• Title/Summary/Keyword: Passwordless security

Search Result 2, Processing Time 0.017 seconds

FIDO Platform of Passwordless Users based on Multiple Biometrics for Secondary Authentication (암호 없는 사용자의 2차 인증용 복합생체 기반의 FIDO 플랫폼)

  • Kang, Min-goo
    • Journal of Internet Computing and Services
    • /
    • v.23 no.4
    • /
    • pp.65-72
    • /
    • 2022

  • In this paper, a zero trust-based complex biometric authentication was proposed in a passwordless environment. The linkage of FIDO 2.0 (Fast IDENTITY Online) transaction authentication platforms was designed in conjunction with metaverse. In particular, it was applied with the location information of a smart terminal according to a geomagnetic sensor, an accelerator sensor, and biometric information for multi-factor authentication(MFA). At this time, a FIDO transaction authentication platform was presented for adaptive complex authentication with user's environment through complex authentication with secondary authentication based on situational awareness such as illuminance and temperature/humidity. As a result, it is possible to authenticate secondary users based on zero trust with behavior patterns such as fingerprint recognition, iris recognition, face recognition, and voice according to the environment. In addition, it is intended to check the linkage result of the FIDO platform for complex integrated authentication and improve the authentication accuracy of the linkage platform for transaction authentication using FIDO2.0.

  • https://doi.org/10.7472/jksii.2022.23.4.65 인용 PDF KSCI HTML

Passwordless Protection for Private Key Using USIM Information (USIM 정보를 활용한 패스워드리스 방식의 개인키 보호 방안)

  • Kim, Seon-Joo
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.6
    • /
    • pp.32-38
    • /
    • 2017

  • Despite the opinion that certificate is useless, half of the population in Korea (approx. 35 million) get an certificate, and use it for internet banking, internet shopping, stock trading, and so on. Most users store their certificates on a usb memory or smartphone, and certificates or passwords stored on such storage media can be easily attacked and used to disguise as legitimate users. Due to these security problem of certificate, a various authentication technologies has been proposed such as smartphone owner authentication using SMS, and a personal authentication using biometric authentication. However, a safe technique is not presented yet without user password, and certificate. In this paper, I proposed a method to secure certificate/private key without a user password using a combination of USIM card and smartphone's information. Even if a hacker gets the user password, the certificate, and the private key, he can not use the certificate. User do not need to remember complex password which is a combination of alphabetic / numeric / special characters, and use his certificate safely.

  • https://doi.org/10.5392/JKCA.2017.17.06.032 인용 PDF KSCI