FIDO FIPS Security Keys (Device-bound passkey and FIPS 140-2/3 Validated): FIDO FIPS Security Keys are hardware authenticators that meet the NIST FIPS 140-2 cryptographic module validation requirements. They provide strong hardware-backed security and are approved for use in U.S. federal environments where AAL3 assurance is required. These keys combine phishing resistance, cryptographic protection, and compliance with federal standards.
IMPORTANT! Exostar does NOT sell the hardware key. You MUST purchase that separately.
A FIDO Security key must contain the following properties to be allowed in the Exostar product environment:
– NIST Assurance Level: AAL2
– FIPS 140-2/3 Validation: Must be active and listed on the NIST Cryptographic Module Validation Program
– Passkey Protection: Must be hardware
– Passkey Storage Location: Must be device-bound
– FIDO Alliance Certification Level: Must be at least L2
– Attestation: Required
Please follow the steps below to purchase a FIDO FIPS Security Key. Please visit your customer page for more information on the purchase and set-up process, as this can differ per customer depending on the proofing requirement and application access.
Step 1. Purchase FIDO Passkey License
It is important you verify with your partner which FIDO credential you require to access their applications. You can complete a purchase for the FIDO Passkey License with or without Proofing from Exostar’s web store. You must also purchase the hardware key separately as this is not currently offered from Exostar’s web store. Please see that process in Step 2. Purchase Hardware Key.
IMPORTANT! Once you successfully purchase the FIDO Passkey License, you will receive a purchase confirmation license key. This license key is used ONCE during the credential set-up process and IS NOT the same as the FIDO Passkey License, which is the credential you will use to authenticate to access your partner applications.
2. Select your Partner from the drop-down provided.
3. Select the radio button for FIDO Passkey License with or without Proofing (1 year, hardware key not included). Click Next.
4. Review and complete any missing information in the Primary Information and Billing Address sections. Click Next.
5. Select your Payment Method and input payment details. Click Submit to complete your purchase.
NOTE: If you select the Invoice option, Exostar must receive full payment before you receive your license key to activate your credential.
6. On the purchase confirmation screen, you are provided the option to activate your license key directly from the web store. Otherwise, you can activate via your account using the license key provided in the confirmation email.
NOTE: The license key format is KEY-XXXXXXXXXXXXXXXXX.
Step 2. Purchase FIDO FIPS Security Key (Hardware)
It is important to note, you must purchase a security key separately, as Exostar does not currently offer the physical keys via the web store. Exostar suggests purchasing the Yubico YubiKey 5C NFC FIPS USB-C product. Please see the FIDO FIPS Security Keys Approved Authenticators article for other approved FIDO FIPS Security Key (Hardware) options.
2. Select the YubiKey 5C NFC FIPS USB-C product.
3. Select a Single Key or Tray of 50 keys.
4. Click Add to Cart.
5. The cart displays along the right-hand side of your screen. Click Continue to checkout.
6. Review your cart. Click Continue to checkout.
7. On the Your details screen, complete the following and click Continue:
– Select the Profile Type: Individual or Business.
– Select the Shipping to Country.
– Input your Email.
8. Complete the Shipping Information, Billing Information, and Payment sections.
9. Click Confirm Purchase.
Step 3. Complete Credential Set-up
Once you successfully complete your purchase, you can activate your credential directly from the web store or through your Exostar account. PLEASE VISIT YOUR CUSTOMER GET STARTED ARTICLE FOR MORE DETAILED INSTRUCTIONS ON COMPLETING CREDENTIAL SET-UP.
IMPORTANT! Once you successfully purchase the FIDO Passkey License, you will receive a purchase confirmation license key. This license key is used ONCE during the credential set-up process and IS NOT the same as the FIDO Passkey License, which is the credential you will use to authenticate to access your partner applications.