The WebID Protocol Enhanced with Biometrics and a Federated Enrollment Protocol

Student Classification


Faculty Mentor

Dr. Albert Esterline


Computer Science

Document Type


Publication Date

Spring 2019


We are currently working to integrate WebIDs and biometrics into the cyber security environment. This includes developing a strategy for user verification that considers simple and safe access. WebIDs provide these necessities when compared with the traditional username and password user authentication. However, with WebIDs, authentication data can be stolen if an attacker either gains direct access to the client's workstation or somehow acquires the client's unique certificate. This threat can be mitigated with the inclusion of biometrics to the authentication process since biometric information (e.g., fingerprints, iris scan) is unique and not easily copied. We first created an enrollment protocol that verifies whether a user has a WebID while attempting to access a service. If they have, we grant access to the service, and if they haven't, we enroll the user by accessing their own server.

This document is currently not available here.