Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI (ITU X.509) for On-line & Off-line

Published byJonah Lamb Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI (ITU X.509) for On-line & Off-line"— Presentation transcript:

1 PKI (ITU X.509) for On-line & Off-line
"IoT Authentication for Emergency & Offline Payment during Earthquake, Power Disruption, Typhoon” Unho Choi, Ph.D. UNHCR

2 Offline e-Gov. + Disaster Situation
International Donation ? UNHCR Cash ? Global Fund ? WFP electronic cards ? NGO ? ATM ? POS ? Bank ? IoT Authentication ? Copyright © Unho Choi 2015

3 FIDO Alliance

4 Bio Sensor + PKI = Secure Domain (FIDO)
Tokenization with Dynamic code(OTP) = ? “B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58” Authentication Server

5 APPLE PKI ?

6 PKI – DEVELOPING COUNTRY
Mongolia Nigeria, Kenya …… Iran ICAO, e-UNLP …… Morocco Equator Vietnam Philippines Rwanda Jordan Costa Rica Brunei Iraq Egypt Cameroon Indonesia Kenya US, France, Sweden, Germany, Turkey, Norway …… Panama completed Proceeding Started

7 Public Key Certificate Public Key Certificate
PKI (ITU X.509) Public Key Certificate Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature Extended Validation (Empty) < Before user registration > Public Key Certificate Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature Extended Validation Biometric Code + at least one of Additional Code < After user registration > “B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58 Bar Code/ QR / UPC / RFID / URL /CRL / PUF/ GS1/ GSIN / IPv6 / MAC / MAC/ Cryptographic hash functions address/ unique identification information etc. Copyright © Unho Choi May 2015

8 Morpho – Infineon Workshop on eID
Muiti Application on e-ID Multi App 1 App 3 App´s 5 App´s 10 App´s eService eService eHealth eTicketing eService eDL eGate eBanking eLibrary eID eService eHealth eTicketing ATM eDL ePurse eGates Travel document Finland FINID Italy CNS Hong Kong HKSAR Malaysia MyKad Example Copyright © Infineon Technologies AG All rights reserved.

9 Sample Nigeria - CHIP DESIGN

10 UBIQUITOUS AUTHENTICATION MANAGEMENT
National ID PKI + Data Driver License Medical e-Voting Pension Passport ICAO Tax Physical Access /Smart Car PC/ Cloud Logon Smart Phone / Smart Home Physical unclonable functions IoT Authentication ? Copyright © Unho Choi May 2015

11 Diverse combinations of Biometrics
Multi Bio Combination ? Diverse combinations of Biometrics Combination 2 more finger Combination 1 finger + IRIS Combination Iris + Vein Combination Iris + Facial Combination Finger+ Sign Combination Voice+ Facial Combination with each Palm/ Blood / Voice / DNA / Keystroke etc. Allocated purpose of use Application Services Bank/ Credit Card Payment Government Internet Cloud Car IoT 911 Emergency Allocated purpose of use Emergency Reset Recover 911 Copyright © Unho Choi May 2015

12 IoT Authentication Key for Smart Phone
IoT Network Communication Terminal Centralized Controller IoT Service Provicer Emergency Recover Reset 911 Copyright © Unho Choi May 2015

13 IoT Authentication Key for National ID ?
Centralized Controller IoT Network Smart Card Communication Terminal IoT Service Provicer Emergency Recover Reset 911 Copyright © Unho Choi May 2015 Copyright © Unho Choi May 2015

14 IoT Authentication Code ?
Biometrics UPC/EPC Biometrics (b) PAN Biometrics (c) PUF Biometrics (d) Dynamic Signature Biometrics (e) Activity feature Biometrics (f) UPC/EPC Biometrics PAN (g) UPC/EPC Biometrics PAN PUF (h) UPC/EPC Biometrics PAN PUF (i) Dynamic Signature Copyright © Unho Choi May 2015

15 IoT Authentication Code Format
B9E2995B2B7602AE825CE7DE819F10F088419E595A9AA Biometric code UPC/EPC PAN code PUF code (j) B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58 Biometric code UPC/EPC PAN code PUF code (k) OTP Emergency Recover Reset 911 Copyright © Unho Choi May 2015 Copyright © Unho Choi May 2015

16 On-line & Off-line 1st Public Key for on-line at Authentication Server
Online application (with GEO location / GPS) Bank Credit Card e-Government Internet Cloud 1st Public Key for on-line at Authentication Server Off-line application support for each service etc. by Government & Financial Authority Bio Sensor on ATM for cash withdrawal etc. Bio Sensor on POS for buy food etc. Bio Sensor on Centralized Controller for control IoT Devices etc. Bio Sensor on Smart Card/Phone for control Smart Car etc. 2nd Public Key for off-line for ATM, POS, Centralized Controller, Phone/Card Store with Private Key at Secure Domain (IC Chip) Copyright © Unho Choi May 2015

17 (Certificate Authority)
Key Distribution United Nations UN CA (Certificate Authority) Public Key Private Key “B9E2995B2B7602AE825CE7DE819F10F Bank WFP Global Fund UNDP Public Key Public Key Public Key Public Key ATM, POS (Off-line) Public Key Private Key Copyright © Unho Choi May 2015

18 Operation Process Copyright © Unho Choi May 2015
Biometrics data acquisition module Biometrics data management module Key management module Biometric authentication module VPN management module Authentication execution module OTP generation module Device data acquisition module Copyright © Unho Choi May 2015

19 Q&A “ Take chain of Mountain view ” Unho Choi
Ph.D., CGEIT, CRISC, ISO 27001, CISSP, PMP

Download ppt "PKI (ITU X.509) for On-line & Off-line"

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Achieving online trust through Mutual Authentication.

Achieving online trust through Mutual Authentication.
Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:

Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:
Bio Digital Signature Multipurpose Smart ID Card with PKI“

Bio Digital Signature "Multipurpose Smart ID Card with PKI“
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Research, Development, and Evaluation Commission Department of Information Management Research, Development, and Evaluation Commission The Executive Yuan,

Research, Development, and Evaluation Commission Department of Information Management Research, Development, and Evaluation Commission The Executive Yuan,
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Statistical data on the banks’ payment systems in Finland 2002-2011 25 April 2012.

Statistical data on the banks’ payment systems in Finland April 2012.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
UbIdentity Ubiquitous Identity Management in the Cloud 20/03/2014 Dan BUTNARU Product Line Manager Trusted Identity.

UbIdentity Ubiquitous Identity Management in the Cloud 20/03/2014 Dan BUTNARU Product Line Manager Trusted Identity.
SWIFT goes “Cloud” - What´s in it for Corporates? Stephan Kraft, Senior Account Director, SWIFT.

SWIFT goes “Cloud” - What´s in it for Corporates? Stephan Kraft, Senior Account Director, SWIFT.
JAIPUR 16 DEC 08 TECHNOLOGY FOR FINANCIAL INCLUSION Indian Institute of Banking & Finance N D RAO.

JAIPUR 16 DEC 08 TECHNOLOGY FOR FINANCIAL INCLUSION Indian Institute of Banking & Finance N D RAO.
© Copyright IBSP – IBSP Hong Kong Ltd 2010 www.ibsp.net Internet Business Service Provider.

© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.
PIV Data Model Testing Ketan Mehta March 3, 2006.

PIV Data Model Testing Ketan Mehta March 3, 2006.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Smart Card Development in Hong Kong SIMmate 2000 Product Launch 28 November 2000 Dr LM Cheng Director Smart Card Design Center Dept. of Electronic Engineering.

Smart Card Development in Hong Kong SIMmate 2000 Product Launch 28 November 2000 Dr LM Cheng Director Smart Card Design Center Dept. of Electronic Engineering.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 9 Micropayments I.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.

Similar presentations

Ads by Google