Enhanced PKI authentication with trusted product at claimant

- A data structure to enhance PKI (Public Key Infrastructure) authentication is proposed.
- With the data structure, the PKI authentication server can distinguish the execution environment of PKI authentication.
- The proposal covers all of the use cases of private key, activated with passphrase or biometrics, generated with biometrics.

In this paper, a data structure to enhance PKI (Public Key Infrastructure) authentication is proposed generalizing the concept of ISO/IEC 24761. Current technologies do not provide sufficient information on products which are used in the authentication process at the Claimant to the Verifier. As a result, the Verifier cannot sufficiently distinguish the authentication result executed with a trusted product from that without a trusted product. The difference is made clear if evidence data of the execution of authentication process at the Claimant are generated by the trusted product and used for verification by the Verifier. Data structure for such data is proposed in this paper as client Authentication Context (cAC) instance. Relation to other works and extension of the proposal where biometrics is used are also described for further improvement of PKI authentication. For this proposal to realize, standardization activities are to be considered as the next steps.