Hardware Token Support for the Web Analysis of the W3C Workshop on Authentication, Hardware Tokens and Beyond.

Slides:



Advertisements
Similar presentations
© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.
Advertisements

© 2011 All rights reserved to Ceedo. Ceedo - Flexible Computing Certificate-Based Authentication (CBA - 2FA) The organization MUST be able to positively.
© 2012 All rights reserved to Ceedo. Flexible Desktops. Dynamic Workplace. Ceedo Client Offerings For Service Providers Ceedo Client Workspace Virtualization.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
The team - currently 25 people
MOOC on M4D 2013 I NTRODUCTION TO THE A NDROID P LATFORM Ashish Agrawal Indian Institute of Technology Kanpur.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
A Faster Path to IoT Solutions Chris Lamb Founder and CTO.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
The Architecture of Transaction Processing Systems
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.
Fraser Technical Solutions, LLC
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Proposal for the support of connected and proximity crypto HW in browsers Philip Hoyer – Director Strategic Innovation January 2015 Presentation Title.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Programming mobile devices Part II Programming Symbian devices with Symbian C++
CAEL 5012 Rich Internet Applications. What you need For this part of the course you will need access to a server with PHP and MYSQL which will be supplied.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Proposal for App Id and Service Provider Id registration Group Name: Shelby Kiewel Source: Shelby Kiewel, iconectiv / Ericsson,
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
TCP/IP Guide. OSI Reference Model Real-World Analogy Phase OSI Layer CEO LetterWeb Site Connection (Simplified) Transmission 7 The CEO of a company in.
1 IEEE LAN/ MAN Banf 1998 Open Java-Based Intelligent Agent Architecture for Adaptive Networking Devices Tal Lavian, Bay Architecture Lab
Copyright 2006 IDC Reproduction is forbidden unless authorized. All rights reserved. Information Security Trends.
App-ID Use Cases, Syntax and Attributes SEC App-ID_Use_Cases,_Syntax_and_Attributes Group Name: Architecture Source: Darold Hemphill, iconectiv,
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
ASP.NET Web API. ASP.NET Members MS Open Source ASP.NET MVC 4, ASP.NET Web API and ASP.NET Web Pages v2 (Razor) now all open source ASP.NET MVC 4, ASP.NET.
Supplementary to Presentation on Kiosk Services ATM System Overview TrigMax Enterprise Solutions Mason Liu, Ph.D.
Global Platform Presentation C:\Path - filename - san page 1 Open Platform on Java Card Introduction by Ingeborg Sandow.
Secure Credential Manager Claes Nilsson - Sony Ericsson
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Authorization for IoT Group Name: oneM2M SEC WG Source: Francois Ennesser, Gemalto NV Meeting Date: Agenda Item:
Leveraging UICC with Open Mobile API for Secure Applications and Services.
Zdenek Nejedly, Campus Services Rasim Duric, Lelio Fulgenzi, Deborah MacDougall, Networking Services Computing & Communications Services University of.
"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.
"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.
1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?
Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.
verifone HQtm Estate Management Solution
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.
Secure Mobile Development with NetIQ Access Manager
The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.
Wireless Mesh Networking or Peer to Peer Technology Andre Lukito – Johnsonsu – Wednesday, 9.
Hardware-based secure services past and future Olivier POTONNIEE, Aurélien COUVERT, Virginie GALINDO April 2016.
Vending machine monitoring system Industry&Business &Government IT transformation.
© 2012 IBM Corporation IBM Worklight Overview Martin Triska – IBM Worklight specialist (420) July 2012.
Presented by Deepak Varghese Reg No: Introduction Application S/W for server load balancing Many client requests make server congestion Distribute.
RASPBERRY-PI. ARM11 FEATURES  The ARM1176™ applications processors deployed broadly in devices ranging from smart phones to digital TV's to eReaders,
1 Rogue Mobile Shell Problem Verizon Wireless October 26, 2000 Christopher Carroll.
Intro to OMA GotAPI Open-Source Implementation Supporting Web of Things Use Cases W3C Web of Things Interest Group Meeting July 29, 2015 Bryan Sullivan,
Internet of Things (IoT) Platforms and Software: Market Outlook and Forecasts Phone No.: +1 (214) id:
CLOUDENTIFY.
LAS16-203: Platform Security Architecture for embedded devices
Secure Elements and W3C L. Castillo 06/16/15.
Enhancing Web Application Security with Secure Hardware Tokens
Office 365 Development.
Salesforce.com Salesforce.com is the world leader in on-demand customer relationship management (CRM) services Manages sales, marketing, customer service,
Presentation transcript:

Hardware Token Support for the Web Analysis of the W3C Workshop on Authentication, Hardware Tokens and Beyond

Facts 1.Outcome of W3C Workshop on Authentication, Hardware Tokens and Beyond Hardware tokens in scope (including Platform-held keys): unanimous support Key Discovery: high support Device Discovery: high support Attestation of provenance: high support User-owned keys (aka individual-managed ID, aka FIDO): medium support 2.The gap between unanimous support and high support for hardware authentication vs. medium support for individual-managed ID (aka FIDO) is because there are several solutions today used in the web that are for centrally-issued IDs. At the workshop several governments and companies that are in the business of centrally- issued IDs were represented. 3.Both centrally-issued IDs and individual-managed IDs are equally important. One cannot replace the other.

Current state of hardware security ● Global Platform (GP) standard covers most of the interesting cases that support centrally-issued IDs ○ Smart cards ○ USIM cards ○ EMV cards ○ TPMs ○ TEEs ● There is substantial OS support for GP APIs (Windows, MacOS, Linux) ● Communications with the app use APDUs with standard framing, but app specific data ● The functions of a GP device are realized through “applications” resident on the device ● Each application has a unique, centrally registered AppID ● Each AppID belongs to a specific organization.

Proposal - Architecture Supports BOTH centrally-issued & individual-managed IDs ● Create a specialized JS sandbox for accessing secure hardware ○ Two interfaces: ■ APDU interface to a specific AppID instance (on the secure h/w device) ■ Message channel to web app ○ For some set of AppIDs, the browser obtains a JS “driver” that the owner of the AppID authorizes to access instances of that AppID ■ Driver translates from JS messages/API to APDUs ■ Driver could be delivered through dynamic loading from the web (à la WebRTC IdP) or a more static plugin / addon framework ● Web app requests access to AppID X ○ Browser checks that it has a JS driver for AppID X ○ Browser determines whether there is a device present that has an app with AppID X ○ Browser obtains from the OS a way to pass APDUs to that app instance ○ Browser loads the JS driver into a sandbox with (1) the APDU interface connected to the app instance, and (2) a message channel to the web app ○ Browser passes message channel back to web app

Proposal Why support both centrally-issued & individual-managed IDs? Centrally-issuedIndividual-managed Billions of IDs already issued and have Global Platform as the common standard New standard from FIDO Necessary for Liability ownershipNecessary for privacy Cannot provide privacyCannot provide liability or know your customer Supporting individual-managed IDs only = medium support Supporting both individual-managed IDs and centrally-issued IDs = unanimous support

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.