支持fido的通用身份验证器，具有Web可用性和隐私保护

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-03-06 DOI:10.1016/j.compeleceng.2025.110201

Wen-Wei Li , Kuo-Hui Yeh , Yan-Sing Ji , Shi-Cho Cha

{"title":"支持fido的通用身份验证器，具有Web可用性和隐私保护","authors":"Wen-Wei Li , Kuo-Hui Yeh , Yan-Sing Ji , Shi-Cho Cha","doi":"10.1016/j.compeleceng.2025.110201","DOIUrl":null,"url":null,"abstract":"<div><div>More and more organizations adopt strong authentication schemes, such as multi-factor authentication (MFA) and hardware-based means, to enhance application security instead of ID/password. When using the hardware-based authentication methods, users are required to carry hardware authenticators. Then, application systems communicate with the authenticators to authenticate their owners with the credentials stored in the authenticators or the authenticators themselves. For Web-based applications, people may need to install extra components for application servers to communicate with user authenticators. In this case, W3C and Fido alliances have issued the WebAuthn specifications. Therefore, application servers can communicate with user authenticators through the Bluetooth, near-field communication (NFC), or other standard means via web browsers without additional components. However, the current WebAuthn specification does not consider the scenario of using personal identification cards. While some researchers have proposed enhancements by incorporating additional software, these solutions can decrease usability and increase complexity. This study focuses on the scenario that uses personal identification cards as authenticators to access Web applications. In light of this, this study proposes a means to implement WebAuthn and FIDO specifications in personal identification cards called FIDO-enabled universal authenticator. With the support of WebAuthn, Web applications adopt strong authentication schemes to authenticate users without installing extra software. However, the existing WebAuthn specification lacks provisions for scenarios involving personal identification cards. To address privacy concerns, the proposed system adopts a one-time verifiable identity for identity providers to preserve user privacy. Additionally, we demonstrate the feasibility of implementing the dedicated authenticator with an NFC-based smart card corresponding with FIDO-supported Web applications.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"123 ","pages":"Article 110201"},"PeriodicalIF":4.0000,"publicationDate":"2025-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FIDO-enabled universal authenticator with Web usability and privacy preservation\",\"authors\":\"Wen-Wei Li , Kuo-Hui Yeh , Yan-Sing Ji , Shi-Cho Cha\",\"doi\":\"10.1016/j.compeleceng.2025.110201\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>More and more organizations adopt strong authentication schemes, such as multi-factor authentication (MFA) and hardware-based means, to enhance application security instead of ID/password. When using the hardware-based authentication methods, users are required to carry hardware authenticators. Then, application systems communicate with the authenticators to authenticate their owners with the credentials stored in the authenticators or the authenticators themselves. For Web-based applications, people may need to install extra components for application servers to communicate with user authenticators. In this case, W3C and Fido alliances have issued the WebAuthn specifications. Therefore, application servers can communicate with user authenticators through the Bluetooth, near-field communication (NFC), or other standard means via web browsers without additional components. However, the current WebAuthn specification does not consider the scenario of using personal identification cards. While some researchers have proposed enhancements by incorporating additional software, these solutions can decrease usability and increase complexity. This study focuses on the scenario that uses personal identification cards as authenticators to access Web applications. In light of this, this study proposes a means to implement WebAuthn and FIDO specifications in personal identification cards called FIDO-enabled universal authenticator. With the support of WebAuthn, Web applications adopt strong authentication schemes to authenticate users without installing extra software. However, the existing WebAuthn specification lacks provisions for scenarios involving personal identification cards. To address privacy concerns, the proposed system adopts a one-time verifiable identity for identity providers to preserve user privacy. Additionally, we demonstrate the feasibility of implementing the dedicated authenticator with an NFC-based smart card corresponding with FIDO-supported Web applications.</div></div>\",\"PeriodicalId\":50630,\"journal\":{\"name\":\"Computers & Electrical Engineering\",\"volume\":\"123 \",\"pages\":\"Article 110201\"},\"PeriodicalIF\":4.0000,\"publicationDate\":\"2025-03-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Electrical Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0045790625001442\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625001442","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

越来越多的组织采用多因素认证（multi-factor authentication， MFA）和基于硬件的方式来增强应用程序的安全性，而不是使用ID/密码。使用基于硬件的认证方式时，用户需要携带硬件认证器。然后，应用程序系统与身份验证器通信，使用存储在身份验证器中的凭据或身份验证器本身对其所有者进行身份验证。对于基于web的应用程序，人们可能需要为应用程序服务器安装额外的组件，以便与用户身份验证器通信。在这种情况下，W3C和Fido联盟已经发布了WebAuthn规范。因此，应用服务器可以通过蓝牙、近场通信（NFC）或其他标准方式通过web浏览器与用户身份验证器进行通信，而无需额外的组件。然而，目前的WebAuthn规范并没有考虑到使用个人身份证的情况。虽然一些研究人员建议通过合并额外的软件来增强功能，但这些解决方案可能会降低可用性并增加复杂性。本研究的重点是使用个人身份证作为身份验证器访问Web应用程序的场景。鉴于此，本研究提出了一种在个人身份卡中实现WebAuthn和FIDO规范的方法，称为FIDO-enabled universal authenticator。在WebAuthn的支持下，Web应用程序无需安装额外的软件即可采用强认证方案对用户进行身份验证。然而，现有的WebAuthn规范缺乏对涉及个人身份证的场景的规定。为了解决隐私问题，该系统为身份提供者采用一次性可验证的身份，以保护用户隐私。此外，我们还演示了使用与支持fido的Web应用程序相对应的基于nfc的智能卡实现专用身份验证器的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

FIDO-enabled universal authenticator with Web usability and privacy preservation

More and more organizations adopt strong authentication schemes, such as multi-factor authentication (MFA) and hardware-based means, to enhance application security instead of ID/password. When using the hardware-based authentication methods, users are required to carry hardware authenticators. Then, application systems communicate with the authenticators to authenticate their owners with the credentials stored in the authenticators or the authenticators themselves. For Web-based applications, people may need to install extra components for application servers to communicate with user authenticators. In this case, W3C and Fido alliances have issued the WebAuthn specifications. Therefore, application servers can communicate with user authenticators through the Bluetooth, near-field communication (NFC), or other standard means via web browsers without additional components. However, the current WebAuthn specification does not consider the scenario of using personal identification cards. While some researchers have proposed enhancements by incorporating additional software, these solutions can decrease usability and increase complexity. This study focuses on the scenario that uses personal identification cards as authenticators to access Web applications. In light of this, this study proposes a means to implement WebAuthn and FIDO specifications in personal identification cards called FIDO-enabled universal authenticator. With the support of WebAuthn, Web applications adopt strong authentication schemes to authenticate users without installing extra software. However, the existing WebAuthn specification lacks provisions for scenarios involving personal identification cards. To address privacy concerns, the proposed system adopts a one-time verifiable identity for identity providers to preserve user privacy. Additionally, we demonstrate the feasibility of implementing the dedicated authenticator with an NFC-based smart card corresponding with FIDO-supported Web applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.