28. 28
登録フロー(概略)
Authenticator Client Relying party
challenge, userInfo
challenge, RP ID, userInfo
counter++
counter, Kpub, attestCert, attestSign(C, etc)
counter, C, S, etc
KpubAttstでSを検証
Kpubを保管
RP IDの検証
C
S
鍵ペアを生成
(Kpriv, Kpub)
29. 29
認証フロー(概略)
Authenticator Client Relying party
C
S
KpubでSを検証
RP IDなどの検証
鍵ペアの検索
Kprivで署名
counter++
counter, signature(C, etc)
counter, C, S
challenge, RP ID, userInfo
challenge, userinfo
Kpubを取り出す
32. 32
リプレイアタック対策(認証)
Authenticator Client Relying party
C
S
counter, signature(C, counter)
counter, C, S
challenge, RP ID
challenge
Kpubを取り出す
Kprivで署名
counter++
KpubでSを検証
RP Idの検証
counterの検証
33. 33
RP固有の鍵ペア(認証)
Authenticator Client Relying party
C
S
Kprivで署名
counter++
counter, signature(C, etc)
counter, C, S
challenge, RP ID, userInfo
challenge, userinfo
鍵ペアの検索
KpubでSを検証
RP Idなどの検証
Kpubを取り出す
34. 34
RP固有の鍵ペア(登録)
Authenticator Client Relying party
challenge, userinfo
challenge, RP ID, userInfo
counter++
counter, Kpub, signature(C, Kpub, etc)
counter, C, S, etc
KpubでSを検証
RP ID, counterを検証
C
S
鍵ペアを生成
(Kpriv, Kpub)
35. 35
Attestation(登録)
Authenticator Client Relying party
challenge, userinfo
challenge, RP ID, userInfo
counter++
counter・Kpub・attestCert・attestSign(C, etc)
counter, C, S, etc
C
S
鍵ペアを生成
(Kpriv, Kpub)
KpubAttstと
KpubでSを検証
RP Idなどの検証