魂▪創▪通魂▪創▪通 2014. 9. 10. Digital Certificate and Beyond Sangrae Cho Authentication Research Team.

Slides:



Advertisements
Similar presentations
Achieving online trust through Mutual Authentication.
Advertisements

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
WPKI available technology diagram and the business model
9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Copyright © 1999, Financial Services Technology Consortium. All rights reserved. FSML and Echeck Milton M. Anderson Financial Services Technology Consortium.
魂▪創▪通魂▪創▪通 WebCert - SOP Sangrae Cho Authentication Research Team.
1 Authentication and Open Standards Brian Kelly UKOLN University of Bath Bath, BA2 7AY UKOLN is funded by the British Library Research.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
INFORMATION SYSTEMS SERVICES UNIVERSITY OF LEEDS Presentation to the UK e-Science Grid Workshop ‘Managing Access to Resources on the Grid’ e-Science Institute,
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Electronic Transaction Security (E-Commerce)
FIT3105 Smart card based authentication and identity management Lecture 4.
Online Security Tuesday April 8, 2003 Maxence Crossley.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.
Technology in Organisations How are technological components used together in systems? All images drawn by Christopher Ashwood.
Authentication Beyond Authentication - an e-banking and e-government perspective - Sean Michael Wykes CTO - Nascent Technology Consultants
Public Key Infrastructure from the Most Trusted Name in e-Security.
Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.
Proposal for the support of connected and proximity crypto HW in browsers Philip Hoyer – Director Strategic Innovation January 2015 Presentation Title.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
Hardware Token Support for the Web Analysis of the W3C Workshop on Authentication, Hardware Tokens and Beyond.
PKI interoperability and policy in the wireless world.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Leveraging UICC with Open Mobile API for Secure Applications and Services.
Single Sign-On
Single sign-on Secure password store Mats Byfuglien.
SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.
ID anywhere mobile | smart cards | devices.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
Mobile Security. Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive.
1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.
Hardware-based secure services past and future Olivier POTONNIEE, Aurélien COUVERT, Virginie GALINDO April 2016.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Innovation is Our Passion Online Banking Past, Present and Future.
1 1 Social Security Platform James Wu We Simplify Security.
Information Systems Design and Development Security Precautions Computing Science.
April 20023CSG11 Electronic Commerce Payment systems John Wordsworth Department of Computer Science The University of Reading
2016 LOGO Comparison Between Apple Pay and Ali Pay Zhu Liang Li Zhihao
Digital Banking Ecosystem - Maximizing the Power of Digital Channels -
Secure Element API An introduction.
Enhancing Web Application Security with Secure Hardware Tokens
Public Key Infrastructure from the Most Trusted Name in e-Security
Payment Innovations PAYMENT INNOVATIONS DIGITAL PAYMENT SOLUTIONS.
Presentation transcript:

魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team

魂▪創▪通魂▪創▪通 2 Web Browser caserver.com bank.com 3. use certificate (digital signature) 2. Issue certificate 4. Verify certificate Korean banking use case 1.Public key pair is generated in the browser.

魂▪創▪通魂▪創▪通 ActiveX based Service 3 Certification Authority Web Browser Internet Banking ActiveX for Certificate Management

魂▪創▪通魂▪創▪通 ActiveX realted Issues 4  ActiveX Programs Certificate Management Keyboard protection Personal filewall and anti-virus Web secure channel  Related Issues Only works for IE Weak for malicious program attack User inconvenience Not mobile friendly

魂▪創▪通魂▪創▪通 Web based Digital Certificate Service 5 Storage Devices Desktop PC Smart Authentication (USIM, NFC-Credit Card) CA Issuing Certificate Relying Party (Online banking, e-Gov) e-Gov) Smartphone APP Web Server JavaScript based HTML5 Issue a certificate Use the certificate Web Browser

魂▪創▪通魂▪創▪通 Web based Approach 6 Web Browser Crypto Library Cert and Key Store Storage Library Storage APIWebCrypto API Cert. Manager in Java Script CMP PCKS7 Certificate Manager  WebCrypto API for Crypto fucntions  HTML5 for storage and communication  CMP for certificate issuing and PKCS7 for digital signature implemented in JavaScript

魂▪創▪通魂▪創▪通TouchSignTouchSign 7  Smartcard solution for Financial Services Secure storage for digital certificates Digital Signature with NFC User Authentication

魂▪創▪通魂▪創▪通 TouchSign Applications 8 Online BankingCredit Card Subscription Money transfer in online banking can be done with TouchSign User Authentication Digital Signature Subscription for Credit Card can be done with TouchSign Digital Signature

魂▪創▪通魂▪創▪通 Digital Certificate with FIDO 9 Digital Certificate issued to Authenticator

魂▪創▪通魂▪創▪通 Hands-Free Payment Service 10 Hands-Free Payment

魂▪創▪通魂▪創▪通 Requirements for standard 11  Storage management for WebCrypto.Next  Standard API for Hardware Tokens  Standard API for communications such as NFC, Bluetooth

魂▪創▪通魂▪創▪通 12 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.