2.2.1. Registration Phase
As shown in
Figure 1, FIDO2’s registration process involves the user sending a registration request to the RP Server, which then sends a challenge to the authenticator. After biometric verification, the authenticator generates a new key pair and signs the challenge using the private key. The signed challenge and public key are then returned to the RP Server for verification and storage. Authenticators can be biometric devices, smart cards, USB keys, or mobile devices used for identity verification, while the RP Server is responsible for registering and authenticating user identities. ECDSA is used in this process, providing efficient and secure digital signatures based on elliptic curve cryptography [
11,
12,
13]. Below is a description of the eight steps based on the registration process diagram.
Step 1. Registration request:
When a user wants to register an authenticator, the browser initiates a registration request and sends the UserAccount to the RP Server. During this process, it is recommended to collect aliases for the authenticators. Aliases can help users easily identify them when multiple authenticators are registered.
Step 2. Generating PublicKeyCredentialCreationOptions:
Upon receiving the registration request from the browser, the RP Server generates a challenge and creates an empty object called PublicKeyCredentialCreationOptions. This object contains information related to User Info, RP Info, and the required credential types.
User Info includes relevant data about the user account, where the userAccount can be associated with the credential by the authenticator. This association enables the verification of the user’s identity when using the same userAccount and authenticator for future authentication purposes. RP Info refers to the organization or service responsible for registering and authenticating users.
Step 3. Generating clientData:
When the browser receives the relevant information, it verifies whether the rpId in RP Info matches the origin (original URL). If the verification is successful, then the browser generates clientData, which is a piece of data generated by the browser, as shown in
Table 1. It includes the origin, challenge, and type. Its significance lies in preventing phishing attempts and replay attacks. After generating clientData, it is hashed, and then the RP Info, User Info, and clientDataHash are passed to the authenticator.
Step 4. Verifying user identity:
After receiving the RP Info, User Info, and clientDataHash, the authenticator performs biometric authentication on the user. Once the authentication is successful, the authenticator creates a new pair of asymmetric keys and stores the private key within the authenticator. The public key becomes part of the attestation. The private key is then used to sign the clientDataHash and attestation.
Step 5. Returning attestationObject and clientData to the browser:
After generating the PublicKey, CredentialID, and other attestation data, they are combined to form the
attestationObject, which is then sent to the browser along with the clientDataHash. The contents of the attestationObject are shown in
Table 2.
Step 6. Generating PublicKeyCredential:
The browser parses the clientDataHash and attestationObject, and generates the PublicKeyCredential, which is then returned to the RP Server for verification. During the registration phase, the
PublicKeyCredential is created using the “publicKey” option, allowing for the creation of a new Credential. The structure of the PublicKeyCredential is shown in
Table 3.
Step 7. Verification:
The RP Server extracts the public key from the authData field of the PublicKeyCredential and verifies the correctness of the signature in the attStmt of the attestationObject. It also validates the integrity of the clientDataHash.
After validating the signature, the RP Server will further verify if the challenge in the clientData matches the original request, if the origin is correct, and if the type is set to “create” These validations ensure that the registration process is authentic. Once the validation is complete, the RP Server will store the PublicKey, CredentialID, and aaguid in the database, associating them with the user’s account.
Step 8. Returning registration result:
Finally, the RP Server will return the registration result to the browser, completing this registration process.
2.2.2. Login Phase
Figure 2 depicts the authentication architecture of FIDO2. During the authentication process, the user selects a previously registered security key for identity verification. When the user wants to log in using the FIDO2 security key, the RP Server generates a challenge and sends it to the authenticator device. The authenticator device verifies the user’s identity using methods such as biometrics or a PIN. Upon successful authentication, the device uses its private key to sign the challenge and sends it back to the RP Server. The RP Server then verifies the signature using the corresponding public key and checks if the request is from an authorized user. Below is a description of the eight steps based on the login process diagram.
Step 1. Login request:
When a user requests to log in, the browser initiates a login request and sends the UserAccount to the RP Server.
Step 2. PublicKeyCredentialRequestOptions:
The RP Server creates a PublicKeyCredentialRequestOptions and returns it to the browser, which includes the challenge, allowCredentials, and other parameters. Among them, allowCredentials lists the previously registered credential list to perform the authentication process, as shown in
Table 4.
Step 3. Verifying origin:
When the browser receives the relevant information, it verifies whether the rpId in RP Info matches the origin. If the verification is successful, then the browser generates clientData, which is data generated by the browser and has the same content as the one generated during registration. clientData includes origin, challenge, and type. After generating clientData, it is hashed, and then rpId and clientDataHash, along with other information, are passed to the authenticator.
Step 4. Verifying user identity:
During the identity verification process, the authenticator searches for a Credential that matches the rpId and performs user authentication through methods such as biometric verification. Once the authentication is successful, the authenticator creates a new assertion. The authenticator uses the private key generated during registration for this account to sign the clientDataHash and authenticatorData.
Step 5. Returning the signed information to the browser:
The authenticator sends the authenticatorData, clientDataHash, and the signature to the browser. The signature is generated by signing the concatenation of the authenticatorData and clientDataHash.
Step 6. Generating PublicKeyCredential:
The browser parses the authenticatorData, clientDataHash, and signature and constructs a PublicKeyCredential object. This object is then returned to the RP Server for verification. The PublicKeyCredential differs from the one used during registration in that it includes the signature but does not include the public key. Refer to
Table 5 for the structure of the PublicKeyCredential.
Step 7. Parsing and verification:
The RP Server retrieves the public key from its database and performs signature verification.
Also, it confirms whether the challenge signed by the authenticator matches the challenge generated by the RP Server, and verifies whether the rpId matches the expected value.
Step 8. Returning result:
Finally, the RP Server will return the verification result to the browser to complete the authentication process.