基於生物辨識之強安全認證應用技術實用性研究

Implementation practices of strong security authentication based on biometrics mechanism

陳世仁(Shih-Jen Chen)；藍紹緯(Shao-Wei Lan)；范雋彥(Chuan-Yen Fan)

FIDO ； 生物辨識 ； 強安全認證 ； 智慧聯網 ； FIDO ； biometric authentication ； IoT

資訊安全通訊

23卷1期（2017 / 01 / 01）

61 - 73

繁體中文

2020年將有超過500億台設備存取智慧聯網服務，平均每人擁有6部以上設備，然而＞80%IoT設備密碼強度及複雜度不足，並且＞70%的設備傳輸未加密並可輕易取得帳號資訊，顯示傳統身分認證機制已不足以應付新興的IoT應用。由FIDO標準聯盟推動新一代認證標準，將身分驗證由機密共享(What you know, What you have)轉成透過生物特徵方式驗證(What you are)，帶動了生物辨識市場蓬勃成長，預估於2024年將達到149億美元，並廣泛應用於金融、健康醫療、智慧家庭甚至企業安控等領域。因應此一趨勢，本文提出一基於生物辨識之強安全認證應用技術架構，並透過相關場域實證，探究生物辨識技術之實用性及成熟度，供後續應用領域導入此一技術之參考。

There will be more than 50 billion connected devices in 2020, It means each one person will have average of more than 6 devices. However, more than 80% of IoT devices using weakness password and more than 70% of devices transfer unencrypted data which could disclosure account information easily. It shows that traditional identity authentication mechanisms are not sufficient for huge IoT applications. Therefore the FIDO (Fast IDentity Online) Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. The new authentication standards based on biometric will widely used in finance, health care, smart home and enterprise management. That drives the biometric market grows fast and will reach 14.9 billion in 2024. In this paper, we proposed our implementation of a strong security authentication architecture based on FIDO standards. It has been deploy into IoT application field such as health care and mobile payment to show the adaptability and technology readiness of FIDO.

1. iOS Security White Paper, Apple Inc., https://www.apple.com/business/docs/iOS_Security_Guide.pdf
2. The FIDO Certification program, FIDO Alliance, https://fidoalliance.org/certification/
3. Finger Print Manager Specification, Android Develops, https://developer.android.com/hardware/fingerprint/FingerprintManager.html
4. Biometrics Market Forecasts: Global Unit Shipments and Revenue by Biometric Modality, Technology, Use Case, Industry Segment, and World Region - 2015-2024, Tractica, 2015/06..
5. (2015).,Ericsson.
6. FIDO Alliance Universal 2nd Factor (U2F) specs, FIDO Alliance, 2014, https://fidoalliance.org/ specifications/download/
7. Public Key Infrastructure, MSDN, 2015/03..
8. FIDO Alliance Universal Authentication Framework (UAF) specs, FIDO Alliance, 2014, https://fidoalliance.org/specifications/download/
9. GlobalPlatform made simple guide: Trusted Execution Environment (TEE) Guide, Global Platform, http://www.globalplatform.org/mediaguidetee.asp

1. 龔沅希、葉奠邦、洪志洋、李宗耀(2018)。探討智慧家庭系統市場需求功能與技術設計之規格及對應產品競爭定位分析。科技管理學刊，23(4)，27-56。
2. (2024)。以Q方法探討銀行顧客對資訊安全認知之研究。管理資訊計算，13(2)，241-251。