Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies.

Published byErik Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies."— Presentation transcript:

1 Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Dr. Yuri Grigorenko Nov 07’

2 Services About US Basic Cryptography PKI & ePassports Best Practices f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 In an Nutshell is a security consultancy company and OEM solution provider specializing in the field of identity management is based on a managing team of IT veterans with a combined experience of over 30 years in the smart card business and information security sector provides a wide portfolio of consulting services and integrated solutions in the field of identity security for governments worldwide Integrated Solutions for Secure Identity Contact US

3 In an Nutshell About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 We focus on the combination of Identity Management with IT Security Technologies  Smart Cards  Public Key Infrastructure  Hardware Security Modules Our services include:  Threat analysis  Technological gaps identification  Available products survey and QA  Provision of tailored technological solutions  Second-tier technical support  Training program s Integrated Solutions for Secure Identity Best Practices Contact US Services

4 CertificatesTrust ModelsDigital SignatureSigning ProcessEncryption ProcessHash FunctionsSymmetric vs. AsymmetricEncryption Basics Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Encrypting a message is like locking your house An encryption algorithm ~ Lock mechanism An encryption key ~ Lock key / combination Lock Integrated Solutions for Secure Identity Best Practices Contact US

5 Lock About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 A riddle: How do two people lock a room without sharing the secret code? A hint: skcol owt esU ! Symmetric - same key Asymmetric - public and private keys Lock CertificatesTrust ModelsDigital SignatureSigning ProcessEncryption ProcessHash FunctionsEncryption BasicsSymmetric vs. Asymmetric Integrated Solutions for Secure Identity Best Practices Contact US

6 About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 A function that digests the message and provides a unique (and short) representation Irreversible Public algorithms Yuri Marcel To: Marcel CC: Yuri From: Yuri This is the original message Hash To: Marcel CC: Yuri From: Yuri This is the original message ---------------------- ADS#$#$%3ffr4 Hash ? CertificatesTrust ModelsDigital SignatureSigning ProcessEncryption ProcessEncryption BasicsSymmetric vs. AsymmetricHash Functions Integrated Solutions for Secure Identity Best Practices Contact US

7 About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Symmetric / Asymmetric Confidentiality Yuri To: Marcel CC: Yuri From: Yuri This is a secret message Encryption To: Marcel CC: Yuri From: Yuri SDF#$%8SDFD 21#$ADF#@$4D Decryption Marcel’s public key Marcel’s private key CertificatesTrust ModelsDigital SignatureSigning ProcessEncryption BasicsSymmetric vs. AsymmetricHash FunctionsEncryption Process Integrated Solutions for Secure Identity Best Practices Contact US Marcel Same mutual key

8 About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Asymmetric Authenticity Yuri To: Marcel CC: Yuri From: Yuri This is an authenticated message Encryption To: Marcel CC: Yuri From: Yuri SDF#$%8SDFD 21#$ADF#@$4D Decryption Yuri’s private key Yuri’s public key CertificatesTrust ModelsDigital SignatureEncryption BasicsSymmetric vs. AsymmetricHash FunctionsEncryption ProcessSigning Process Integrated Solutions for Secure Identity Best Practices Contact US Marcel

9 About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Yuri Marcel To: Marcel CC: Yuri From: Yuri This is a signed message Encryption To: Marcel CC: Yuri From: Yuri This is a signed message ----------------------- SDF#$%8SDFD Decryption Yuri’s private key Yuri’s public key Hash AD4543$%DF Hash AD4543$%DF ? CertificatesTrust ModelsEncryption BasicsSymmetric vs. AsymmetricHash FunctionsEncryption ProcessSigning ProcessDigital Signature Integrated Solutions for Secure Identity Best Practices Contact US

10 About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Yuri Marcel Yuri’s public key K pu = 0xff132483ab98 ------------------------------ FFK$#%5534FSAB To: Marcel CC: Yuri From: Yuri This is a signed message ----------------------- SDF#$%8SDFD CertificatesEncryption BasicsSymmetric vs. AsymmetricHash FunctionsEncryption ProcessSigning ProcessDigital SignatureTrust Models Q: How does Marcel know that Yuri’s (K pu,K pr ) wasn’t forged ? A: It has to be digitally signed by someone Marcel trusts (TTP)! Encrypt with trusted party K pr Decrypt with trusted party K pu Hash ? GR%3HJT$6 Integrated Solutions for Secure Identity Best Practices Contact US

11 About US Basic Cryptography PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Yuri’s public key K pu = 0xff132483ab98 additional information Issuer, Validity, privileges… ------------------------------ FFK$#%5534FSAB Encryption BasicsSymmetric vs. AsymmetricHash FunctionsEncryption ProcessSigning ProcessDigital SignatureTrust ModelsCertificates X.509 Certificate Standard Card Verifiable Certificates Hash signed by a trusted party Integrated Solutions for Secure Identity Best Practices Contact US

12 Active AuthenticationExtended Access ControlBasic Access Control PA Trust LevelsPassive AuthenticationLogical Data Structure Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 What should we protect? Authenticity of personal data Privacy of personal and biometric data Passport uniqueness An ICAO TAG/MRTD recomendation General Passive Authentication Basic Access Control Extended Access Control Active Authentication Integrated Solutions for Secure Identity Best Practices Contact US

13 Active Authentication Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Logical Data Structure: Mandatory - personal details, face picture, digital signature. Optional - Fingerprint, iris, signature picture… Data group 1 (MRZ) Data group 2 (Encoded Face) Data group 3 (Encoded Finger) Data group 4 (Encoded IRIS) Data group 5 (Displayed Face) Data group 6 (Future Use) Data group 7-15 Data group 16 (Persons to notify) LDS Extended Access ControlBasic Access Control PA Trust LevelsPassive AuthenticationGeneralLogical Data Structure Integrated Solutions for Secure Identity Best Practices Contact US

14 Active AuthenticationGeneral Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Data group 1 (MRZ) Data group 2 (Encoded Face) Data group 3 (Encoded Finger) Data group 4 (Encoded IRIS) Data group 5 (Displayed Face) Data group 6 (Future Use) Data group 7-15 Data group 16 (Persons to notify) LDSSO D Hash DG_1 Hash DG_2 Hash DG_5 Digital Signature Protects against data alternation: Personal data Hash values Extended Access ControlBasic Access Control PA Trust LevelsLogical Data StructurePassive Authentication Only issuer could have signed this passport! Integrated Solutions for Secure Identity Best Practices Contact US

15 Active AuthenticationGeneral Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 DSCA Environments CSCA Environment HSM Backup HSM CA managemen t software HSM Backup HSM Document Signer Software Personalization equipment DB ePassport Management System Extended Access ControlBasic Access ControlPassive AuthenticationLogical Data Structure PA Trust Levels 2 level PKI Integrated Solutions for Secure Identity Best Practices Contact US

16 Active Authentication Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Extended Access ControlGeneralLogical Data StructurePassive Authentication PA Trust LevelsBasic Access Control Who can read my personal and biometric data? Skimming - secretly reading the data from small distance Eavesdropping - passive observation of “legal” communication Solution: If I can see your passport - I am allowed to read it! Establishment of a symmetric encryption key based on the optically readable MRZ, thus encrypting the connection between the passport and the reader P<D<< GRIGORENKO<YURI<<<< 123456D<<123M01011975<<<<<0 Symmetric key establishment Hash ENCRYPTION Integrated Solutions for Secure Identity Best Practices Contact US

17 Active Authentication Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 GeneralLogical Data StructurePassive Authentication PA Trust LevelsBasic Access ControlExtended Access Control Only a face picture is a mandatory biometric data! Additional biometric data must be protected from unauthorized access Number of possible cryptographic solutions: Data encryption using dedicated Master Key(s), as well as additional information (such as MRZ details) Inspection system authorization, introducing additional PKI scheme (CVCA, DVCA, IS). A reader must be digitally verified in order to read sensitive data from the passport Issuing country is always in control: sharing of secret keys, signing certificates… Integrated Solutions for Secure Identity Best Practices Contact US

18 General Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Data group 1 (MRZ) Data group 2 (Encoded Face) Data group 3 (Encoded Finger) Data group 4 (Encoded IRIS) Data group 5 (Displayed Face) Data group 6 (Future Use) Data group 7-14 Data group 15 (AA Public Key) LDSSO D Hash DG_1 Hash DG_2 Hash DG_5 Digital Signature Protects against data coping: AA private key is secretly stored on chip and is unreadable A challenge-response protocol Data group 16 (Persons to notify) Hash DG_15 AA Private Key Logical Data StructurePassive Authentication PA Trust LevelsBasic Access ControlExtended Access ControlActive Authentication Integrated Solutions for Secure Identity Best Practices Contact US

19 Questions Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Integrated Solutions for Secure Identity Best Practices Contact US Modern cryptographic techniques, e.g. PKI provide the suitable framework for protection of sensitive biometrical data Deployment of a Public Key Infrastructure, being a highly complicated issue combining delicate technological aspects, requires unique specialization Being the heart part of your e-passport security, it is highly recommended to treat the Public Key Infrastructure separately from the deployment of the passport production system We offer our clients an integrated PKI solutions to fit their passport production process Best Practices

20 Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Integrated Solutions for Secure Identity Best Practices Contact US Best PracticesQuestions

21 Basic Cryptography About Us PKI & ePassports f-ID Security Technologies GmbH Dr. Yuri Grigorenko, Biometria 2007, Buenos-Aires, 30.11.07 Visit Us: Rosa Hoffman Strasse 33 A-5020 Salzburg, Austria www.f-id.at Call Us: +43 662 906002054 +43 662 903333054 E-Mail Us: info@f-id.at Integrated Solutions for Secure Identity Best Practices Contact US

Download ppt "Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging.

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Cryptography Usage in TWIC (Draft v4 8Dec06)

Cryptography Usage in TWIC (Draft v4 8Dec06)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 1 Identity in the digital age Travel documents & Cryptography Dr. Kim Nguyen Bundesdruckerei GmbH, Berlin.

Dr. Kim Nguyen, ECC Workshop, Bochum, , 1 Identity in the digital age Travel documents & Cryptography Dr. Kim Nguyen Bundesdruckerei GmbH, Berlin.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google