Secure Elements and W3C L. Castillo 06/16/15.

Slides:



Advertisements
Similar presentations
1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.
Advertisements

Multi-Application in Smart Card-based Devices Christophe Colas, Chief Software Architect August 2002.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
Internet of Things Security Architecture
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Dongyan Wang GlobalPlatform Technical Program Manager
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
Identity and Access IDGo Secure (ISE) for Android Didier Bonnet April 2015.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.
Athena Smartcard Solutions June 2009 Smart Card Technology and Security Leaders.
魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.
Authentication Beyond Authentication - an e-banking and e-government perspective - Sean Michael Wykes CTO - Nascent Technology Consultants
Certificate and Key Storage Tokens and Software
Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.
Proposal for the support of connected and proximity crypto HW in browsers Philip Hoyer – Director Strategic Innovation January 2015 Presentation Title.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
IA: Week 1 Trust & Threats Trust Models Threats and Vulnerabilities Threat Profiles.
Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.
PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
Hardware Token Support for the Web Analysis of the W3C Workshop on Authentication, Hardware Tokens and Beyond.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
·
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
, Josef NollNISnet NISnet meeting Mobile Applied Trusted Computing Josef Noll,
Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.
Leveraging UICC with Open Mobile API for Secure Applications and Services.
Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
Admin API for Secure Environment Group Name: SEC Source: Giesecke & Devrient Meeting Date:
GP Confidential GlobalPlatform’s Modular Approach to its Compliance and certification.
Hardware-based secure services past and future Olivier POTONNIEE, Aurélien COUVERT, Virginie GALINDO April 2016.
Jason Kuo APSCA October 29, 2010 Convergence and cross usage of secure elements for mobile PKI and secure mobile contactless services.
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
1 1 Social Security Platform James Wu We Simplify Security.
Google. Android What is Android ? -Android is Linux Based OS -Designed for use on cell phones, e-readers, tablet PCs. -Android provides easy access to.
Google App Engine. Contents Overview Getting Started Databases Inter-app Communications Modes.
Identity Standards Architect, Microsoft
SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.
Electronic Commerce Smartcards
Android Application -Architecture.
AGENDA Introduction Kind of information smart card contain
Architecture of Android
ANDROID AN OPEN HANDSET ALLIANCE PROJECT
Windows Azure AppFabric
Creating Secure Consumer Experience through W3C PR API
SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.
Secure Element API An introduction.
October 27, 2016 EMV 3DS Seizing the opportunity to enhance security and deliver a great consumer experience September 22, 2018.
Custom Mobile App Development Company
FUEL MONITORING SYSTEM. WHAT IS FUEL MONITORING SYSTEM?FUEL MONITORING SYSTEM  Fuel-management systems are used to maintain and monitor fuel consumption.
Cesar Lomeli.
Enhancing Web Application Security with Secure Hardware Tokens
Cesar Lomeli.
NAAS 2.0 Features and Enhancements
PLUG-N-HARVEST ID: H2020-EU
Web Authentication and other security services
The Evolution of Secure Two Factor Authentication
Top Reasons to Choose Android Today. Over the years the Android OS has progressed largely by acquiring major percent of global market share. A number.
Top Reasons to Choose Android Today. Over the years the Android OS has progressed largely by acquiring major percent of global market share. A number.
Introduction of ISO/IEC Identity Proofing
Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14 Presented by: Mike Hendrick VP Product Sequitur Labs.
SIMalliance Members & Strategic Partners
ETSI Contribution to 3rd Meeting of EC Expert Group on RRS
Payment Innovations PAYMENT INNOVATIONS DIGITAL PAYMENT SOLUTIONS.
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Global Smart Card Market to hit $65 Bn by 2025: Global Market Insights.
Presentation transcript:

Secure Elements and W3C L. Castillo 06/16/15

Secure Elements at a glance Secure microprocessor, secure memory, crypto engine September 8, 2014

Many applications Caveats Small memory, Low power, Low processing Banking Telecoms ID Transport Caveats Small memory, Low power, Low processing Secure Elements don’t have a 6 weeks release cycle Title 09.11.18

A common set of standards CC EAL FIPS EMVCo 3GPP ETSI GSMA PIV IAS ECC eIDAS OATH Business Applications ISO/IEC 7816 5-12 Java Card GlobalPlatform OS & Application Management ISO/IEC 7816 1-4 ISO/IEC 14443 Communication Security Features Title 09.11.18

W3C and Secure Elements Use cases to provide access to secure elements in web applications presented in SysApp WG Two factor authentication in web application “Chip present” mCommerce Reload transport card Mobile ID Reduce middleware burden on users Multiple efforts to provide access at various abstraction levels SE API in W3C SysApp WG at Communication level WebCrypto API support for SE at Cryptographic services level Past efforts stalled or stopped, one main issue Security policy & Access control to secure elements Middleware = driver burden Drivers => plug n’ play FIDO SE API based on OMAPI (SIM Alliance) Title 09.11.18

Web two security models Security Model Issue Web two security models Permissions: for local, user controlled resources (GPS, storage, etc…) Same Origin Policy: for remote, domain-bound resources / entities SEs Security model Physical binding to a user’s device (for user control) Contained applications are owned and managed by remote entities Remote entity authentication doesn’t rely on web domains Support for SEs requires either compromise or a new model Using User Permissions - might open security hole for SE apps NOT using strong remote authentication Using SOP – requires binding SE apps to web domains and changing 6 bn+ SEs on a three year cycle Using a new Web App security model – Trust and Permission CG efforts stalled Permissions are specified in W3C, great Permission API, W3C Trust and Permission CG https://www.w3.org/community/trustperms/ GP SEAC Title 09.11.18

Web Payments: touch points with SEs Credentials for authentication and/or payments Proximity payment infrastructure EMV Card-based payment processing Tokenization World-wide EMV transition TEE Title 09.11.18

Next steps Ongoing efforts: collecting requirements to address SEs services through the web Global Platform Web APIs group W3C Working Group coming soon Many actions around Security / Credentials in W3C Web Security … Recruiting participants for the coming W3C Working Group Contact Virginie Galindo: virginie.galindo@gemalto.com * Name to be defined Title 09.11.18