Passwordless authentication was first tested for seamless and secure merchant payments without the use of passwords or pins. It opened a whole new world of authentications giving up the former reliance on traditional passwords. It relied on the W3C Web Authentication (WebAuthn) and Client to Authenticator Protocol (CTAP) standards to use the public key cryptosystem to uniquely attest a user's device and then their identity. These standards comprise of the FIDO authentication standard. As the popularity of passwordless is increasing, more and more users and service providers are adopting to it. However, the concept of device attestation makes it device-specific for a user. It makes it difficult for a user to switch devices. FIDO Passkeys were aimed at solving the same, synchronizing the private cryptographic keys across multiple devices so that the user can perform passwordless authentication even from devices not explicitly enrolled with the service provider. However, passkeys have certain drawbacks including that it uses proprietary end to end encryption algorithms, all keys pass through proprietary cloud provider, and it is usually not very seamless when dealing with cross-platform key synchronization. To deal with the problems and drawbacks of FIDO Passkeys, the paper proposes a novel private key management system for passwordless authentication called Transferable User Secret on Hardware Key (TUSH-Key). TUSH-Key allows cross-platform synchronization of devices for seamless passwordless logins with FIDO2 specifications.

翻译：无密码认证最初是为了实现无需密码或PIN码的顺畅安全商户支付而进行测试的。它开启了全新的认证世界，摒弃了以往对传统密码的依赖。该认证基于W3C Web认证（WebAuthn）和客户端到认证器协议（CTAP）标准，利用公钥密码系统唯一验证用户设备及其身份。这些标准构成了FIDO认证标准。随着无密码认证日益普及，越来越多的用户和服务提供商开始采用这一技术。然而，设备认证的概念使其具有设备特异性，导致用户难以切换设备。FIDO通行密钥旨在解决这一问题，通过跨多设备同步私钥，使用户即便使用未经服务提供商明确注册的设备也能进行无密码认证。但通行密钥存在若干缺陷，包括采用专有端到端加密算法、所有密钥需经专有云服务提供商传输，以及跨平台密钥同步通常不够顺畅。为解决FIDO通行密钥的问题与不足，本文提出一种新颖的无密码认证私钥管理系统——可迁移硬件密钥用户秘密（TUSH-Key）。TUSH-Key支持设备跨平台同步，实现符合FIDO2规范的顺畅无密码登录。