PKI (ITU X.509) for On-line & Off-line

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Achieving online trust through Mutual Authentication.

Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:

Bio Digital Signature "Multipurpose Smart ID Card with PKI“

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Research, Development, and Evaluation Commission Department of Information Management Research, Development, and Evaluation Commission The Executive Yuan,

European Electronic Identity Practices Country Update of …………… Speaker: Date:

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Statistical data on the banks’ payment systems in Finland April 2012.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

UbIdentity Ubiquitous Identity Management in the Cloud 20/03/2014 Dan BUTNARU Product Line Manager Trusted Identity.

SWIFT goes “Cloud” - What´s in it for Corporates? Stephan Kraft, Senior Account Director, SWIFT.

JAIPUR 16 DEC 08 TECHNOLOGY FOR FINANCIAL INCLUSION Indian Institute of Banking & Finance N D RAO.

© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.

PIV Data Model Testing Ketan Mehta March 3, 2006.

FIT3105 Smart card based authentication and identity management Lecture 4.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Smart Card Development in Hong Kong SIMmate 2000 Product Launch 28 November 2000 Dr LM Cheng Director Smart Card Design Center Dept. of Electronic Engineering.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.

Unit 5 BANKING –Banking Basics

Do Now: Banking Basics By the end of this block you should have an understanding of personal banking services and how they can benefit you.

Security-Authentication

魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.

EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

COUNTRY XXX European Electronic Identity Practices Country Update of XXX Speaker: Date: 11 May 2006.

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.

Secure Electronic Transaction (SET)

Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Slovenian Governmental Certification Authority Dr. Aleš Dobnikar Government Centre for informatics of the Republic of Slovenia 4th Business and Government.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

1 / 14 FIDIS 2 nd WS WP2 – Fontainebleau, December 2004 Identity in the Ambient Intelligence Environment Sabine Delaitre.

Module 9: Fundamentals of Securing Network Communication.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

BIOMETRICS FOR RECOGNITION. Presentation Outlines  Traditional methods of security  Need for biometrics  Biometrics recognition techniques  How biometrics.

Biometrics Authentication Technology

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Biometric Technologies

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

1 Thuy, Le Huu | Pentalog VN Web Services Security.

ITU K ALEIDOSCOPE 2013 October 18, 2012 G RIFFIN – A PRIL 2013 IEEE Global Communications 2015 Conference IoTAAL Workshop - Sunday, December 6, 2015 Security.

European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

1 1 Patented QR code solutions James Wu We Simplify Security.

Jason Kuo APSCA October 29, 2010 Convergence and cross usage of secure elements for mobile PKI and secure mobile contactless services.

Slide 1 EC-DC © ITU Telecommunication Development Bureau (BDT). All Rights Reserved. AFRINET2000 The Africa Internet Summit & Exhibition Abuja,

Electronic Banking & Security Electronic Banking & Security.

Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.

New Trends, Standards and Regulation on eID in the Public Domain Detlef Houdeau ICME EuroForum,

Digital Identity and My Data as Business Enablers 1 My Pekka Turpeinen, Business Architect.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Bio Digital Signature "Multipurpose Smart ID Card with PKI“

eIDAS in Europe, eID in The Netherlands & Germany

The Future Digital Identity Landscape in Europe Stefane Mouille/Detlef Houdeau World eID Congress, 27th of Sep. 2017, Marseille, France.

Authentication.

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

E-cert (Digital Certificate)

SOLUTION ID CARDS AND DRIVER’S LICENSES

K!M SAA LOGICAL SECURITY Strong Adaptive Authentication

e-Security Solutions Penki Kontinentai Vladas Lapinskas

PKI (Public Key Infrastructure)

Presentation transcript:

PKI (ITU X.509) for On-line & Off-line "IoT Authentication for Emergency & Offline Payment during Earthquake, Power Disruption, Typhoon” Unho Choi, Ph.D. UNHCR

Offline e-Gov. + Disaster Situation International Donation ? UNHCR Cash ? Global Fund ? WFP electronic cards ? NGO ? ATM ? POS ? Bank ? IoT Authentication ? Copyright © Unho Choi 2015

FIDO Alliance

Bio Sensor + PKI = Secure Domain (FIDO) Tokenization with Dynamic code(OTP) = ? “B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58” Authentication Server

APPLE PKI ?

PKI – DEVELOPING COUNTRY Mongolia Nigeria, Kenya …… Iran ICAO, e-UNLP …… Morocco Equator Vietnam Philippines Rwanda Jordan Costa Rica Brunei Iraq Egypt Cameroon Indonesia Kenya US, France, Sweden, Germany, Turkey, Norway …… Panama completed Proceeding Started

Public Key Certificate Public Key Certificate PKI (ITU X.509) Public Key Certificate Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature Extended Validation (Empty) < Before user registration > Public Key Certificate Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature Extended Validation Biometric Code + at least one of Additional Code < After user registration > “B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58 Bar Code/ QR / UPC / RFID / URL /CRL / PUF/ GS1/ GSIN / IPv6 / MAC / MAC/ Cryptographic hash functions address/ unique identification information etc. Copyright © Unho Choi May 2015

Morpho – Infineon Workshop on eID 2013-08-22 Muiti Application on e-ID Multi App 1 App 3 App´s 5 App´s 10 App´s eService eService eHealth eTicketing eService eDL eGate eBanking eLibrary eID eService eHealth eTicketing ATM eDL ePurse eGates Travel document Finland FINID Italy CNS Hong Kong HKSAR Malaysia MyKad Example Copyright © Infineon Technologies AG 2013. All rights reserved.

Sample Nigeria - CHIP DESIGN

UBIQUITOUS AUTHENTICATION MANAGEMENT National ID PKI + Data Driver License Medical e-Voting Pension Passport ICAO Tax Physical Access /Smart Car PC/ Cloud Logon Smart Phone / Smart Home Physical unclonable functions IoT Authentication ? Copyright © Unho Choi May 2015

Diverse combinations of Biometrics Multi Bio Combination ? Diverse combinations of Biometrics Combination 2 more finger Combination 1 finger + IRIS Combination Iris + Vein Combination Iris + Facial Combination Finger+ Sign Combination Voice+ Facial Combination with each Palm/ Blood / Voice / DNA / Keystroke etc. Allocated purpose of use Application Services Bank/ Credit Card Payment Government Internet Cloud Car IoT 911 Emergency Allocated purpose of use Emergency Reset Recover 911 Copyright © Unho Choi May 2015

IoT Authentication Key for Smart Phone IoT Network Communication Terminal Centralized Controller IoT Service Provicer Emergency Recover Reset 911 Copyright © Unho Choi May 2015

IoT Authentication Key for National ID ? Centralized Controller IoT Network Smart Card Communication Terminal IoT Service Provicer Emergency Recover Reset 911 Copyright © Unho Choi May 2015 Copyright © Unho Choi May 2015

IoT Authentication Code ? Biometrics UPC/EPC Biometrics (b) PAN Biometrics (c) PUF Biometrics (d) Dynamic Signature Biometrics (e) Activity feature Biometrics (f) UPC/EPC Biometrics PAN (g) UPC/EPC Biometrics PAN PUF (h) UPC/EPC Biometrics PAN PUF (i) Dynamic Signature Copyright © Unho Choi May 2015

IoT Authentication Code Format B9E2995B2B7602AE825CE7DE819F10F088419E595A9AA Biometric code UPC/EPC PAN code PUF code (j) B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58 Biometric code UPC/EPC PAN code PUF code (k) OTP Emergency Recover Reset 911 Copyright © Unho Choi May 2015 Copyright © Unho Choi May 2015

On-line & Off-line 1st Public Key for on-line at Authentication Server Online application (with GEO location / GPS) Bank Credit Card e-Government Internet Cloud 1st Public Key for on-line at Authentication Server Off-line application support for each service etc. by Government & Financial Authority Bio Sensor on ATM for cash withdrawal etc. Bio Sensor on POS for buy food etc. Bio Sensor on Centralized Controller for control IoT Devices etc. Bio Sensor on Smart Card/Phone for control Smart Car etc. 2nd Public Key for off-line for ATM, POS, Centralized Controller, Phone/Card Store with Private Key at Secure Domain (IC Chip) Copyright © Unho Choi May 2015

(Certificate Authority) Key Distribution United Nations UN CA (Certificate Authority) Public Key Private Key “B9E2995B2B7602AE825CE7DE819F10F Bank WFP Global Fund UNDP Public Key Public Key Public Key Public Key ATM, POS (Off-line) Public Key Private Key Copyright © Unho Choi May 2015

Operation Process Copyright © Unho Choi May 2015 Biometrics data acquisition module Biometrics data management module Key management module Biometric authentication module VPN management module Authentication execution module OTP generation module Device data acquisition module Copyright © Unho Choi May 2015

Q&A “ Take chain of Mountain view ” Unho Choi Ph.D., CGEIT, CRISC, ISO 27001, CISSP, PMP choi@unhcr.org