The WebID Protocol Enhanced with Biometrics and a Federated Enrollment Protocol
Dr. Albert Esterline
We are currently working to integrate WebIDs and biometrics into the cyber security environment. This includes developing a strategy for user verification that considers simple and safe access. WebIDs provide these necessities when compared with the traditional username and password user authentication. However, with WebIDs, authentication data can be stolen if an attacker either gains direct access to the client's workstation or somehow acquires the client's unique certificate. This threat can be mitigated with the inclusion of biometrics to the authentication process since biometric information (e.g., fingerprints, iris scan) is unique and not easily copied. We first created an enrollment protocol that verifies whether a user has a WebID while attempting to access a service. If they have, we grant access to the service, and if they haven't, we enroll the user by accessing their own server.
Martin, Taylor, "The WebID Protocol Enhanced with Biometrics and a Federated Enrollment Protocol" (2019). Undergraduate Research and Creative Inquiry Symposia. 224.