A FIDO2 Server-certified solution, effortless
verification using biometrics, no more passwords.


What is FIDO?

An alliance of leading global technology companies who are committed to work together to replace passwords from the user authentication process.

The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair.

It retains the private key and registers the public key with the online service. ASLI LoginID utilizes two independent strong factors of authentication.

How does FIDO work?

Sample FIDO members are the leading technology companies in each tech layer:

Technology Industry Members

Together, they developed/released the FIDO protocol which allows any company to design authentication that works to use the user’s device to authenticate with any website or app.

Simple. Secure. No downloads or plugins required


One touch biometric login on your mobile apps or website

How does FIDO help to replace passwords?

Today’s broken process of authentication uses 2FA (username/password + OTP via SMS). FIDO’s version of 2FA (user’s device + user’s biometric) is strong, secure and convenient. Can also add OTP for multi-factor authentication.

ASLI Login ID allows you to easily use FIDO2 server certified biometric authentication-as-a-service on your website and app, through the implementation of API/sdk on your website/app.

FIDO2 certification allows for users to directly user FIDO-level biometric authentication right “out of the box”, without the need to download plug-ins, software or apps. ASLI Login ID is FIDO UAF and FIDO2 server certified.

SLIK Result in JSON

Something You Have
SLIK Result in JSON

Something You Are

2FA Strong Authentication

What makes it strong? Two independent factors of authentication


2 Factor Authentications & Higher Security Topology


Biometrics / Passwords Stored on Central Server


Private Keys & Biometrics Stored in the users’ hardware chip, never leaving the device

Public/private key authentication uses asymmetric cryptography, where an associated set of keys are created upon registration by the user. The user maintains possession of the private key while the public key is stored in the organization’s server.

Authentication occurs when:

1) the user’s device calls the website for a login challenge,
2) the website responds with a challenge containing the public key,
3) the device receives the challenge,
4) the device then requests the user’s biometric,
5) upon receiving the correct biometric the device answers the public key challenge (i.e. verifies the “fit” of the public key with the private key),
6) then the device sends the authenticated status of the user back to the server.

ASLI LoginID distributed private keys:




Revoke then re-issue public keys. If a single user device is hacked, will not impact other users.

ASLI Login ID stores the user’s biometric inside the hardware’s secure element such as Qualcomm’s Trusted Execution Environment (TEE) / secure enclave. The biometric NEVER LEAVES THE DEVICE at any point even during the authentication process.

Upon registration by the user, the biometric is stored inside the secure element, the private key is created and stored in the same secure element, while the corresponding public key is created and stored on the server side.

Existing non-FIDO solutions store the user biometric either in the device’s OS or centrally with the client’s server. While this method “may work and is convenient”, but it’s incredibly insecure and vulnerable to centralized honey pot attacks. If the user biometric is stored centrally, breaches may be catastrophic because biometrics (fingerprints/face/iris) cannot be reset.

Have all your questions answered by our experts & professionals

Want to find out how ASLI RI
can bring solutions to your business? Let's talk.