魂▪魂▪魂 Authentication Research Team 2014 2014. 9. 10. Digital Certificate and Beyond Sangrae Cho Authentication Research Team
Dec 23, 2015
魂▪創▪通
Authentication Research Team 2014
2014. 9. 10.
Digital Certificate and Beyond
Sangrae ChoAuthentication Research Team
魂▪創▪通
Authentication Research Team 2014 2
Web Browser caserver.com
bank.com
3. use certificate (digital signature)
2. Issue certificate
4. Verify certificate
Korean banking use case
1. Public key pair is generated in the browser.
魂▪創▪通
Authentication Research Team 2014
ActiveX based Service
3
CertificationAuthority
③ Req. for Cert
② Install ActiveX① Service Req.
④ Issue Cert
Web Browser
Internet Banking
ActiveX for Certificate Management
Install
⑤ Digital Signature
魂▪創▪通
Authentication Research Team 2014
ActiveX realted Issues
4
ActiveX ProgramsCertificate ManagementKeyboard protectionPersonal filewall and anti-virusWeb secure channel
Related IssuesOnly works for IEWeak for malicious program attackUser inconvenienceNot mobile friendly
魂▪創▪通
Authentication Research Team 2014
Web based Digital Certificate Service
5
Storage Devices
Desktop PC
Smart Authentication(USIM, NFC-Credit
Card)
CAIssuing Certi fi cate
Relying Party(Onl ine banking ,
e-Gov)
Smartphone
APP
Web Server
JavaScript based HTML5
Issue a certificate Use the certificate
Web Browser
魂▪創▪通
Authentication Research Team 2014
Web based Approach
6
Web Browser
Crypto Library
Cert and Key Store
Storage Library
Storage APIWebCrypto API
Cert. Manager in Java Script
CMP PCKS7
Certificate Manager
WebCrypto API for Crypto fucntions
HTML5 for storage and communication
CMP for certificate issuing and PKCS7 for digital signature implemented in JavaScript
魂▪創▪通
Authentication Research Team 2014
TouchSign
7
TouchSign GUI
PKCS#11
MobileCMP
ServiceUX
FMSDController
SmartCardController
MSDDriver
NFCDriver
P2P
Web
Financial MicroSD
SmartCard with Certificate
TouchSign App
Smartcard solution for Financial ServicesSecure storage for digital
certificatesDigital Signature with NFCUser Authentication
魂▪創▪通
Authentication Research Team 2014
TouchSign Applications
8
Online Banking Credit Card Subscription
Subscription Device
User’s Card
User’s Phone
Banking Site
Money Transfer
User Authentication
Digital Singing
Money transfer in online bankingcan be done with TouchSign
• User Authentication• Digital Signature
Subscription for Credit Cardcan be done with TouchSign
• Digital Signature
魂▪創▪通
Authentication Research Team 2014
Digital Certificate with FIDO
9
Digital Certificateissued to Authenticator
魂▪創▪通
Authentication Research Team 2014
Hands-Free Payment Service
10
Beacon-based Service
Hands-Free Payment
NeedsEnhancedSecurity…
Securecheck-in
PersonalizationService
CardlessPayment
魂▪創▪通
Authentication Research Team 2014
Requirements for standard
11
Storage management for WebCrypto.Next Standard API for Hardware Tokens Standard API for communications such as NFC, Bluetooth
魂▪創▪通
Authentication Research Team 2014 12
Thank You