Trusted AccessID là gì?

Trusted AccessID là nền tảng của Mobile-ID điều phối xác thực FIDO2, kiểm tra thiết bị, đánh giá rủi ro, ràng buộc giao dịch và lưu bằng chứng kiểm toán trong một hành trình thống nhất, thay cho việc chỉ thay thế mật khẩu hoặc OTP đơn lẻ.

Doanh nghiệp cần gì để bắt đầu triển khai Trusted AccessID?

Tổ chức cần xác định một luồng rủi ro cao để thử nghiệm trước, như đăng nhập ngân hàng số hoặc đổi thiết bị, sau đó tích hợp Trusted Key FIDO2 Authenticator trên ứng dụng di động với máy chủ FIDO2/WebAuthn hiện có hoặc của Mobile-ID.

Trusted AccessID khác gì so với xác thực OTP hoặc mật khẩu truyền thống?

Khác với OTP hay mật khẩu dễ bị lừa đảo, Trusted AccessID dùng FIDO2 kết hợp thiết bị tin cậy, sinh trắc học và đánh giá rủi ro theo ngữ cảnh, đồng thời ràng buộc xác thực với nội dung giao dịch cụ thể và lưu bằng chứng phục vụ kiểm toán.

Trusted AccessID phù hợp với ngành nào?

Giải pháp phù hợp với ngân hàng, chứng khoán, ví điện tử, fintech cần bảo vệ giao dịch giá trị cao, cũng như doanh nghiệp cần xác thực không mật khẩu cho IAM/SSO, truy cập từ xa và tài khoản đặc quyền.

Trusted Key FIDO2 Authenticator đạt chứng nhận theo tiêu chuẩn nào?

Trusted Key FIDO2 Authenticator for Android SDK được chứng nhận theo chương trình FIDO User Authentication, sử dụng giao thức FIDO2 CTAP v2.1 PS, với số chứng chỉ FA001202600008 cấp ngày 17/06/2026.

FIDO2 Certification Announcement

Mobile-ID Is FIDO2 Certified for Trusted Key Authenticator

Trusted Key FIDO2® Authenticator for Android SDK has officially achieved FIDO2 certification, laying the groundwork to roll out Trusted AccessID from passwordless login to transaction authentication backed by audit evidence.

For financial institutions, the value isn’t just about replacing passwords or OTP. The bigger value is authenticating the right user, on the right device, in the right context, for the right transaction content — reducing fraud, improving experience, and strengthening compliance.

Reduced OTP dependencyLimits risk from passwords, SMS OTP, and other phishing-prone mechanisms.

Account takeover protectionCombines FIDO2, trusted devices, biometrics, and risk assessment.

Transaction bindingTies authentication to amount, recipient, device, and approval time.

Audit-readyLogs and evidence support reconciliation, compliance, and dispute handling.

Certificate numberFA001202600008

Issue date06/17/2026

Implementation classFIDO2

Authenticator levelL1

Key takeaways

Mobile-ID’s Trusted Key FIDO2® Authenticator for Android SDK has just been certified under the FIDO User Authentication program, using the FIDO2 CTAP v2.1 PS protocol.
This certification underpins the rollout of Trusted AccessID — a platform that orchestrates authentication, devices, risk, transactions, and audit evidence.
Financial institutions and enterprises can start with one high-risk flow, such as device change or high-value transfers, then expand from there.
A 4–6 week PoC model measures impact with concrete metrics before broader rollout across IAM/SSO, digital banking, and other digital channels.

Who is this article for?

For teams looking to upgrade digital authentication while preserving user experience, risk control, and audit readiness.

Financial services

Banks, securities firms, e-wallets, fintech

Prioritize high-risk flows such as digital banking login, device change, adding a beneficiary, high-value transfers, and transaction reconciliation.

Enterprise

CIOs, CISOs, solution architects, compliance teams

Fits passwordless login, privileged account protection, remote access, IAM/SSO systems, ERP, CRM, and internal approvals.

Certification highlights

Certification increases the trust level when putting the authenticator into production for banks, financial institutions, and enterprises.

ProductTrusted Key FIDO2® Authenticator for Android SDK

Legal entityMobile-ID Technologies and Services Joint Stock Company

Certificate numberFA001202600008

Issue date06/17/2026

ProgramFIDO User Authentication

Certification typeFull certification

ProtocolFIDO2 CTAP v2.1 PS

Security profileEnd user

Publishing recommendation: link to the official FIDO2 certification record for certificate number FA001202600008 to support information security, compliance, and procurement teams during due diligence. Verify certification

Business value: from authentication to transaction assurance

Trusted AccessID is positioned as an assurance layer for the digital journey, not just a login feature.

Lower OTP cost and risk

Reduces dependency on SMS OTP and passwords, limiting the weaknesses commonly exploited in phishing, spoofing, and account takeover.

Higher completion rate for legitimate users

Legitimate users can authenticate faster with Passkey/FIDO2 and local biometrics, while the system only adds extra checks when risk is detected.

Audit-ready evidence

Every authentication or transaction approval can be tied to the user, device, timestamp, risk context, and transaction content.

Mobile-ID’s ecosystem in the trusted authentication chain

The table below clarifies each component’s role, to avoid the misconception that every component shares the same type of certification.

Component	Role	Status / recommended phrasing	Customer value
Trusted Key FIDO2® Authenticator for Android SDK	Client-side authenticator on Android.	FIDO2 certified	Serves as the trust anchor for passwordless login and strong authentication on mobile devices.
Trusted Hub FIDO2® Server	FIDO2/WebAuthn authentication server, managing registration and public-key verification.	Server component within the ecosystem	Helps organizations integrate FIDO2 with applications, IAM/SSO, and existing digital channels.
PAD Level 2	Anti-spoofing for biometrics, supporting liveness checks when stronger authentication is needed.	Enhanced biometric verification layer	Reduces risk from photos, replayed video, face spoofing, or related fraudulent behavior.
Trusted AccessID	Platform orchestrating authentication, devices, risk, transactions, and evidence.	End-to-end deployment solution	Connects login, high-risk transactions, audit, and operations into one unified journey.
Audit Evidence	Logging and evidence packages for reconciliation, disputes, and audits.	Operational and compliance capability	Helps operations teams trace who authenticated, on which device, when, and for what content.

Technical flow: registration, authentication, transaction binding, and evidence storage

This section gives technical and security teams a quick view of how Trusted AccessID operates in a real environment.

Authenticator registrationThe user activates the authenticator on the mobile app.

FIDO2 key pair generationThe private key is protected on the device; the public key is sent to the server.

Server-side registrationThe FIDO2/WebAuthn server stores the public key and attestation data.

Challenge-based authenticationThe device signs a challenge; the server verifies the signature with the public key.

Risk assessmentCombines device, biometrics, behavior, and transaction context.

Evidence storageRecords the user, device, timestamp, and transaction content for reconciliation.

App / Digital channelMobile banking, internet banking, e-wallet, enterprise portal

→

FIDO2 authenticatorTrusted Key on Android, Passkey, local biometrics

→

FIDO2 serverWebAuthn, public keys, authentication policy

Device & riskUnknown devices, emulators, root/jailbreak, anomalous behavior

→

Transaction bindingAmount, recipient, content, approval time

→

Audit evidenceLogging, reconciliation, compliance reporting

Overview of Mobile-ID's Trusted AccessID solution — Trusted AccessID overview: from login, device checks, risk, and biometrics through to transaction binding and audit evidence.

Priority deployment scenarios

Start with one high-risk flow, measure impact clearly, then expand across the full digital journey.

Financial services

Banks, securities firms, e-wallets

Mobile banking / internet banking login.
Device change, new device activation, or account recovery.
Adding a beneficiary, high-value transfers, securities withdrawal/transfer.
Loan approval, digital onboarding, or transactions prone to disputes.
Gradually reducing SMS OTP dependency where appropriate.

Enterprise

IAM/SSO, remote access, privileged accounts

Passwordless login for employees, agents, or partners.
Protecting administrator and high-privilege accounts.
Authenticating access to VPN, ERP, CRM, and finance/accounting systems.
Internal approvals, business sign-off, and high-risk actions.
Combining with a zero-trust model in access governance.

4–6 week pilot: measured by metrics, not just impressions

The metrics below are reference targets and will be adjusted to each organization’s actual systems.

Enrollment success rate80–95%Measures users’ ability to activate the authenticator within the pilot group.

Authentication timeUnder 5 secondsApplies to most valid sessions on already-enrolled devices.

Reduced OTP dependency30–60%Share of pilot flows that no longer need SMS OTP or have fewer OTP steps.

Transaction completion rateMaintained or improvedCompared with the current authentication method.

Risk detectionUnknown device / emulator / rootCaptures anomalous signals to fine-tune authentication policy.

Audit evidenceFully traceableBy user, device, timestamp, transaction content, and authentication result.

Proposed rollout roadmap

A phased approach reduces integration risk and proves impact before scaling up.

1. Assessment & architecture consulting

Review digital channels, IAM/SSO, mobile apps, current OTP methods, and high-risk transaction flows.

2. 4–6 week pilot

Integrate the SDK, FIDO2 server, trusted devices, biometric checks, and evidence for one priority flow.

3. Rollout & scale-up

Measure KPIs, fine-tune risk policy, train operations staff, and expand to more channels and user groups.

Frequently asked questions

Quick answers to common questions about FIDO2 certification and the Trusted AccessID platform.

What is Trusted AccessID?

Trusted AccessID is Mobile-ID’s platform that orchestrates FIDO2 authentication, device checks, risk scoring, transaction binding, and audit evidence in a single, unified journey.

What does an organization need to start deploying?

An organization should pick one high-risk flow to pilot first, such as digital banking login or device change, then integrate Trusted Key FIDO2 Authenticator with an existing FIDO2/WebAuthn server.

How is it different from traditional OTP and passwords?

Trusted AccessID uses FIDO2 combined with trusted devices, biometrics, and contextual risk scoring, while binding authentication to specific transaction content, instead of relying solely on an OTP code or a static password.

Which industries is the solution suited for?

It fits banking, securities, e-wallets, and fintech that need to protect high-value transactions, as well as enterprises that need passwordless authentication for IAM/SSO, remote access, and privileged accounts.

Which standard is Trusted Key FIDO2 Authenticator certified against?

The product is certified under the FIDO User Authentication program, using the FIDO2 CTAP v2.1 PS protocol, with certificate number FA001202600008 issued on 06/17/2026.

Start with one high-risk flow

Device change, adding a beneficiary, high-value transfers, or privileged account access are good starting points for measuring Trusted AccessID’s impact.

Mobile-ID Is FIDO2 Certified for Trusted Key Authenticator

Mobile-ID Is FIDO2 Certified for Trusted Key Authenticator