Presentation is loading. Please wait.

Presentation is loading. Please wait.

魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team.

Similar presentations


Presentation on theme: "魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team."— Presentation transcript:

1 魂▪創▪通魂▪創▪通 WebCert - SOP Sangrae Cho Authentication Research Team

2 魂▪創▪通魂▪創▪通 2 Web Browser caserver.com bank.com 3. use certificate (digital signature) 2. Issue certificate 4. Verify certificate Korean banking use case Origin for certificate issue Origin for certificate use 1. Public key pair is generated in the browser.

3 魂▪創▪通魂▪創▪通 3 web client bank.com Wire transfer page for digital signature Wire transfer request Proposed solution Trusted CA List  No trusted CA list – SOP governs Private key belongs to the origin server  Trusted CA list – SOP exception Display any certificate that is issued by trusted CAs Private key belongs to a user The user can prove its ownership by decrypting the encrypted private key

4 魂▪創▪通魂▪創▪通 4 web client Proposed solution Cert NameIssuer cert1bank.com cert2caserver.com Preconditions  Suppose we have javascript API to discover a certificate Certificate [] = getCertificate(String trustedCAList) Certificates belonging to Trusted CA will be returned if trustedCAList provided Certificate belonging to the origin will be return if no trustedCAList provided  The following certificate are issued cert1 = Certificate issued from bank.com cert2 = Certificate issued from caserver.com

5 魂▪創▪通魂▪創▪通 5 web client bank.com 2. Html page for digital signature with no Trusted CA List 1. Wire transfer request Proposed solution  Case 1: No trusted CA list – SOP governs 3. page returned with digital signature for wire transfer  After receiving no. 2 getCertificate(); is executed with no Trusted CA list getCertificate(); returns cert1(issued from bank.com) according to SOP The user signs the page digitally with cert1 related private key and send it to bank.com

6 魂▪創▪通魂▪創▪通 6 web client bank.com 2. Html page for digital signature with Trusted CA List 1. Wire transfer request Proposed solution  Case 2: Trusted CA list – SOP exception 3. page returned with digital signature for wire transfer  After receiving no. 2 getCertificate(); is executed with trustedCAList = “caserver.com” getCertificate(); returns cert2(issued from caserver.com) according to SOP exception The user signs the page digitally with cert2 related private key and send it to bank.com

7 魂▪創▪通魂▪創▪通 7 Thank You


Download ppt "魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team."

Similar presentations


Ads by Google