Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Robust Mutual Authentication between User Devices and Relaying Server(FIDO Server) using Certificate Authority in FIDO Environments

  • Han, Seungjin (Dept. of Business Administration, Kyung-In Women's University)
  • Received : 2016.08.17
  • Accepted : 2016.09.28
  • Published : 2016.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Biometrics is being magnified than ID or password about user authentication. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. As FIDO(Fast IDentity Online) than existing server storing method, It stores a user's biometric information to the user device. And the user device authentication using the user's biometric information, the user equipment has been used a method to notify only the authentication result to the server FIDO. However, FIDO has no mutual authentication between the user device and the FIDO server. We use a Certificate Authority in order to mutually authenticate the user and the FIDO server. Thereby, we propose a more reliable method and compared this paper with existed methods about security analysis.

Keywords

References

  1. Tae Bong Kim, "SmartSIGN," Fintechforum June Annual Presentation, KTB Solution, 23rd, June, 2015.
  2. Fido Alliance, https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.pdf
  3. NIST(National Institute of Standards and Technology), DRAFT NIST Special Publication 800-63-3 Digital Authentication Guideline, https://pages.nist.gov/800-63-3/sp800-63-3.html
  4. ITU-T SG17 WG5 Q9, http://www.itu.int/itu-t/workprog/wp_item.aspx?isn=9429
  5. SooHyung Kim, YeongSub Cho, and DaeSeon Choi, "FinTech Era: Needs for the innovation of user authentication technologies," Communications of the Korean Institute of Information Scientists and Engineers, KIISE, vol. 33, no. 5, pp17-22, May, 2015.
  6. Korea Financial Telecommunications & Clearings Institute, "Standard for distributed management of biometrics," Korea Financial Telecommunications & Clearings Institute, Jun., 2015.
  7. Jaejung Kim, "Study on the password-free certification system using the FIDO (Fast IDentity Online)," Communications of the Korea Information Science Society, KIISE, vol. 33, no. 5, May., 2015.