyWhcNMjQwOTI1MTkwNTIyWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCty5TlsnBXfgpoI1bmOGZzz/sdvKnKYqoAJ1xDGnLa9/T/LLU2J21pNPwMM/rF+cZXu719Avbh6I8R1muDkzD91YObUSmGeXo2HWab7d+cP1y0Pzid/437TcGR+ui5KqLqhof7eoGvADRi9IDAXK2g+fKgtX6pvsdPISMU8zPxvAB+/zAS1N4f2vDJT2ulz8Cf2AqY30oSqRLncR4NSgYQmNFS2VhqgqToASMF6hQS3JM/1uZOj8XNyLxtZpvoWsmoasgeMEMjQLV9HN3jWy+KFKCXqTh+K95pgTgqdtBkh2q/tn3ZXd/nItxROSSruLfyDB+UotVPNCwhUCdfSge9AgMBAAGjUjBQMB0GA1UdDgQWBBSQRs1kGzm7ZKt0aNarPcNESLw0GDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQUzgpPPf0Ema3VYmIURg4kJMhrr8mJCm4CC0y/c8awTozY3CuRlT9DmEkbZTEPyMHKrRpukavaVoBDnikl2cEdyWAkIBWKl+rIUh2zvBao+a6lupcoxHg7IlXQU8N7Mo8bjtb2uSCXmh0AdQbOc3L30+fptVe31x6CyMABTPDYwDoHiziyA=-----END CERTIFICATE-----"
               }, {
                  "subjectdn": "CN=SKFS SAML Signer 3,OU=DID 4,O=StrongKey",
                  "serialnumber": "1003832862",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkOgAwIBAgIEO9VGHjAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTM5WhcNMjQwOTI1MTkwNTM5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT5Y4m7pxQI9ufsHSd2zM9naPCEud7Xzv2wOzHiPWoptBx1wP9PTkq7JVyaEjWusd7ImBZzxavjzpDAIBvjWZOB5hRaareArRHIub9IThG1kW1UWBoE+MBVBjJ1i2zyp7ap6/jHcXjWV0lE5jDKgQOTsiQZrv8R5o5J+xc3TEwKLGeysma4TRZVgHKFLY3U63j64b04Sc2OdVoI6jp3GFYMvTFx5Bs7hVsVJoFHkylzp1Rb33sI9Qb7XcXuH38om4UoJemSDwRbc8Nrrz5rjBvohPWptg2kYDxsVBEeF3i9Db8hN5Z4HP/iP9l7zsJI1USIIoROgQ+eAnBAzKLeO4NAgMBAAGjUjBQMB0GA1UdDgQWBBQIB5/624pS9f8+T45rSnMv3UKARjAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBigAwgYYCQgHP8lxuV68K43VYePmt2+AUPoDdjX6fV9SbMFPMUvBf+k1sjzE2V18sR0wKw4QvFf94D3StlTrA29Yg7dYbG2LYjQJAXIaSa94bxzWdmZByqcoSc7dSC5gQd9Qy7AamfKAOZPm/DssIGRh9t5QB7BnZJr/7MhLl5VADVBl7b/LVl5uN9g==-----END CERTIFICATE-----"
               }],
               "citrixidp": {
                  "subjectdn": "CN=SKFS SAML Signer 1,OU=DID 4,O=StrongKey",
                  "serialnumber": "1657889361",
                  "pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEYtFiUTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDQxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwNTA2WhcNMjQwOTI1MTkwNTA2WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCA0MRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsivCqX7rc4kFa53HWHptN01PyFygOz6P3uPOKxzq7ZIax4SecpvBiGWQ/OXLaw+u3lvDNdhC+XkB8zdSbjd7XU6SgAGEzzyxtr7XH0xv6h7OCVscvzsXcTIdnbyVvY/2UHnvqOp0X3Saj04JEZj3rZrltbHl3QOq9+wLClGufnBpnEKLbzgrz/JKS5o0A6T8rrG5pM/f0EH/fudx8d0vevbHBbZ0XsE9Q7OcXsLbseHVwmQqfCZTW3d55tOM54gLJD1KQ7Fyl2mhmM2LlsFa4HbGuCZE/byXga4bEtbJUTfSpgJhOcValIiMKZNSd2GdWf6DuvXyeExCoh4Nhf/UHAgMBAAGjUjBQMB0GA1UdDgQWBBRF8QKXOMaOcIXO5bIjzLdQkbT5/zAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAU5gvAx9MD7+YaTqpPN0HIf5r/kGQwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgC0/3llomWy2uxI/Ce3Eoy6VIsIVghBGU+TIQyRT4yKFYZo9fWigyZy/Wsxh0FrQA88jvSFbMoU+5+1R34VzP4ThgJCAKlkK17HMrZqZBJX0S+hJHkMLmgZu3WY7iT6yzGJOHOpvdfF+8vjB72aJc35mKCcNbicQgBbc3kOvokvDiU3Brq+-----END CERTIFICATE-----"
               }
            }
         }
      }
   }
}

 

To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.