• Title/Summary/Keyword: JWT(Json Web Token)

Search Result 2, Processing Time 0.009 seconds

Stateless Randomized Token Authentication for Performance Improvement of OAuth 2.0 MAC Token Authentication (OAuth 2.0 MAC 토큰인증의 효율성 개선을 위한 무상태 난수화토큰인증)

  • Lee, Byoungcheon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1343-1354
    • /
    • 2018

  • OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

  • https://doi.org/10.13089/JKIISC.2018.28.6.1343 인용 PDF KSCI HTML

A Study on FIDO UAF Federated Authentication Using JWT Token in Various Devices (다양한 장치에서 JWT 토큰을 이용한 FIDO UAF 연계 인증 연구)

  • Kim, HyeongGyeom;Kim, KiCheon
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.16 no.4
    • /
    • pp.43-53
    • /
    • 2020

  • There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

  • https://doi.org/10.17662/ksdim.2020.16.4.043 인용 PDF KSCI