다양한 장치에서 JWT 토큰을 이용한 FIDO UAF 연계 인증 연구

• Published in: (사)디지털산업정보학회 논문지, 16(4) Vol. 16; no. 4; pp. 43 - 53
• Main Authors: 김형겸, 김기천, Kim, HyeongGyeom, Kim, KiCheon
• Format: Journal Article
• Language: Korean
• Published: (사)디지털산업정보학회 01.12.2020
• Subjects: 컴퓨터학; Biometric Authentication; FIDO(Fast IDentify Online); JWT(Json Web Token); UAF(Universal Authentication Framework); PC(Personal Computer); WebAuthn(Web Authentication)
• ISSN: 1738-6667; 2713-9018

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.