為了防範在網路上開啟會議時遭到竊聽的風險，會議參與者應共同建立一把會議金鑰 （conference key），用以加密通訊內容。透過會議金鑰的建立，可以讓會議參與者使用大家共同產生的會議金鑰加密傳輸訊息，以確保傳遞的訊息不會遭到駭客或非法使用者篡改，由於訊息經過加密，即便是遭到竊聽，沒有正確的金鑰，也無法將訊息還原。
過去會議參與者之身分識別皆是用難以記憶長度之金鑰值進行鑑別，因此如何迅速的確認身分真實性且讓其他同樣擁有會議金鑰之參與者知曉身分是個值得研究的方向。
本論文設計結合線上快速身分識別 （fast identity online，FIDO）標準之身分識別機制，使參與者能夠利用FIDO機制登入，透過使用者之行動裝置進行生物識別機制來鑑別身分，讓使用者能自行保管與使用私鑰，以避免因密碼遺失或洩漏而無法取回私鑰之問題。

When we hold an online conference, there are some security risks, such as eavesdropping and interception happening during the communication. In order to reduce the risks mentioned above, it is necessary for all participants to establish a conference key to encrypt the entire communication during the conference. With this kind of conference key, we can encrypt messages and prevent hackers or illegal users from tampering with. Moreover, encrypted messages cannot be recovered by hackers or illegal users without the correct key even if they eavesdrop the communication.
In the past, every conference participant used a key value which is too long to remember as an identity authentication, and could not identify each other. Therefore, how to quickly authenticate and identify each other by the same conference key is worthy of study.
In the research, we will introduce the FIDO（fast identity online） standard and combine it with an identity identification mechanism by biometric login. By doing so, users can keep and use their private keys by themselves, and the problem of private keys loss caused by password missing or leakage can be solved.

[1] C. C. Chang, T. C. Wu and C. P. Chen, "The design of a conference key distribution system," Advances in Cryptology — AUSCRYPT, 1992, pp. 457-466
[2] W. Diffie and M.E. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, Vol. 22, No. 6, 1976, pp. 644-654
[3] T. ElGamal, "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, Vol.IT-31, No. 4, 1985, pp. 469-472
[4] D. Florencio, and C. Herley, "A large-scale study of web password habits," in Proceedings of the 16th international conference on World Wide Web — WWW'07, 2007, pp. 657-666
[5] FIDO Alliance — UAF Specification: "FIDO AppID and Facet Specification", Retrieved 2017, from: https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-appid-and-facets-v1.2-rd-20171128.html
[6] FIDO Alliance — UAF Specification: "FIDO UAF Architectural Overview", Retrieved 2020, from: https://fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/fido-uaf-overview-v1.2-ps-20201020.html
[7] FIDO Alliance — UAF Specification: "FIDO UAF Protocol Specification", Retrieved 2020, from: https://fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/fido-uaf-protocol-v1.2-ps-20201020.html
[8] FIDO Alliance — White Paper: "The FIDO Alliance Whitepaper on FIDO 1.0 Final Specifications,"" Retrieved 2014, from: https://media.fidoalliance.org/wp-content/uploads/FIDOMessagingWPv1.pdf
[9] FIDO Alliance — White Paper: "FIDO UAF and PKI in Asia – Case Study and Recommendations," Retrieved 2019, from: https://fidoalliance.org/white-paper-fido-uaf-and-pki-in-asia-case-study-and-recommendations
[10] M. Girault, "Self-certified public keys," Advances in Cryptology — EUROCRYPT '91, 1991, pp. 490-497
[11] C. Gunther, "An identity-based key-exchange protocol," Advances in Cryptology — EUROCRYPT'89, Lecture notes in computer science 434, 1990, pp. 29-37
[12] T. Hwang and J. L. Chen, "Indentity-Based Conference Key Broadcast System," IEE processing Computers and Digital Techniques, Vol. 141, No. 1, 1994, pp. 57- 60
[13] I. Ingemarsson, D. Tang and C. Wong, "A conference key distribution system," IEEE Transactions on Information Theory, 1982, pp. 714-720
[14] K. Koyama, and K. Ohta, "Identity-based conference key distribution systems," Advances in cryptology — CRYPTO'87, 1987, pp. 175-184
[15] C. S. Laih and S. M. Yen, "On the design of conference key distribution systems for the broadcasting networks," IEEE INFOCOM'93, 1993, pp.1406-1413
[16] E.H. Lu, W.Y. Hwang, L. Harn and J.Y. Lee, "A conference key distribution system based on the LaGrange interpolating polynomial," IEEE INFOCOM'88, 1988, pp.1092-1094
[17] NIST FIPS PUB 180, "Secure Hash Standard, "National Institute of Standards and Technology, U.S. Department of Commerce, DRAFT, 1993
[18] R. Rivest, A. Shamir and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communi-cations of the ACM, Vol. 21, No. 2, 1978, pp. 120-126
[19] A. Shamir, "Identity-based cryptosystems and signature schemes," Advances in Cryptology — CRYPTO'84, Lecture notes in computer science 196, 1985, pp. 47-53
[20] M. Steiner, G. Tsudik and M. Waidner, "Diffie-Hellman key distribution extended to group communication," Proceedings of the 3rd ACM conference on Computer and communications security, 1996, pp. 31-37
[21] Y.M. Tseng and J.K. Jan, "Anonymous conference key distribution systems based on the discrete logarithm problem," Computer Communications, Vol. 22, 1999, pp. 749-754
[22] G. Tsudik, "Message Authentication with One-Way Hash Functions," ACM SIGCOMM Computer Communication Review, vol. 22, 1992, pp.29-38.
[23] W. G. Tzeng, and Z. J. Tzeng, "Round-Efficient Conference Key Agreement Protocols with Provable Security," Advances in Cryptology — ASIACRYPT'2000, 2000, pp. 614-627
[24] T.C. Wu and Y.S. Yeh, "A conference key distribution system based on cross-product," Computers & Mathematics with Applications, Vol. 25, 1993, pp. 39-46
[25] C.C. Yang, T.Y. Chang, M.S. Hwang, "A new anonymous conference key distribution system based on the elliptic curve discrete logarithm problem," Computer Standards & Interfaces, Vol. 25, 2003, pp. 141-145