• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.293-303
• /
• 2017

FIDO(Fast IDentity Online) technology is expanding very rapidly which can replace traditional password-based authentication with biometrics technology[1,7]. FIDO provides convenient authentication with biometrics technology and secure key management with smart card technology, but it does not provide user identification, thus traditional user identification technology should be used before a FIDO device is registered to a FIDO server. K-FIDO[3] is an approach to implement FIDO and certificate-based authentication technology into a single device that user can utilize certificate-based authentication in initial registration of FIDO device to FIDO server. It is expected that very shortly users will own and use multiple K-FIDO devices. If we consider the traditional approach of copying single certificate to multiple devices or issuing independent certificate to each device, there will be many complex problems. In this paper we propose more secure and convenient key management technology in multiple K-FIDO device scenario using self-extended certification[4].

• Review of KIISC
• /
• v.26 no.2
• /
• pp.14-19
• /
• 2016

국내 인증기술은 패스워드를 시작으로 X.509 인증서 기반의 공인인증 기술로 발전되어 왔고 현재는 패스워드의 보안 취약성을 개선하기 위해 개발된 FIDO 기술로 전환되는 과정에 있다. FIDO는 바이오 인증 기술뿐만 아니라 다중 인증 기술도 지원하는 범용인증기술로 FIDO 인증 서버를 한번만 설치하면 서비스 제공자의 요구사항에 따라 다양한 인증방식을 서버 변경 없이 수용할 수 있다는 장점을 가지고 있어, 금융, 결제 등 다양한 분야에 급속하게 확산되고 있다. 본 고에서는 범용인증기술인 FIDO 1.0 기술을 설명하고 최근에 표준화를 진행하고 있는 FIDO 2.0 기술에 대한 소개 및 FIDO 1.0 기술과의 차이점을 기술하여 FIDO 2.0이 가지는 여러 의미를 분석하여 향후 인증기술에 대한 전망을 제시한다.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.65-72
• /
• 2022

In this paper, a zero trust-based complex biometric authentication was proposed in a passwordless environment. The linkage of FIDO 2.0 (Fast IDENTITY Online) transaction authentication platforms was designed in conjunction with metaverse. In particular, it was applied with the location information of a smart terminal according to a geomagnetic sensor, an accelerator sensor, and biometric information for multi-factor authentication(MFA). At this time, a FIDO transaction authentication platform was presented for adaptive complex authentication with user's environment through complex authentication with secondary authentication based on situational awareness such as illuminance and temperature/humidity. As a result, it is possible to authenticate secondary users based on zero trust with behavior patterns such as fingerprint recognition, iris recognition, face recognition, and voice according to the environment. In addition, it is intended to check the linkage result of the FIDO platform for complex integrated authentication and improve the authentication accuracy of the linkage platform for transaction authentication using FIDO2.0.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.43-53
• /
• 2020

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.217-228
• /
• 2019

In the 4th Industrial Revolution, the Internet of Things emerged and various services and convenience improved. As the frequency of use increases, security threats such as leakage of personal information coexist and the importance of security are increasing. In this paper, we analyze the security threats of the Internet of things and propose a model for enhancing security through user authentication using Fast IDentity Online (FIDO). As a result, we propose to implement strong user authentication by introducing second authentication through FIDO.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.65-72
• /
• 2020

In this paper, a USB module with fingerprint recognition was designed as a distributed node of blockchain on distributed ID (DID, distributed ID) for user identification. This biometric-linked fingerprint recognition device was verified for the real-time authentication process of authentication transaction with FIDO(Fast IDentity Online) server. Blockchain DID-based services were proposed like as a method of individual TV rating survey, and recommending service for customized shopping channels, and crypto-currency, too. This DID based remote service can be improved by recognizing of channel-changing information through personal identification. The proposed information of production purchase can be shared by blockchain. And customized service can be provided for the utilization of purchase history in shoppingmall using distributed ID. As a result, this blockchain node-device and Samsung S10 Key-srore with FIDO service can be certified for additional transactions through various biometric authentication like fingerprint, and face recognition.

• Information and Communications Magazine
• /
• v.33 no.2
• /
• pp.59-65
• /
• 2016

최근 급격하게 확산되고 있는 핀테크 서비스는 다양한 분야의 사람들로부터 관심을 받고 있다. 기존 금융거래 프로세스에서 경험했던 불편함과 비효율을 개선하여 소비자와 기업 모두에게 편리성과 비용절감이라는 혜택을 제공하고, 새롭게 재편되고 있는 금융 산업에 참여할 기회를 제공하기 때문이다. 그러나 핀테크 서비스가 가져다 줄 혜택과 기회는 완벽한 보안에 기반하지 않으면 엄청난 피해를 야기할 수 있다는 우려도 존재한다. 본고에서는 핀테크 보안 기술 중 최근 급격히 관심을 받고 있는 FIDO (Fast IDentity Online) 인증 기술에 대해 살펴보고자 한다. 편의성과 보안성 측면에서 한계를 갖고 있던 기존 인증 기술들이 핀테크 서비스를 확산시키는데 장애가 되었다면, 최근 도입되기 시작한 FIDO 기술은 편리하고 강력한 인증을 제공하여 사용자와 기업 모두의 관심을 얻는데 성공하고 있는 것으로 보인다. 본 고에서는 FIDO 기술을 간단히 설명하고, FIDO 기술을 활용한 응용 보안 기술을 소개하고자 한다. 또한 FIDO 기술의 향후 발전 방향에 대해 현재 진행 중인 표준화 내용을 중심으로 살펴보고, 해외에서 활발히 진행되고 있는 연구들을 통해 핀테크 인증 기술의 발전 방향을 전망하고 결론을 맺는다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1411-1419
• /
• 2017

The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1049-1062
• /
• 2019

The national accredited certificate is a user certificate issued based on the user's personal information, which has been identified in advance, and has become a universal authentication method used for most electronic financial transactions and user authentication. And it contributed a lot to the use of e-government and domestic service. However, due to the lack of web standards on how to use, it was inconvenient to install a separate plug-in, and efforts to improve it have been continued. In this paper, we attempt to solve the problem of certificate usage environment by presenting the certificate digital signature method using the extension of the FIDO2 (Fast Identity Online v2) client to authentication protocol (CTAP) specification.