DOI QR코드

DOI QR Code

다양한 장치에서 JWT 토큰을 이용한 FIDO UAF 연계 인증 연구

A Study on FIDO UAF Federated Authentication Using JWT Token in Various Devices

  • 김형겸 (건국대학교 IT융합정보보호학과) ;
  • 김기천 (건국대학교 IT융합정보보호학과)
  • 투고 : 2020.11.25
  • 심사 : 2020.12.18
  • 발행 : 2020.12.30

초록

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

키워드

참고문헌

  1. Dirk Balfanz, Alexei Czeskis, Jeff Hodges, J.C. Jones, Michael B. Jones, Akshay Kumar, Angelo Liao, Rolf Lindemann, Emil Lundberg, Web Authentication: An API for accessing Public Key Credentials Level 1 W3C Recommendation, 4 March 2019.
  2. Salah Machani, RSA, the Security Division of EMC, Rob Philpott, RSA, the Security, Division of EMC, Sampath Srinivas, Google, Inc., John Kemp, FIDO Alliance, Jeff Hodges, PayPal, Inc., FIDO UAF Architectural Overview FIDO Alliance Proposed Standard, 02 February 2017.
  3. M. Jones, JSON Web Token (JWT), RFC 7519, May 2015.
  4. Dr. Rolf Lindemann, Nok Nok Labs, Inc., Eric Tiffany, FIDO Alliance, FIDO UAF Protocol Specification FIDO Alliance Proposed Standard, 02 February 2017.
  5. Sampath Srinivas, Google, Inc., Dirk Balfanz, Google, Inc., Eric Tiffany, FIDO Alliance, Universal 2nd Factor (U2F) Overview FIDO Alliance Proposed Standard, 11 April 2017.