Package com.yubico.fido.metadata

Enum Class AuthenticatorStatus

java.lang.Object

java.lang.Enum<AuthenticatorStatus>

com.yubico.fido.metadata.AuthenticatorStatus

All Implemented Interfaces:

Serializable, Comparable<AuthenticatorStatus>, Constable

public enum AuthenticatorStatus
extends Enum<AuthenticatorStatus>

This enumeration describes the status of an authenticator model as identified by its AAID/AAGUID or attestationCertificateKeyIdentifiers and potentially some additional information (such as a specific attestation key).

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum

Enum.EnumDesc<E extends Enum<E>>

Enum Constant Summary

Enum Constants

Enum Constant	Description
ATTESTATION_KEY_COMPROMISE	Indicates that an attestation key for this authenticator is known to be compromised.
FIDO_CERTIFIED	This authenticator has passed FIDO functional certification.
FIDO_CERTIFIED_L1	The authenticator has passed FIDO Authenticator certification at level 1.
FIDO_CERTIFIED_L1plus	The authenticator has passed FIDO Authenticator certification at level 1+.
FIDO_CERTIFIED_L2	The authenticator has passed FIDO Authenticator certification at level 2.
FIDO_CERTIFIED_L2plus	The authenticator has passed FIDO Authenticator certification at level 2+.
FIDO_CERTIFIED_L3	The authenticator has passed FIDO Authenticator certification at level 3.
FIDO_CERTIFIED_L3plus	The authenticator has passed FIDO Authenticator certification at level 3+.
NOT_FIDO_CERTIFIED	This authenticator is not FIDO certified.
REVOKED	The FIDO Alliance has determined that this authenticator should not be trusted for any reason.
SELF_ASSERTION_SUBMITTED	The authenticator vendor has completed and submitted the self-certification checklist to the FIDO Alliance.
UNKNOWN	(NOT DEFINED IN SPEC) Placeholder for any unknown AuthenticatorStatus value.
UPDATE_AVAILABLE	A software or firmware update is available for the device.
USER_KEY_PHYSICAL_COMPROMISE	This authenticator has known weaknesses in its key protection mechanism(s) that allow user keys to be extracted by an adversary in physical possession of the device.
USER_KEY_REMOTE_COMPROMISE	This authenticator has identified weaknesses that allow registered keys to be compromised and should not be trusted.
USER_VERIFICATION_BYPASS	Indicates that malware is able to bypass the user verification.

Method Summary

Modifier and Type	Method	Description
static AuthenticatorStatus	valueOf(String name)	Returns the enum constant of this class with the specified name.
static AuthenticatorStatus[]	values()	Returns an array containing the constants of this enum class, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Details

UNKNOWN

public static final AuthenticatorStatus UNKNOWN

(NOT DEFINED IN SPEC) Placeholder for any unknown AuthenticatorStatus value.

NOT_FIDO_CERTIFIED

public static final AuthenticatorStatus NOT_FIDO_CERTIFIED

This authenticator is not FIDO certified.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED

public static final AuthenticatorStatus FIDO_CERTIFIED

This authenticator has passed FIDO functional certification. This certification scheme is phased out and will be replaced by FIDO_CERTIFIED_L1.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

USER_VERIFICATION_BYPASS

public static final AuthenticatorStatus USER_VERIFICATION_BYPASS

Indicates that malware is able to bypass the user verification. This means that the authenticator could be used without the user’s consent and potentially even without the user’s knowledge.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

ATTESTATION_KEY_COMPROMISE

public static final AuthenticatorStatus ATTESTATION_KEY_COMPROMISE

Indicates that an attestation key for this authenticator is known to be compromised. The relying party SHOULD check the certificate field and use it to identify the compromised authenticator batch. If the certificate field is not set, the relying party should reject all new registrations of the compromised authenticator. The Authenticator manufacturer should set the date to the date when compromise has occurred.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

USER_KEY_REMOTE_COMPROMISE

public static final AuthenticatorStatus USER_KEY_REMOTE_COMPROMISE

This authenticator has identified weaknesses that allow registered keys to be compromised and should not be trusted. This would include both, e.g. weak entropy that causes predictable keys to be generated or side channels that allow keys or signatures to be forged, guessed or extracted.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

USER_KEY_PHYSICAL_COMPROMISE

public static final AuthenticatorStatus USER_KEY_PHYSICAL_COMPROMISE

This authenticator has known weaknesses in its key protection mechanism(s) that allow user keys to be extracted by an adversary in physical possession of the device.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

UPDATE_AVAILABLE

public static final AuthenticatorStatus UPDATE_AVAILABLE

A software or firmware update is available for the device. The Authenticator manufacturer should set the url to the URL where users can obtain an update and the date the update was published. When this status code is used, then the field authenticatorVersion in the authenticator Metadata Statement [FIDOMetadataStatement] MUST be updated, if the update fixes severe security issues, e.g. the ones reported by preceding StatusReport entries with status code USER_VERIFICATION_BYPASS, ATTESTATION_KEY_COMPROMISE, USER_KEY_REMOTE_COMPROMISE, USER_KEY_PHYSICAL_COMPROMISE, REVOKED. The Relying party MUST reject the Metadata Statement if the authenticatorVersion has not increased

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

REVOKED

public static final AuthenticatorStatus REVOKED

The FIDO Alliance has determined that this authenticator should not be trusted for any reason. For example if it is known to be a fraudulent product or contain a deliberate backdoor. Relying parties SHOULD reject any future registration of this authenticator model.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

SELF_ASSERTION_SUBMITTED

public static final AuthenticatorStatus SELF_ASSERTION_SUBMITTED

The authenticator vendor has completed and submitted the self-certification checklist to the FIDO Alliance. If this completed checklist is publicly available, the URL will be specified in url.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED_L1

public static final AuthenticatorStatus FIDO_CERTIFIED_L1

The authenticator has passed FIDO Authenticator certification at level 1. This level is the more strict successor of FIDO_CERTIFIED.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED_L1plus

public static final AuthenticatorStatus FIDO_CERTIFIED_L1plus

The authenticator has passed FIDO Authenticator certification at level 1+. This level is the more than level 1.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED_L2

public static final AuthenticatorStatus FIDO_CERTIFIED_L2

The authenticator has passed FIDO Authenticator certification at level 2. This level is more strict than level 1+.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED_L2plus

public static final AuthenticatorStatus FIDO_CERTIFIED_L2plus

The authenticator has passed FIDO Authenticator certification at level 2+. This level is more strict than level 2.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED_L3

public static final AuthenticatorStatus FIDO_CERTIFIED_L3

The authenticator has passed FIDO Authenticator certification at level 3. This level is more strict than level 2+.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

FIDO_CERTIFIED_L3plus

public static final AuthenticatorStatus FIDO_CERTIFIED_L3plus

The authenticator has passed FIDO Authenticator certification at level 3+. This level is more strict than level 3.

See Also:

• FIDO Metadata Service §3.1.4. AuthenticatorStatus enum

Method Details

values

public static AuthenticatorStatus[] values()

Returns an array containing the constants of this enum class, in the order they are declared.

Returns:

an array containing the constants of this enum class, in the order they are declared

valueOf

public static AuthenticatorStatus valueOf(String name)

Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum class has no constant with the specified name

NullPointerException - if the argument is null