This submission requests the assignment of a Usage Page ID for FIDO USB HID devices.

Similar documents
This proposal is to extend the Generic Devices, Telephony, Consumer and Alphanumeric Display pages to support Dual-Mode Telephone devices.

Open Arcade Architecture Device Data Format Specification

Learning USB by Doing.

Supporting ZDOs with the XBee API

Getting started with DfuSe USB device firmware upgrade STMicroelectronics extension

Bluetooth HID Profile

WIZnet S2E (Serial-to-Ethernet) Device s Configuration Tool Programming Guide

AN295 USB AUDIO CLASS TUTORIAL. 1. Introduction. 2. USB, Isochronous Transfers, and the Audio Class Overview USB Operational Overview

Yubico YubiHSM Monitor

MODBUS APPLICATION PROTOCOL SPECIFICATION V1.1b3 CONTENTS

RS-485 Protocol Manual

Caml Virtual Machine File & data formats Document version: 1.4

MODBUS APPLICATION PROTOCOL SPECIFICATION V1.1b CONTENTS

Nemo 96HD/HD+ MODBUS

IP - The Internet Protocol

CTNET Field Protocol Specification November 19, 1997 DRAFT

Communications Protocol for Akai APC40 Controller

S4000TH HART. HART Communication Manual

Data sheet Wireless UART firmware version 4.02

An Analysis of Wireless Device Implementations on Universal Serial Bus

ACS-3 Reporting Security Compliance

USB - FPGA MODULE (PRELIMINARY)

Standard of the Camera & Imaging Products Association. White Paper. of CIPA DC Picture Transfer Protocol over TCP/IP networks

Verifying Detection of Asset Tags in WLAN Controllers

i.mx USB loader A white paper by Tristan Lelong

Table 1 below is a complete list of MPTH commands with descriptions. Table 1 : MPTH Commands. Command Name Code Setting Value Description

Configuration Variables For Digital Command Control, All Scales

SRF08 Ultra sonic range finder Technical Specification

The easy way! Mark Maszak. Jane Lawrence Program Manager Microsoft. Microsoft

Hagenberg Linz Steyr Wels. API Application Programming Interface

Design Considerations for USB Mass Storage

ACR122 NFC Contactless Smart Card Reader

Data Networks Project 2: Design Document for Intra-Domain Routing Protocols

TCG. TCG Storage Application Note: Encrypting Storage Devices Compliant with Enterprise SSC. Specification Version 1.00 Final Revision 1.

HOST Embedded System. SLAVE EasyMDB interface. Reference Manual EasyMDB RS232-TTL. 1 Introduction

High Availability Option for Windows Clusters Detailed Design Specification

Application Note. Introduction AN2471/D 3/2003. PC Master Software Communication Protocol Specification

OVERVIEW Playbacks: Shortcuts: Memories: Data Entry Wheels: Touchpad: Master and Blackout:

Quectel Cellular Engine

Draft Middleware Specification. Version X.X MM/DD/YYYY

Universal Serial Bus (USB)

An Introduction to the ARM 7 Architecture

ACHILLES CERTIFICATION. SIS Module SLS 1508

EtherNet/IP Modbus XPort, NET232, and NET485

USB Card Reader Configuration Utility. User Manual. Draft!

Smart Card Application Standard Draft

Application Note 195. ARM11 performance monitor unit. Document number: ARM DAI 195B Issued: 15th February, 2008 Copyright ARM Limited 2007

Institution Workspace

Windows 7 Security Event Log Format

Network Time Security

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev October Document information

Robe Universal Interface API

BLUETOOTH SERIAL PORT PROFILE. iwrap APPLICATION NOTE

[MS-RDPESC]: Remote Desktop Protocol: Smart Card Virtual Channel Extension

eztcp Technical Document Modbus/TCP of eztcp Caution: Specifications of this document may be changed without prior notice for improvement.

WASP User Manual. Revision: 1.6. (c) 2012 North Pole Engineering, Inc.

USER GUIDE EDBG. Description

Best Practices for Role Based Video Streams (RBVS) in SIP. IMTC SIP Parity Group. Version 33. July 13, 2011

Enabling a Universal Stylus

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Microsoft Networks/OpenNET FILE SHARING PROTOCOL. INTEL Part Number Document Version 2.0. November 7, 1988

Best Practices for SIP Security

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Data Acquisition Module with I2C interface «I2C-FLEXEL» User s Guide

WAN Data Link Protocols

SATA SSD Series. InnoDisk. Customer. Approver. Approver. Customer: Customer. InnoDisk. Part Number: InnoDisk. Model Name: Date:

Requirements for an EMVCo Common Contactless Application (CCA)

ETHERNET/IP PROGRAMMER'S GUIDE

Intel Server Board S3420GPV

User Manual. AS-Interface Programmer

ALERT NOTIFICATION SERVICE

Privacy and Security in library RFID Issues, Practices and Architecture

ROC Protocol Specifications Manual

Addendum. Additional materials of interest to Stellaris users

Part K:11 OBJECT PUSH PROFILE

Measurement and Analysis Introduction of ISO7816 (Smart Card)

Do More With Less. On Driver-less Interfacing with Embedded Devices. Peter Korsgaard

System Area Manager. Remote Management

Appendix C: Keyboard Scan Codes

Internet Mail Client Control Library SSL Supplement

Network QoS Policies. In This Section XRS Quality of Service Guide Page 79

Troubleshooting Second B channel Call Failures on ISDN B

TECHNICAL REPORT. DSL Forum TR-034. Alternative OAM Communications Channel Across the U interface. May 2000

Introducing the Adafruit Bluefruit LE Sniffer

MUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards

Advanced Access Content System (AACS)

AKD EtherNet/IP Communication

GDC Data Transfer Tool User s Guide. NCI Genomic Data Commons (GDC)

Traditional IBM Mainframe Operating Principles

RapidIO Network Management and Diagnostics

Exercise 1: Set up the Environment

Embedded Multi-Media Card Specification (e MMC 4.5)

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

DNP Points List and Implementation

Network Security Part II: Standards

Interagency Advisory Board Meeting Agenda, Wednesday, February 22, 2012

PROXKey Tool User Manual

User s Guide for Polycom CX7000 Systems

MBP_MSTR: Modbus Plus Master 12

Local Interconnect Network Training. Local Interconnect Network Training. Overview

Transcription:

#: HUTRR48 Title: Fast IDentify Online Alliance Spec Release: 1.12 Received: 7 Aug 2014 er: Kevin Lynch Company: Synaptics, Inc. Phone: 610 393 3437 FAX: na email: kjlynch1@gmail.com CurrentStatus: Approved Priority: Normal Submitted: 21 Aug 2014 Voting Starts: 5 Sep 2014 Voting Ends: 12 Sep 2014 Required Voter: Nathan Sherman, Microsoft (Chair) Required Voter: Mark Lavelle, Logitech Required Voter: Steve McGowan, Intel Summary: The Fast IDentify Online (FIDO) Alliance has defined specifications for the use of Authenticators (aka tokens) used to authenticate the users identity for secure online transactions. FIDO Authenticators may be embedded in devices or be attached to a device by a end user. The specification of a USB HID Usage specifically for FIDO USB tokens is underway and shall be published at http://fidoalliance.org/. This submission requests the assignment of a Usage Page ID for FIDO USB HID devices. Background: The FIDO U2F Technology Working Group has defined a USB HID Usage to provide the FIDO Protocol transport mechanism between a system and a USB HID U2F Authenticator device. This specification is currently at Working Draft status and will serve to define the initial FIDO U2F protocol tokens. Proposal: 1) Assign a new Usage Page ID to Table 1 section 3 to identify USB HID devices that provide FIDO Authenticator functionality. The FIDO Alliance respectfully requests the assignment of a Usage Page ID currently in the RESERVED range, specifically Page ID = 0xF1D0. Page 1

Usage Page Title: Usage Page ID: Usage Description: authenticators Fast IDentity Online Alliance 0xF1D0 FIDO Alliance definitions for USB attached identify 2) Add a new section, e.g. section 20 and a new table, e.g. Table 25 to describe the FIDO Usage Page: Section 20 FIDO Alliance (0xF1D0) The FIDO (Fast IDentify Online) Alliance page provides usage definitions for devices that include Authentication features compliant with FIDO Alliance standards. The specification will be available on the FIDO Alliance website www.fidoalliance.org. Table 25 FIDO Alliance Page Usage ID Usage Name Usage Type 00 Undefined 01 U2F Authenticator Device CA 02 1F Reserved 20 Input Report Data DV 21 Output Report Data DV 22 FFFF Reserved Section 20.1 Application Usages U2F Authenticator Device: CA A device that provides 2nd factor authentication using the FIDO U2FHID protocol. Input Data Report: DV Device response data compliant with U2FHID Protocol specification. Output Data Report: DV Device request data compliant with U2FHID Protocol specification. char ReportDescriptor[34] = { 0x06, 0xd0, 0xf1, // USAGE_PAGE (FIDO Alliance) Page 2

0x09, 0x01, // USAGE (U2F HID Authenticator Device) 0xa1, 0x01, // COLLECTION (Application) 0x09, 0x20, // USAGE (Input Report Data) 0x15, 0x00, // LOGICAL_MINIMUM (0) 0x26, 0xff, 0x00, // LOGICAL_MAXIMUM (255) 0x75, 0x08, // REPORT_SIZE (8) 0x95, 0x40, // REPORT_COUNT (64) 0x81, 0x02, // INPUT (Data,Var,Abs) 0x09, 0x21, // USAGE (Output Report Data) 0x15, 0x00, // LOGICAL_MINIMUM (0) 0x26, 0xff, 0x00, // LOGICAL_MAXIMUM (255) 0x75, 0x08, // REPORT_SIZE (8) 0x95, 0x40, // REPORT_COUNT (64) 0x91, 0x02, // OUTPUT (Data,Var,Abs) 0xc0 // END_COLLECTION }; A U2FHID device implements two endpoints (except the control endpoint 0), one for IN and one for OUT transfers. The packet size is vendor defined, but the above reference implementation assumes a full speed device with two 64 bytes endpoints. A transaction always consists of three stages: 1. A message is sent from the host to the device 2. The device processes the message 3. A response is sent back from the device to the host The protocol is built on the assumption that a plurality of concurrent applications may try ad hoc to perform transactions at any time, with each transaction being atomic, i.e. it cannot be interrupted by another application once started. U2F HID Protocol Specification (Working Draft) U2FHID commands The U2FHID protocol implements the following commands. These commands are not related to U2F messages, which are encapsulated and sent using the U2FHID_MSG command. Mandatory commands The following list describes the minimum set of commands required by an U2FHID device. Optional and vendor specific commands may be implemented as described in respective sections of this document. Page 3

U2FHID_MSG This command sends an encapsulated U2F message to the device. The semantics of the data message is defined in the U2F protocol specification. BCNT U2FHID_MSG 4..n n bytes BCNT U2FHID_MSG 2..n n bytes U2FHID_INIT This command requests the device to allocate a unique 32 bit channel identifier (CID) that can be used by the requesting application during its lifetime. The requesting application generates a 16 byte nonce and uses the broadcast channel ID. When the response is received, the application compares the sent nonce with the received one. After a positive match, the application stores the received channel id and uses that for subsequent transactions. The requesting application should use the broadcast channel U2FHID_BROADCAST_CID when sending a channel allocation command. U2FHID_INIT BCNT 16 16 byte nonce U2FHID_INIT BCNT 24 (note **) 16 byte nonce +16 4 byte channel ID +20 U2FHID protocol version number +21 Major device version number +22 Minor device version number +23 Build device version number +24 Capabilities, high part bits 15..8 +25 Capabilities, kow part, bits 7..0 Page 4

The protocol version identifies the protocol version implemented by the device. (**) An U2FHID host shall accept a response size that is longer than the anticipated size to allow for future extensions of the protocol, yet maintaining backwards compatibility. Future versions will maintain the response structure to this current version, but additional fields may be added. The meaning and interpretation of the version number is vendor defined. The following device capabilities flags are defined. Unused values are reserved for future use and must be set to zero by device vendors. CAPABILITY FLAGS CAPABILITY_WINK Device implements the WINK function U2FHID_PING Sends a transaction to the device, which immediately echoes the same data back. This command is defined to be an uniform function for debugging, latency and performance measurements. BCNT U2FHID_PING 0..n n bytes BCNT U2FHID_PING n n bytes U2FHID_ERROR This is command code is used in response messages only. Response at error U2FHID_ERROR BCNT 1 Error code The following error codes are defined ERR_INVALID_ The command in the request is invalid ERR_INVALID_PAR The parameter(s) in the request is invalid ERR_INVALID_LEN The length field (BCNT) is invalid for the request Page 5

ERR_INVALID_SEQ ERR_MSG_TIMEOUT ERR_CHANNEL_BUSY HUTRR48.txt The sequence does not match expected value The message has timed out The device is busy for the requesting channel Optional commands The following commands are defined by this specification but are optional and does not have to be implemented. U2FHID_WINK The wink command performs a vendor defined action that provides some visual or audible identification a particular U2F device. A typical implementation will do a short burst of flashes with a LED or something similar. This is useful when more than one device is attached to a computer and there is confusion which device is paired with which connection. U2FHID_WINK BCNT 0 n/a U2FHID_WINK BCNT 0 n/a U2FHID_LOCK The lock command places an exclusive lock for one channel to communicate with the device. As long as the lock is active, any other channel trying to send a message will fail. In order to prevent a stalling or crashing application to lock the device indefinitely, a lock time up to 10 seconds may be set. An application requiring a longer lock has to send repeating lock commands to maintain the lock. U2FHID_LOCK BCNT 1 Lock time in seconds 0..10. A value of 0 immediately releases the lock U2FHID_LOCK BCNT 0 Page 6

n/a HUTRR48.txt Vendor specific commands A U2FHID may implement additional vendor specific commands that are not defined in this specification, yet being U2FHID compliant. Such commands, if implemented must have a command in the range between U2FHID_VENDOR_FIRST and U2FHID_VENDOR_LAST Response: <Completed by reviewers> Notes on Approval Procedure: HID WG On Line Voting Procedures 1. Votes are on a per company basis. 2. Each Review shall have attached a Required Voter List that is the result of recruiting by the HID Chair and submitter of members of the USB IF. Required Voter List must include the HID Chair plus 2 companies (other than the submitter) plus any others designated by the HID Chair at the Chair's discretion. The Required Voter List ensures that a quorum is available to approve the. 3. Impose a 7 calendar day posting time limit for new Review s. HID Chair or designate must post the RR within 7 calendar days. HID Chair or designate must work with the submitter to make sure the request is valid prior to posting. Valid review request must include all fields marked as required in the template. A new template will be adopted that requires at least the following fields: Change Text, Required Voter List, Review Period End Date and Voting End Date, Submittal Date, Submitter, Review Title and RR Number. 4. If a RR approval process stalls, the HID Chair may call a face to face meeting or conference call to decide the issue. Submitter may request that this take place. Page 7

5. Impose a minimum 15 calendar day review period on a posted RR prior to the voting period. At HID Chair discretion, changes to the RR may require this review period to restart. 6. The Chair will accept votes via documentable means such as mail or e mail during the 7 calendar days after the close of the review period. If a Required Voter does not vote during the period, then there is no quorum and the Chair may pursue the absent required voter and extend the voting period. The Chair may designate a substitute for the absent voter and extend the voting period if necessary. Page 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information