跳转到内容

WebAuthn

维基百科,自由的百科全书

这是本页的一个历史版本,由日期20220626留言 | 贡献2021年3月4日 (四) 09:47编辑。这可能和当前版本存在着巨大的差异。

WebAuthn是由万维网联盟發布的網頁標準[1][2][3],也是在FIDO联盟指導下的FIDO2項目英语FIDO2 Project的核心部分。[4]该项目的目标是實現一個标准化接口,以便開發者使用公开密钥加密对基于网络的应用程序和服务进行用户认证。

A roaming cryptographic hardware authenticator with a USB interface

在客戶端,有多種方法可以實現WebAuthn. The underlying cryptographic operations are performed by an authenticator英语authenticator, which is an abstract functional model that is mostly agnostic with respect to how the key material is managed. This makes it possible to implement support for WebAuthn purely in software, making use of a processor's Lua错误:bad argument #1 to 'gsub' (string expected, got nil)。 or a 可信平台模块 (TPM). Sensitive cryptographic operations can also be offloaded to a roaming hardware authenticator that can in turn be accessed via USB, 蓝牙低功耗, or 近場通訊s (NFC). A roaming hardware authenticator conforms to the FIDO Lua错误:bad argument #1 to 'gsub' (string expected, got nil)。 (CTAP),[5] making WebAuthn effectively backward compatible with the FIDO 通用第二因素 (U2F) standard.[6]

Similar to legacy U2F, Web Authentication is resilient to verifier impersonation, that is, it is resistant to active man-in-the-middle-attacks,[7] but unlike U2F, WebAuthn does not require a traditional password. Moreover, a roaming hardware authenticator is resistant to malware since the private key material is at no time accessible to software running on the host machine.

The WebAuthn Level 1 standard was published as a W3C Recommendation on 4 March 2019.[8][9] A Level 2 specification is under development.[10]


章节标题

參考資料

  1. ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (编). Web Authentication: An API for accessing Public Key Credentials Level 1 Recommendation. 万维网联盟 (W3C). 4 March 2019 [4 March 2019]. 
  2. ^ Web Authentication Working Group. 万维网联盟 (W3C). [2018-05-11]. 
  3. ^ Strickland, Jonathan. What is WebAuthn. TechStuff. 清晰頻道通信公司. 20:35 记录于. 18 March 2019 [20 March 2019]. 
  4. ^ FIDO2 Project. FIDO Alliance. [2018-05-11]. 
  5. ^ Brand, Christiaan; Czeskis, Alexei; Ehrensvärd, Jakob; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Powers, Adam; Verrept, Johan (编). Client to Authenticator Protocol (CTAP). FIDO Alliance. January 30, 2019 [7 March 2019]. 
  6. ^ WebAuthn / CTAP: Modern Authentication (PDF). 万维网联盟 (W3C). 10 December 2018 [11 March 2019]. 
  7. ^ Kan, Michael. Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise. PC Magazine. March 7, 2019 [8 March 2019]. 
  8. ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (编). Web Authentication: An API for accessing Public Key Credentials Level 1 (latest). 万维网联盟 (W3C). [4 March 2019]. 
  9. ^ W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins. 万维网联盟 (W3C). 4 March 2019 [4 March 2019]. 
  10. ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Lundberg, Emil (编). Web Authentication: An API for accessing Public Key Credentials Level 2 First Public Working Draft. 万维网联盟 (W3C). 4 Jun 2019 [6 Jun 2019]. 


外部連結

检索自“https://zh.wikipedia.org/w/index.php?title=WebAuthn&oldid=64613332