FIDO FIDO Authentication and Its Technology: Technical Specifications and Standardization Activities Hidehito GOMI Wataru OOGAMI FIDO Fast IDentity On

Similar documents
金融分野のTPPsとAPIのオープン化:セキュリティ上の留意点

FIDO技術のさらなる広がり

sp c-final

XMLを基盤とするビジネスプロトコルの動向

ppt

untitled

untitled

FIDOTokyo-gomi final-ja

PKIDay2017-gomi

WebRTC P2P Web Proxy P2P Web Proxy WebRTC WebRTC Web, HTTP, WebRTC, P2P i

i

untitled

Web Web Web Web i

1 2 3 ( ) ( ) SNS SNS Facebook %[g]( %[ ]) [ ] IT LNS (Life Networking Service) LNS LNS LNS SNS SNS 3. LNS (Life Networking S

E MathML W3C MathJax 1.3 MathJax MathJax[5] TEX MathML JavaScript TEX MathML [8] [9] MathSciNet[10] MathJax MathJax MathJax MathJax MathJax MathJax We

Web Web ID Web 16 Web Web i

PowerPoint プレゼンテーション

Encryption Security

LAN LAN LAN LAN LAN LAN,, i

2 WHITE PAPER: OAUTH ca.com/jp OAuth 3 OAuth 4 OAuth 6 OAuth OAuth 8 CA API Gateway OAuth 9 OAuth Toolkit 10 CA API Gateway 2-legged OAuth 3-leg

日本感性工学会論文誌

( )

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド


SAML

本講演では 以下の 3 点の説明を う 1. FIDO の仕組みの解説 2. FIDO をインターネット バンキングに活 した場合の安全性評価 3. FIDO をインターネット バンキングに活 する際の留意点 ( 注 ) 本講演では FIDO の UAF(Universal Authenticati

OSC_isshiki_090710c.ppt

25 About what prevent spoofing of misusing a session information

21 Key Exchange method for portable terminal with direct input by user

パスワードよ、さようなら!生体認証の導入はこんなに簡単

_KAIT.pptx

Oracle Identity Managementの概要およびアーキテクチャ


3D UbiCode (Ubiquitous+Code) RFID ResBe (Remote entertainment space Behavior evaluation) 2 UbiCode Fig. 2 UbiCode 2. UbiCode 2. 1 UbiCode UbiCode 2. 2

IPSJ SIG Technical Report Vol.2015-GN-93 No.29 Vol.2015-CDS-12 No.29 Vol.2015-DCC-9 No /1/27 1,a) 1 1 LAN IP 1), 2), 3), 4), 5) [

IC API

BIG‑IP Access Policy Manager | F5 Datasheet

EPUB

WCAG 2.0 W3C/WAI ( ) 2 24 December,

Microsoft Word - 11_thesis_08k1131_hamada.docx

今後の認証基盤で必要となる 関連技術の動向 株式会社オージス総研テミストラクトソリューション部八幡孝 Copyright 2016 OGIS-RI Co., Ltd. All rights reserved.

Testing XML Performance

"CAS を利用した Single Sign On 環境の構築"

No. 26 March 2016 IoT innovation IoT innovation 1 2 ICT Industry and IoT Innovation-Case Study of Competition and Cooperation between ICT and Automobi

IoT JNSA IoT Security WG IoT Security Working Group (

スライド 1

"CAS を利用した Single Sign On 環境の構築"

& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us

WGandProcesses.pptx


DEIM Forum 2010 D Development of a La

05_fuke.indd

Google Y!mobileMy Y!mobile Google Android OS Android 7.0 S P.0 P.0 P. Google P.5 Y!mobile P.8 My Y!mobile P. P. P.7 P. P.6 P.7 P. P.5 Google P.9 Googl

Wi-Fi Wi-Fi Wi-Fi Wi-Fi SAS SAS-2 Wi-Fi i

Google Y!mobile My Y!mobile0 P.0 Google P. S P.0 P. Google P.5 Y!mobile P.8 My Y!mobile P. P. Google P.5 Google P.6 Google P.7 P.50 Yahoo! P.5 Yahoo!

Pro 16 ipad iphone Windows Mac Web App : 12,600 T1 1 1 * Starter Solution Excel PDF Web Web CSV, Excel, XML, ODBC ODBC / JDBC ** SQL REST API (JSON, c

World Wide Web =WWW Web ipad Web Web HTML hyper text markup language CSS cascading style sheet Web Web HTML CSS HTML

A B, ID End-User 3 How do I get an OpenID?, 4

7,, i

IPSJ SIG Technical Report Secret Tap Secret Tap Secret Flick 1 An Examination of Icon-based User Authentication Method Using Flick Input for

/02/ /09/ /05/ /02/ CA /11/09 OCSP SubjectAltName /12/02 SECOM Passport for Web SR

untitled

IPSJ SIG Technical Report Vol.2013-CE-122 No.16 Vol.2013-CLE-11 No /12/14 Android 1,a) 1 1 GPS LAN 2 LAN Android,,, Android, HTML5 LAN 1. ICT(I

paper

Web Basic Web SAS-2 Web SAS-2 i

2009 NTT Corporation. All rights reserved.

橡最新卒論

HP cafe HP of A A B of C C Map on N th Floor coupon A cafe coupon B Poster A Poster A Poster B Poster B Case 1 Show HP of each company on a user scree

FUJITSU Cloud Service for OSS 認証サービス サービス仕様書

Android OS Android 7.. X P.0 P.0 P. Google P.5 Y!mobile P.8 My Y!mobile P. P. P.6 P.7 P.8 P.9 P. P.6 P.7 P. P.5 Google P.9 Google P.50 Google P.5 Goog

untitled

WebRTC P2P,. Web,. WebRTC. WebRTC, P2P, i

Vol. 45 No Web ) 3) ),5) 1 Fig. 1 The Official Gazette. WTO A

17 Proposal of an Algorithm of Image Extraction and Research on Improvement of a Man-machine Interface of Food Intake Measuring System

All Rights Reserved, Copyright FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED

Y!mobilemicroSDGoogle P.0 P.0 P. P. P.7 P.8 P. P.6 GoogleWi-Fi Google P. Wi-Fi P.9 Y!mobile P.0 P.6 P.8 P.9 P.0 microsd P.50 Google P.5 Google P.55 Go

OSF2009発表用抜粋版 A4.ppt

CA Federation ご紹介資料

PC 5G ICT MWC 10 2,200 3,600 MWC 2016 NFC IoT 5G, VR ICT K AI GSMA GSMA Mobile IoT 5G MTC: Machine Type Communica

Office365 Education,, Google Apps Microsoft Education Office365 Education. 1 LMS ICT Google Apps for Ed

...5 VMware Workspace ONE Workspace ONE...14 Workspace ONE AirWatch VMware Identity Mana

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

内閣官房情報セキュリティセンター(NISC)


untitled

XML RFID, RFID, RFID IP,, RFID EPC Global, RFID IP, RFID, RFID, IP, RFID, IP, RFID, RFID XML(Extensible Markup Language), RFID XML, RFID XML, RFID,, R

橡dbweb2002-sato.PDF

Microsoft Word - KUINS-Air_W8.1_ docx

DEIM Forum 2009 C8-4 QA NTT QA QA QA 2 QA Abstract Questions Recomme

Microsoft Word - KUINS-Air_W10_ docx

THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE {s-kasihr, wakamiya,

オントロジ入門

Web Web Web Web Web, i

paper.dvi

dews2004-final.dvi

04.™ƒ”R/’Ô”�/’Xfl©

27 YouTube YouTube UGC User Generated Content CDN Content Delivery Networks LRU Least Recently Used UGC YouTube CGM Consumer Generated Media CGM CGM U

06’ÓŠ¹/ŒØŒì

Microsoft PowerPoint - 【資料3】Open ID概要.ppt

B 20 Web

Transcription:

FIDO FIDO Authentication and Its Technology: Technical Specifications and Standardization Activities Hidehito GOMI Wataru OOGAMI FIDO Fast IDentity Online FIDO FIDO FIDO UAF U2F FIDO2 Web CTAP Abstract This paper describes the technical specifications and standardization activities of FIDO (Fast IDentity Online), which promotes simpler, stronger authentication using public-key cryptography and enhances privacy preservation and cross-platform support to expand its ecosystem. Key words FIDO Authentication UAF U2F FIDO2 Web Authentication CTAP Biometric Authentication 1. FIDO (Fast IDentity Online ) FIDO 2. FIDO FIDO 1 2012 2018 6 NTT LINE DDS ISR JCB KDDI UFJ NEC NTT E-mail hgomi@yahoo-corp.jp E-mail wogami@yahoo-corp.jp Hidehito GOMI, Member (Yahoo Japan Corporation, Tokyo, 102-8282 Japan), Wataru OOGAMI, Nonmember (Yahoo Japan Corporation, Tokyo, 102-8282 Japan). Fundamentals Review Vol.12 No.2 pp.115 125 2018 10 c 2018 FIDO Identity FIDO FIDO FIDO ComplianceInteroperability FIDO FIDO FIDO FIDO 2016 5 FIDO 1 https://fidoalliance.org/ IEICE Fundamentals Review Vol.12 No.2 115

2 ( ) ID 1 FIDO (FIDO ). 3 FIDO WG Working Group FIDO Japan WG 2 FIDO 3 3. FIDO ID (Identifier ) ID FIDO 1 FIDO ID ID 2 2 https://www.slideshare.net/fidoalliance/fido-japan-workinggroup-84110650 3 FIDO FIDO Japan WG WG 1 ID ( ) ID ID ID FIDO (Authenticator) ( 3) FIDO FIDO FIDO FIDO FIDO ID TEE Trusted Execution Environment FIDO FIDO FIDO 116 IEICE Fundamentals Review Vol.12 No.2

FIDO FIDO 2018 5 GDPR (General Data Protection Regulation) FIDO 2 FIDO FIDO FIDO FIDO FIDO 4. FIDO FIDO 3. FIDO FIDO FIDO FIDO 3 4 FIDO ( )FIDO ( ) FIDO 4 FIDO FIDO PIN USB FIDO (something you have) PIN (something you know/something you are) 4 FIDO 5. FIDO FIDO 5. 1 FIDO UAF U2F FIDO FIDO UAF (Universal Authentication Framework) 3 U2F (Universal 2nd Factor) 4 4 vendor lock-in (Wikipedia https://ja.wikipedia.org/wiki/) IEICE Fundamentals Review Vol.12 No.2 117

5 FIDO UAF U2F FIDO 52014 12 1.0 2016 12 1.1 FIDO 5 3. FIDO FIDO FIDO SAML 5 OpenID Connect 6 78 FIDO UAF NTT 6 Bank of America 10 6 FIDO UAF FIDO UAF MITM Man-In-The-Middle FIDO UAF 1.1 Android OS 8.0 Key Attestation 7 5 https://fidoalliance.org/download/ 6 2015 5 FIDO 9 2018 5 Android OS 7 48 ios FIDO 7 https://developer.android.com/training/articles/security -key-attestation?hl=ja 6 FIDO UAF FIDO 7 FIDO U2F FIDO UAF Android 8 FIDO U2F PC Web FIDO FIDO U2F 7 (PC) USB FIDO U2F USB BLE Bluetooth Low Energy NFC Near Field Communication Google Dropbox GitHub Facebook 5. 2 FIDO FIDO FIDO 8 https://www.slideshare.net/fidoalliance/fido-seminar-tokyo 118 IEICE Fundamentals Review Vol.12 No.2

FIDO Attestation Basic Attestation TEE 10 FIDO PKI (Public Key Infrastructure) PKI 5. 3 FIDO MetadataFIDO MDS Metadata Service 11 9 MDS MDS MDS CA root of trust MDS FIDO FIDO 5. 4 UAF U2F PC FIDO FIDO / 9 2018 5 FIDO MDSv2 https://mds2.fidoalliance.org/tokens/ 8 FIDO UAF 5. 5 FIDO FIDO Registration FIDO FIDO Authentication FIDO Deregistration UAF 5. 5. 1 UAF 8 FIDO UAF FIDO RP: Relying Party FIDO FIDO FIDO Web Web RP Web FIDO 1 RP 2 RP FIDO 3 FIDO RP 4 RP FIDO IEICE Fundamentals Review Vol.12 No.2 119

5 FIDO 6 FIDO 7 PIN 8 9 RP FIDO 10 RP FIDO 11 FIDO 12 ID 13 FIDO 45 FIDO RP 5. 5. 2 UAF FIDO UAF 9 1 RP 2 RP FIDO 3 FIDO RP 4 RP FIDO 5 FIDO 9 FIDO UAF 6 FIDO 7 ( PIN ) 8 9 10 RP FIDO 11 FIDO 12 RP FIDO 6. FIDO FIDO FIDO FIDO FIDO 10 FIDO 120 IEICE Fundamentals Review Vol.12 No.2

10 FIDO 12 FIDO UAF/U2F FIDO2 FIDO 11 FIDO 11 Security Evaluation Authenticator Certification 2018 8 1 2 2 1 FIDO 2 TEE FIDO 1 2 2018 11 Functional Certification 1 2 7. FIDO2 FIDO FIDO UAF U2F FIDO FIDO2 FIDO2 Web Web Authentication 12 Web W3C World Wide Web Consortium Web WG 10 FIDO FIDO UAF U2F 2015 11 W3C 2018 5 CR (Candidate Recommendation) CTAP Client To Authenticator Protocol 13 Web FIDO FIDO 12 FIDO FIDO UAF U2F W3C Web CTAP Web CTAP FIDO 10 https://www.w3.org/tr/webauthn/ IEICE Fundamentals Review Vol.12 No.2 121

13 Web 7. 1 Web Web Web OS Web FIDO Chrome Edge Firefox Web FIDO UAF U2F FIDO 13 Web Web Web Web API Web JavaScript FIDO FIDO Web FIDO 7. 2 CTAP CTAP PC Web PC BLE NFC Web FIDO U2F PC USB FIDO 14 14 FIDO 15 FIDO2 USB BLE NFC CTAP CTAP FIDO FIDO2 RP FIDO UAF Android FIDO2 FIDO2 11 15 FIDO2 UAF MDS FIDO2 PC FIDO 1 PC RP URL 2 11 https://fidoalliance.org/fido-alliance-and-w3c-achievemajor-standards-milestone-in-global-effort-towards-simplerstronger-authentication-on-the-web/ 122 IEICE Fundamentals Review Vol.12 No.2

3 RP FIDO FIDO 4 FIDO RP 5 RP UAF JavaScript 6 PC Bluetooth RP JavaScript PC makecredential() 7 8 9 RP 10 RP FIDO 11 FIDO 12 FIDO UAF UAF 7 makecredential() JavaScript Web 12, 12 // Web if (!window.publickeycredential) { // } // var publickey = { // 32 FIDO challenge: new Uint8Array([21,31,105,... ]), rp: { name: "Example Corporation" // RP }, // user: { id: Uint8Array.from( window.atob("mii.="), c=>c.charcodeat(0)), name: "alex.p.mueller@example.com", displayname: "Alex P. Müller", icon: "https://pics.example.com/00/p/abjjjpqpb.png" }, // // ES256 RS256 16 FIDO2 // ES256 pubkeycredparams: [ { type: "public -key", alg: -7 // "ES256" }, { type: "public -key", alg: -257 // "RS256" } ], timeout: 60000, // 1 excludecredentials: [], // extensions: {"loc": true} }; // makecredential() // // RP navigator.credentials.create({ publickey }).then(function (newcredentialinfo) { // // // }).catch(function (err) { // // }); USB JSON (JavaScript Object Notation) 14 CTAP CBOR (Concise Binary Object Representation) 15 16 FIDO2 UAF RP FIDO 6 getassertion() Web 12, 12 // Web if (!window.publickeycredential) {} IEICE Fundamentals Review Vol.12 No.2 123

var encoder = new TextEncoder(); var acceptablecredential1 = { type: "public -key", // " " id: encoder.encode("!!!!!!!hi there!!!!!!!\n") }; var acceptablecredential2 = { type: "public -key", id: encoder.encode("roses are red, violets are blue\n") }; var options = { // FIDO challenge: new Uint8Array([8,18,33,...]), timeout: 60000, // 1 allowcredentials: [acceptablecredential1, acceptablecredential2], // extensions: { txauthsimple : "Wave your hands in the air like you just don t care" } }; // getassertion() // navigator.credentials.get({ "publickey": options }).then(function (assertion) { // }).catch(function (err) { // }); RP FIDO RP FIDO FIDO Universal Server 12 8. FIDO FIDO FIDO Web NTT FIDO Japan WG 1 FIDO Japan Technology Sub WG, FIDO 2017, https://www.slideshare.net/fidoalliance/ fido-83445442 2 FIDO Alliance, FIDO authentication and the general data protection regulation (GDPR), May 2018, https://fidoalliance.org/wp-content/uploads/fido Authentication and GDPR White Paper May2018-1. pdf 3 FIDO Alliance, FIDO UAF architectual overview, Proposed Standard, Feb. 2017, https://fidoalliance.org/download/ 4 FIDO Alliance, Universal 2nd factor (U2F) overview, Proposed Standard, April 2017, https://fidoalliance.org/download/ 5 OASIS, Assertions and protocol for the OASIS security assertion markup language (SAML) V2.0, OASIS Standard, March 2005. 6 OpenID Foundation, OpenID connect core 1.0 incorporating errata set 1, 2014. 7 FIDO FIDO Dec. 2016 https://fidoalliance.org/wp-content/uploads/ FIDOTokyo-gomi-120816-ja.pdf 8 FIDO Alliance, Enterprise adoption best practices, Dec. 2017, https://fidoalliance.org/wp-content/ uploads/enterprise Adoption Best Practices Federation FIDO Alliance.pdf 9 NTT FIDO d vol.80, pp.763 772, Jan. 2017, https://www.tta.or.jp/book/1051/ 10 FIDO FinTech 2018-2019 pp.763 772, BP 2018, http://coin.nikkeibp.co.jp/coin/nft/ 11 FIDO Alliance, FIDO metadata service, Proposed Standard, Feb. 2017, https://fidoalliance.org/download/ 12 W3C, Web authentication: An API for accessing public key credentials level 1, W3C Candidate Recommendation, March 2018, https://www.w3.org/tr/webauthn/ 13 FIDO Alliance, Client to authenticator protocol, Proposed Standard, Sept. 2017, https://fidoalliance. org/specs/fido-v2.0-ps-20170927/fido-client-toauthenticator-protocol-v2.0-ps-20170927.html 14 T. Bray, The JavaScript object notation (JSON) data interchange format, RFC 8259, Dec. 2017. 15 C. Bormann and P. Hoffman, Concise binary object representation (CBOR), RFC 7049, Oct. 2013. BioX 30 7 4 12 https://fidoalliance.org/fido-alliance-and-w3c-achievemajor-standards-milestone-in-global-effort-towards-simpler-strongerauthentication-on-the-web/ 124 IEICE Fundamentals Review Vol.12 No.2

五味秀仁 正員 1996 京大大学院工学研究科応用システム科学専攻 了 同年 日本電気株式会社入社 中央研究所配属 2001 2003 スタンフォード大客員研究員 2007 か ら ヤフー株式会社 Yahoo! JAPAN 研究所にて セキュリティ プライバシー アイデンティティ管 理技術の研究開発に従事 現在 同研究所上席研究 員 IEEE ACM 情報処理学会各会員 博士 (情 報学) FIDO アライアンス Japan WG 技術リード 大神 渉 2012 京大大学院情報学研究科知能情報学専攻修 士課程了 同年からヤフー株式会社 アイデンティ ティ管理やアクセス制御を通じてユーザビリティと セキュリティに関するコンテキストアウェア技術の 研究開発に従事 IEICE Fundamentals Review Vol.12 No.2 125

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック