Presentation on theme: "魂▪創▪通魂▪創▪通 2013. 7. 19. WebCert - SOP Sangrae Cho Authentication Research Team."— Presentation transcript:
魂▪創▪通魂▪創▪通 WebCert - SOP Sangrae Cho Authentication Research Team
魂▪創▪通魂▪創▪通 2 Web Browser caserver.com bank.com 3. use certificate (digital signature) 2. Issue certificate 4. Verify certificate Korean banking use case Origin for certificate issue Origin for certificate use 1. Public key pair is generated in the browser.
魂▪創▪通魂▪創▪通 3 web client bank.com Wire transfer page for digital signature Wire transfer request Proposed solution Trusted CA List No trusted CA list – SOP governs Private key belongs to the origin server Trusted CA list – SOP exception Display any certificate that is issued by trusted CAs Private key belongs to a user The user can prove its ownership by decrypting the encrypted private key
魂▪創▪通魂▪創▪通 5 web client bank.com 2. Html page for digital signature with no Trusted CA List 1. Wire transfer request Proposed solution Case 1: No trusted CA list – SOP governs 3. page returned with digital signature for wire transfer After receiving no. 2 getCertificate(); is executed with no Trusted CA list getCertificate(); returns cert1(issued from bank.com) according to SOP The user signs the page digitally with cert1 related private key and send it to bank.com
魂▪創▪通魂▪創▪通 6 web client bank.com 2. Html page for digital signature with Trusted CA List 1. Wire transfer request Proposed solution Case 2: Trusted CA list – SOP exception 3. page returned with digital signature for wire transfer After receiving no. 2 getCertificate(); is executed with trustedCAList = “caserver.com” getCertificate(); returns cert2(issued from caserver.com) according to SOP exception The user signs the page digitally with cert2 related private key and send it to bank.com