Implementing WebIDs + Biometrics with Enrollment
Dr. Albert Esterline
We are in the process of establishing a seamless way to accommodate WebIDs and biometrics into the cyber environment. This involves constructing a method of user verification that allows for simple, easy, and safe access. It is known that WebIDs are equipped to provide these such things when compared to the traditional username and password user authentication. However, with the use of WebIDs, important information can be stolen if an attacker is either to gain direct access to the user’s computer or they somehow obtain the user’s unique certificate. This possibility can be interrupted with the inclusion of biometrics to the authentication process since biometric data (eg, fingerprints, iris scan, etc.) is unique and not easily duplicated. We first created an enrollment protocol that verifies if a user has a WebID while attempting to access a server. If they do, we permit the use to have access to the server, and if they do not, we register the user by accessing their own server. Implementing these features in the WebID protocol would significantly improve the security of user authentication and reduce replay attacks in conducting biometric assessment.
Martin, Taylor, "Implementing WebIDs + Biometrics with Enrollment" (2019). Undergraduate Research and Creative Inquiry Symposia. 117.