SlideShare a Scribd company logo

Bio-Authentication (FIDO) and PKI Trends in Korea

FIDO Alliance
FIDO Alliance

Hear case studies on Bio-Authentication and PKI Trends in Korea presented by JJ Kim, CTO & Director, Korea Information Certificate Authority.

Technology
1 of 48
Download to read offline
v3.0 김재중 이사(jjkim@signgate.com) December 6th , 2016 FIDO Seoul Seminar 2016
K-FIDO (/w Accredited Certificate) Bio-Authentication Case Study NID and Identification Method
PART I. National ID and Identification Method
- 4 -Copyright © 2016 KICA. All Rights Reserved. Identification Method Birthday Gender Birth Area Code Error Verification Code Resident Registration Number NID Card Accredited Certificate Mobile Authentication internet-Personal Identification Number • Randomly Generated 13 digit numbers  17 M users(2015) 1. National ID and i-PIN
- 5 -Copyright © 2016 KICA. All Rights Reserved. 2. Type of Offline Identification Methods • The citizen can use a lot of identification methods such as accredited certificate, mobile, bank account, credit card for internet services that needs non face-to-face identification service . Citizen Internet Services Credit Card IssuerBankTelco Company Non Face-to-Face Identification Service Accredited Certificate Mobile phone Credit Card Online Identification PassportNID Card Driver License Face-to-Face Identification Accredited CA Bank Account, Check Card Face-to-Face Identification
- 6 -Copyright © 2016 KICA. All Rights Reserved. 3. Type of Online Identification Methods Credit Card Authentication i-PIN Accredited Certificate Mobile Authentication • Name • Phone number • Telco name • Birthday • Gender • Citizen or Foreigner • i-Pin ID • Password1 • Password2 (image letters) • Credit card number • Validity period (Month/Year) • Password (2digits) Certificate Password Identification MethodAccredited CA i-PIN Service ProviderCredit Card Issuer Telco Company
- 7 -Copyright © 2016 KICA. All Rights Reserved. 4. Statistic of Identification Method • The Use Rate of Identification Method in Korea 81% 84% 49% 27% 0% 95% 88% 56% 36% 7% 96% 84% 51% 35% 6% 0% 20% 40% 60% 80% 100% 120% Accredited Certificate Mobile Authentication i-PIN OTP ETC 2013 2014 2015 (Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015)
- 8 -Copyright © 2016 KICA. All Rights Reserved. 5. User authentication method for various services Service Function Identification Method Web portal Log-in (optional) • ID/Password • OTP (software) Registration • Mobile authentication ID/password retrieval (one selected) • Registered mobile phone • E-mail notification • i-PIN E-transaction Log-in • Accredited certificate • ID/Password (Inquiry only) Electronic payment Account transfer • Account information + Accredited certificate Credit card payment • PIN (6-digits) + Mobile authentication : Easy Payment • Credit card information + Accredited certificate - VISA Anshim Click, Internet Secure Payment (ISP) Mobile phone Payment • Mobile phone information + resident registration number Financial institution (Internet banking) Log-in • Accredited certificate, ID/PW(Inquiry only) Account transfer Type 1 • Accredited certificate + OTP generator • PKI token(Accredited certificate) + security card Type 2 • Accredited certificate + security card (2-channel authentication) Public Procurement Service Electronic bidding • Accredited certificate + fingerprint security token(Bio-HSM) • Various user authentication methods used for user authentication for web portals, e-transactions, financial institutions and e-government services are shown.
PART II. K-FIDO : Accredited Certificate + FIDO + FIDOAccredited Certificate
- 10 -Copyright © 2016 KICA. All Rights Reserved.  5 Accredited CAs issued accredited certificates to subscriber around 33 millions in total.  Major PKI Applications * Internet Banking, Online Stock, Internet Shopping, e-Procurement, e-Government Services, etc. - 5,000,000 10,000,000 15,000,000 20,000,000 25,000,000 30,000,000 35,000,000 40,000,000 The annual number of valid accredited certificates (as of December 2015, published by KISA) 1. Statistic of Accredited Certificate in Korea 33M
- 11 -Copyright © 2016 KICA. All Rights Reserved.  Accredited Certificate Applications- Top5 96% 83% 65% 36% 32% 95% 65% 70% 32% 34% 97% 74% 71% 39% 37% 0% 20% 40% 60% 80% 100% 120% Internet Banking Payment of Shopping Mall E-government Services Online Stock trading Internet Insurance 2013 2014 2015 63% 42% 43% 1% 1% 62% 42% 40% 3% 2% 60% 42% 43% 4% 4% 0% 10% 20% 30% 40% 50% 60% 70% Removable Disk(USB etc.) Hard Disk Smart Phone PKI Token Smart Card 2013 2014 2015  Accredited certificate storage utilization rate by media (Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015) 1. Statistic of Accredited Certificate Usage
- 12 -Copyright © 2016 KICA. All Rights Reserved.  Statistics on Accredited CA’s No Accredited CA/ Web site Accredited Date Characteristics 1 KICA (CA: SignGATE) http://www.signgate.com 2000. 02. 10 Corporation 2 KOSCOM (CA: SignKorea) http://www.signkorea.com 2000. 02. 10 Special purpose Corporation 3 KFTC (CA: YesSign) http://www.yessign.com 2000. 04. 12 Non-commercial Organization 4 CrossCert (CA: CrossCert) http://gca.crosscert.com 2001. 11. 24 Corporation 5 KTNET (CA: TradeSign) http://www.tradesign.net 2002. 03. 11 State-run Corporation with special mission (As of 2016; published by MSIP) 1. Status of Accredited CAs in Korea
- 13 -Copyright © 2016 KICA. All Rights Reserved. Status and Problems SD Card Internal Memory (Android) Storage Improvements Accredited certificates stored in Hard Disk(SD Card) are easy to hacking by malicious code. NPKI Folder Stored in APP Certificate Password: 10 digits(arphanumeric+1 special character) Accredited certificates should be stored more secure storages such as HSM, USIM, etc. User’s Biometric Authentication  fingerprint, Face, Voice, Iris, etc. Smart Authentication (USIM) Smart OTP HSM Too many to remember, difficult to type, and not secure Better Privacy, Better Experience, Better Security User Authentication Secure Storage 2. Problem statements
- 14 -Copyright © 2016 KICA. All Rights Reserved. 3. What is K-FIDO?  K-FIDO : Accredited Certificate + FIDO – K-FIDO stands for biometric accredited certification service that uses accredited certificate without password using FIDO. – K-FIDO uses biometric authentication such as fingerprint in smartphone instead of password. – K-FIDO specification will be published by KISA(Korea Internet Security Agency) in 2016. Password Accredited Certificate Fingerprint Iris (Source: Wooribank APP)
- 15 -Copyright © 2016 KICA. All Rights Reserved. FIDO Authenticator 4. Service Architecture RP APP Smartphone (Samsung, LG, APPLE) FIDO Client Fingerprint Sensor CA Biometric API PKI Module FIDO Server RP Server OCSP PC Certificate Issuance/ Reissuance/ Renewal Certificate Paste/Move FIDO UAF Protocol • Developed by the extension of FIDO UAF Protocol. • Distribute RP APP with FIDO Client and K-FIDO Authenticator. • Recommend to use KeyStore, TrustZone, KeyChain as a storage of accredited certificate and private key. • Any types of authentication method can be added. K-FIDO (Source: KISA Technical Specification)  K-FIDO Service Architecture Iris Sensor Certificate Verification
- 16 -Copyright © 2016 KICA. All Rights Reserved. 4.1 Secure Storage for smartphone(1/2) <Android 6.0 above (use AES Key)> 1) Android KeyStore Encryption (AES) Decryption (AES) AES key KeyStore Encrypted private key1 RSA key pair KeyStore Encrypted private key1 Encryption (AES) Decryption (AES) Session key Encryption (RSA) Decryption (RSA) Session key Encrypted private key2 Encrypted Session key Encrypted private key2 Encrypted private key1 Encrypted private key1 <Android 4.3 above and 5.x below(Use RSA Key)> (Source: KISA Technical Specification)
- 17 -Copyright © 2016 KICA. All Rights Reserved. 4.1 Secure Storage for smartphone(2/2) Encryption (AES) Decryption (AES) AES key KeyChain Encrypted private key1 Encrypted private key2 Encrypted private key1 2) Android TrustZone (Source: www.arm.com) <iOS 2.0 above (use AES Key)> 3) iOS KeyChain (Source: KISA Technical Specification)
- 18 -Copyright © 2016 KICA. All Rights Reserved. 5. Logical Architecture RP Application FIDO Client ASM Authenticator (Iris, Fingerprint) REE (Normal World) TEE (Secure World) Crypto Module PKI Module Certificate Management Module(CA) User (Smartphone) Service Server FIDO Server RP Server Service Provider(SP) CA Server OCSP Server (OCSP) Accredited CA Certificate Management (Issuance, Reissuance, Renewal, Revocation) Electronic Signature Electronic Signature Biometric Sensors FIDO Service Provider FIDO AuthCode FIDO UAF Protocol Certificate Verification Electronic Signature  The K-FIDO system consists of a smartphone, an accredited CA, a FIDO service provider, and a service provider.
- 19 -Copyright © 2016 KICA. All Rights Reserved. 5.1 Registration Process FIDO Client Authenticator Biometric Sensor Certificate Management Module(CA) FIDO Server CA Server ① Request Certificate Issuance ② UAF Registration Request ③ Bio-authentication ④ FIDO signature ⑤ UAF Registration Response ⑥ Request Certificate Issuance Crypto Module Secure Element RP Application ⑦ Generate key pairs ⑧ Request Certificate Issuance FIDO Registration ⑪ Save the accredited certificate and encrypted private key  The K-FIDO registration process uses FIDO registration protocol and issues the accredited certificate for CA after checked a bio-authentication of user. ⑨ Issue a certificate ⑩ accredited certificate
- 20 -Copyright © 2016 KICA. All Rights Reserved. 5.2 Authentication Process FIDO Client Authenticator Biometric Sensor PKI Module FIDO Server ① Request electronic signature ② UAF Authentication Request ③ Bio-authentication ④ FIDO signature ⑤ UAF Authentication Response ⑥ Request electronic signature Crypto Module Secure Element RP Application ⑦ Request electronic signature ⑧ Generate electronic signature Service Server ⑨ Send Signed Data OCSP Server FIDO Authentication ⑪ Certificate Verification RP Server ⑩ Verify Signed Data ⑫ Verify AuthCode  The K-FIDO authentication process uses FIDO authentication protocol and generates an electronic signature by user’s private key. Service provider verifies the signed data from OCSP server.
- 21 -Copyright © 2016 KICA. All Rights Reserved. 6. K-FIDO Service Demo Settings  Lock screen and security  Fingerprints  Demo Scenario of K-FIDO Service PC Push Mobile Mobile (Source: KICA K-FIDO Demo APP)
- 22 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo: ① Registration  The Registration of Accredited Certificate – Fingerprint match policy is single matching with each accredited certificate and fingerprint. – User can choose the different biometric authentications if a site provides multiple authenticators. Execute KICA App Register Fingerprint Verify Password Registration Result 1. Client “Bio-Authentication Center” icon 3. If matched, perform fingerprint authentication 2. Input the password for the selected an accredited certificate. 4. If succeeded, fingerprint registration for the accredited certificate will be completed. (Source: KICA K-FIDO Demo APP)
- 23 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo: ② APP Login  Example of Smartphone Login – The accredited certificates store in user’s smartphone. – K-FIDO authenticator can connect any FIDO clients and any Service Provide APPs with SDK. App Execution Select Certificate Complete Login 1. Click “login” icon based on accredited certificate. 2. Select an accredited certificate to use and authenticate with a registered fingerprint. 3. It matched, login process will be succeed. (Source: KICA K-FIDO Demo APP)
- 24 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo : ③ Web Login  Example of Web page Login – Web Brower in PC doesn’t install any ActiveX software. (HTML5) – The User signed up for the web site and registered his/her mobile phone number. 1. Select login based on fingerprint. 2. Input an ID and click “Login” KICA AppPush Service to the registered user’s smartphone Select Certificate 5. Complete Web page Login 3. Select an accredited certificate to use, touch the fingerprint, and authenticated with a registered fingerprint. 4. Send authentication result to the service provider server. (Source: KICA K-FIDO Demo APP)
PART III. Bio-Authentication Case Study
- 26 -Copyright © 2016 KICA. All Rights Reserved. 1. Bio-Authentication Service Model • Samsung’s payment platform • Support credit card/account payment, ATM saving /withdrawal, etc. • Alternative to certificate passwords (KISA) • Firmware-level support from Samsung Galaxy Note7 (Samsung PASS) • Cloud-based service (SECaaS) • Target for small & medium business • Alternative to Passwords (FIDO Alliance) • User authentication method with fingerprint, Iris, etc. CASE Study On-Premises Type Cloud TypeASP Type ?
- 27 -Copyright © 2016 KICA. All Rights Reserved. 2. Bio-authentication Case Study Name Purpose Authentication Type Authenticator Service Type FIDO Service Phone Brand Open Date Samsung Pay Payment, ATM Saving/ Withdrawal, etc FIDO (Samsung) Fingerprint, Iris ASP Type KICA Samsung 2015.08.20 Samsung Card Login, Payment FIDO (KICA) Fingerprint ASP Type KICA Samsung, APPLE 2016.08 IBK Bank Money Transfer K-FIDO (KICA) Fingerprint ASP Type KICA Samsung 2016.08.12 KEB Hana bank Money Transfer FIDO (Samsung PASS) Iris On-Premise Samsung Samsung 2016.08.19 Wooribank Login, Money Transfer K-FIDO (Samsung PASS) Iris ASP Type Samsung + KICA Samsung 2016.08.19 (Source: Samsung Pay APP, Samsung Card APP, IBK APP, Wooribank APP, KEB Hana bank APP)
- 28 -Copyright © 2016 KICA. All Rights Reserved. Samsung(FIDO) FIDO Client ASM Authenticator KICA Library SAMSUNG (Samsung PASS) Authentication Framework RP Client SDK FIDO Client ASM Authenticator FIDO Module K-FIDO Module K-FIDO Module FIDO Module Crypto Module Certificate Management Module PKI Module SAMSUNG (Samsung PAY) Pay Framework FIDO Module Pay Module Sensor 2. Case Study: Device Configuration FIDO FIDO Client ASM Authenticator KICA Library RP Client SDK FIDO Client ASM Authenticator FIDO Module K-FIDO Module Sensor
- 29 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Credit Card Payments Internet Banking Money Transfer Account Payment ATM Saving ATM Withdraw Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 3. CASE1: Samsung Pay General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Samsung Pay is the new, simple and secure way to pay with your Samsung Galaxy device. Accepted almost anywhere you can swipe or tap your card. CASE 1
- 30 -Copyright © 2016 KICA. All Rights Reserved. 3.1 Samsung Pay: Overview Safe and secure mobile payments virtually anywhere you can swipe your card Everywhere Secure MST, NFC payment Offline & online Payment One hand operation Easy to setup Consistent User Experience Value Added Service Fingerprint Authentication (FIDO support) Samsung KNOX Tokenization Simple CASE 1 (Source: Samsung Pay)
- 31 -Copyright © 2016 KICA. All Rights Reserved. 3.2 Samsung Pay: Security  Security & Protection: Designed with our highest level of security available Fingerprint Authentication Samsung Knox Each transaction uses a random token instead of your card number, which means your actual information isn’t shared when you shop and your details stay safe. TokenizationTransaction are authorized with your fingerprint, so you’re in control of when each payment is made. With Samsung KNOX, your phone is constantly monitored for vulnerabilities. Even if your phone is ever compromised, your card information is still safely encrypted within a separate and secure data vault. CASE 1 (Source: Samsung Pay)
- 32 -Copyright © 2016 KICA. All Rights Reserved. 3.3 Samsung Pay: Credit Card Payment Settings  Lock screen and security  Fingerprints • NFC : Near Field Communication • MST: Magnetic Secure Transmission NFC MST+  Payment process of Samsung Pay CASE 1 (Source: Samsung Pay)
- 33 -Copyright © 2016 KICA. All Rights Reserved. 3.4 Samsung Pay: Add Card Process Select ‘Add Card’Add Card Enter card info Agree Term Mobile Authentication Fingerprint VerificationType Payment Password Enter Signature Complete 1 2 3 4 5 6 7 8 9 10 CASE 1 (Source: Samsung Pay)
- 34 -Copyright © 2016 KICA. All Rights Reserved. 3.5 Samsung Pay: Payment Process Fingerprint or Iris AuthenticationSelect Card or Bank Account Touch POS Device 1 2 3 Number 1: Samsung Pay (Easy and Secure) Customer Satisfaction Survey of Easy Payment Service (August 30, 2016, Korea Consumer Agency) CASE 1 (Source: Samsung Pay)
- 35 -Copyright © 2016 KICA. All Rights Reserved. 3.6 Samsung Pay: ATM Saving/Withdrawal Smart Phone (Samsung)  This is a working scenario of FIDO based ATM in Wooribank. ATM (NFC Reader) ① Select Withdraw from bank account ② Enter your bank account PIN ③ Type in the withdrawal amount ④ Scan your fingerprint to withdraw your cash ④ Hold your device near the ATM card reader ⑤ Withdraw the money from ATM machine CASE 1 (Source: Wooribank ATM)
- 36 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 4. CASE2: Samsung Card General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Fingerprint based FIDO Service  Samsung Card: This model provides a fingerprint authentication for login, easy payment using Samsung, APPLE smartphone. CASE 2
- 37 -Copyright © 2016 KICA. All Rights Reserved. 4. Samsung Card: Fingerprint Login Agree Term Mobile Authentication Fingerprint Authentication Registration End Login Start Fingerprint Authentication Login Success  Step1 : The User registers fingerprint logins  Step2: The user logs in with the fingerprint. CASE 2 (Source: Samsung Card APP)
- 38 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 5. CASE3: IBK Bank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Fingerprint based K-FIDO Service  IBK Bank: This model provides a fingerprint authentication instead of accredited certificate password for site login, money transfer and so on using Samsung smartphone. CASE 3
- 39 -Copyright © 2016 KICA. All Rights Reserved. 5. IBK Bank: Registration(1/2)  The i-ONE Bank service in IBK Bank provides K-FIDO based smart banking service. ① Click “Authentication Center” menu ② Click “Fingerprint Registration” menu ③ Select Accredited Certificate ④ Type the password of selected accredited certificate Certification Center Certification List Certificate Password Register Fingerprint CASE 3 (Source: IBK bank APP)
- 40 -Copyright © 2016 KICA. All Rights Reserved. 5. IBK Bank: Registration(1/2)  This is an accredited certificate registration process with fingerprint. Complete Registration ⑥ Click “User Agreement” ⑦ Mobile Authentication ⑧ OTP Authentication ⑨ Perform Fingerprint authentication ⑩ Complete Registration ⑤ Start Fingerprint Registration OTP Numbers OTP Numbers Mobile authentication Term and Conditions Next Fingerprint CASE 3 (Source: IBK bank APP)
- 41 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 6. CASE4: KEB Hana Bank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Iris based FIDO service  KEB Hana Bank: This model provides a iris authentication of Samsung Pass for money transfer and so on using Samsung smartphone. (Alternative of Accredited certificate but ARS authentication and OTP are still used) CASE 4
- 42 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Iris Registration(1/2) Iris-login Information Agree Term Create Samsung Account Iris Registration Start Login Select Iris-Login 1 2 3 4 5 6 CASE 4 (Source: KEB Hana Bank APP)
- 43 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Iris Registration(2/2) Check User Info SMS / Security Card Authentication Show Iris Info Samsung PASS info Agree S-PASS Term Set S-PASS PIN Iris Authentication Registration End 7 8 9 10 11 12 13 14 CASE 4 (Source: www.etnews.com)
- 44 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Money Transfer ARS AuthenticationStart Money Transfer Iris Authentication End Money Transfer 1 2 3 4 ARS: 2-channeal authentication (phone, internet) Withdrawal account information Deposit account information CASE 4 (Source: www.etnews.com)
- 45 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 7. CASE5: Wooribank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device Fingerprint Iris PIN Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Iris based K-FIDO Service  Wooribank: This model provides a iris authentication of Samsung Pass instead of accredited certificate password for site login, money transfer and so on using Samsung smartphone. (No use ARS authentication and security card) CASE 5
- 46 -Copyright © 2016 KICA. All Rights Reserved. 7. Wooribank: Certificate Registration Bio-Auth CenterLogin Start Registration User Notification Agree Term Mobile Authentication Iris Authentication Certificate Issuance Complete Registration 1 2 3 4 5 6 7 8 9 CASE 5 (Source: www.etnews.com)
- 47 -Copyright © 2016 KICA. All Rights Reserved. 7. Wooribank: Login / Money Transfer Select Money TransferWooribank APP Iris Authentication Iris Verification Input account info Confirm info Iris Verification Complete Transfer 1 2 3 4 Login 1 2 3 4 Money Transfer CASE 5 (Source: wooribank APP)
Dr. Jae Jung Kim (jjkim@signgate.com)

Recommended

KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 

Recommended

KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsFIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets IdentificationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleFIDO Alliance
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile ConnectFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionFIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationFIDO Alliance
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustInformation Security Services SA
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lectureynamoto
 

More Related Content

What's hot

FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsFIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets IdentificationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleFIDO Alliance
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile ConnectFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionFIDO Alliance
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationFIDO Alliance
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 

What's hot (20)

FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social Applications
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More Simple
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor Payments
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile Connect
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO Authentication
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA AdoptionCurrent Trends Related to Mobile Network Operators & FIDO SCA Adoption
Current Trends Related to Mobile Network Operators & FIDO SCA Adoption
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice Authentication
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 

Similar to Bio-Authentication (FIDO) and PKI Trends in Korea

Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lectureynamoto
 
FIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Alliance
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentKona Software Lab Limited.
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSazzadur Rahaman
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_IntroductionJohnson Wu
 
2FA OTP Token
2FA OTP Token2FA OTP Token
2FA OTP Token2FA, Inc.
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO Alliance
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementMartijn Oostdijk
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...Eswar Publications
 
Authshield integration with mails
Authshield integration with mailsAuthshield integration with mails
Authshield integration with mailsAuthShield Labs
 

Similar to Bio-Authentication (FIDO) and PKI Trends in Korea (20)

ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
FIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Authentication in Hong Kong
FIDO Authentication in Hong Kong
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
 
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC Payment
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 
2FA OTP Token
2FA OTP Token2FA OTP Token
2FA OTP Token
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong Kong
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity Management
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop...
 
Authshield integration with mails
Authshield integration with mailsAuthshield integration with mails
Authshield integration with mails
 
Kona SL Profile
Kona SL ProfileKona SL Profile
Kona SL Profile
 

More from FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポートFIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 

Recently uploaded

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Bio-Authentication (FIDO) and PKI Trends in Korea

  • 2. K-FIDO (/w Accredited Certificate) Bio-Authentication Case Study NID and Identification Method
  • 4. - 4 -Copyright © 2016 KICA. All Rights Reserved. Identification Method Birthday Gender Birth Area Code Error Verification Code Resident Registration Number NID Card Accredited Certificate Mobile Authentication internet-Personal Identification Number • Randomly Generated 13 digit numbers  17 M users(2015) 1. National ID and i-PIN
  • 5. - 5 -Copyright © 2016 KICA. All Rights Reserved. 2. Type of Offline Identification Methods • The citizen can use a lot of identification methods such as accredited certificate, mobile, bank account, credit card for internet services that needs non face-to-face identification service . Citizen Internet Services Credit Card IssuerBankTelco Company Non Face-to-Face Identification Service Accredited Certificate Mobile phone Credit Card Online Identification PassportNID Card Driver License Face-to-Face Identification Accredited CA Bank Account, Check Card Face-to-Face Identification
  • 6. - 6 -Copyright © 2016 KICA. All Rights Reserved. 3. Type of Online Identification Methods Credit Card Authentication i-PIN Accredited Certificate Mobile Authentication • Name • Phone number • Telco name • Birthday • Gender • Citizen or Foreigner • i-Pin ID • Password1 • Password2 (image letters) • Credit card number • Validity period (Month/Year) • Password (2digits) Certificate Password Identification MethodAccredited CA i-PIN Service ProviderCredit Card Issuer Telco Company
  • 7. - 7 -Copyright © 2016 KICA. All Rights Reserved. 4. Statistic of Identification Method • The Use Rate of Identification Method in Korea 81% 84% 49% 27% 0% 95% 88% 56% 36% 7% 96% 84% 51% 35% 6% 0% 20% 40% 60% 80% 100% 120% Accredited Certificate Mobile Authentication i-PIN OTP ETC 2013 2014 2015 (Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015)
  • 8. - 8 -Copyright © 2016 KICA. All Rights Reserved. 5. User authentication method for various services Service Function Identification Method Web portal Log-in (optional) • ID/Password • OTP (software) Registration • Mobile authentication ID/password retrieval (one selected) • Registered mobile phone • E-mail notification • i-PIN E-transaction Log-in • Accredited certificate • ID/Password (Inquiry only) Electronic payment Account transfer • Account information + Accredited certificate Credit card payment • PIN (6-digits) + Mobile authentication : Easy Payment • Credit card information + Accredited certificate - VISA Anshim Click, Internet Secure Payment (ISP) Mobile phone Payment • Mobile phone information + resident registration number Financial institution (Internet banking) Log-in • Accredited certificate, ID/PW(Inquiry only) Account transfer Type 1 • Accredited certificate + OTP generator • PKI token(Accredited certificate) + security card Type 2 • Accredited certificate + security card (2-channel authentication) Public Procurement Service Electronic bidding • Accredited certificate + fingerprint security token(Bio-HSM) • Various user authentication methods used for user authentication for web portals, e-transactions, financial institutions and e-government services are shown.
  • 9. PART II. K-FIDO : Accredited Certificate + FIDO + FIDOAccredited Certificate
  • 10. - 10 -Copyright © 2016 KICA. All Rights Reserved.  5 Accredited CAs issued accredited certificates to subscriber around 33 millions in total.  Major PKI Applications * Internet Banking, Online Stock, Internet Shopping, e-Procurement, e-Government Services, etc. - 5,000,000 10,000,000 15,000,000 20,000,000 25,000,000 30,000,000 35,000,000 40,000,000 The annual number of valid accredited certificates (as of December 2015, published by KISA) 1. Statistic of Accredited Certificate in Korea 33M
  • 11. - 11 -Copyright © 2016 KICA. All Rights Reserved.  Accredited Certificate Applications- Top5 96% 83% 65% 36% 32% 95% 65% 70% 32% 34% 97% 74% 71% 39% 37% 0% 20% 40% 60% 80% 100% 120% Internet Banking Payment of Shopping Mall E-government Services Online Stock trading Internet Insurance 2013 2014 2015 63% 42% 43% 1% 1% 62% 42% 40% 3% 2% 60% 42% 43% 4% 4% 0% 10% 20% 30% 40% 50% 60% 70% Removable Disk(USB etc.) Hard Disk Smart Phone PKI Token Smart Card 2013 2014 2015  Accredited certificate storage utilization rate by media (Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015) 1. Statistic of Accredited Certificate Usage
  • 12. - 12 -Copyright © 2016 KICA. All Rights Reserved.  Statistics on Accredited CA’s No Accredited CA/ Web site Accredited Date Characteristics 1 KICA (CA: SignGATE) http://www.signgate.com 2000. 02. 10 Corporation 2 KOSCOM (CA: SignKorea) http://www.signkorea.com 2000. 02. 10 Special purpose Corporation 3 KFTC (CA: YesSign) http://www.yessign.com 2000. 04. 12 Non-commercial Organization 4 CrossCert (CA: CrossCert) http://gca.crosscert.com 2001. 11. 24 Corporation 5 KTNET (CA: TradeSign) http://www.tradesign.net 2002. 03. 11 State-run Corporation with special mission (As of 2016; published by MSIP) 1. Status of Accredited CAs in Korea
  • 13. - 13 -Copyright © 2016 KICA. All Rights Reserved. Status and Problems SD Card Internal Memory (Android) Storage Improvements Accredited certificates stored in Hard Disk(SD Card) are easy to hacking by malicious code. NPKI Folder Stored in APP Certificate Password: 10 digits(arphanumeric+1 special character) Accredited certificates should be stored more secure storages such as HSM, USIM, etc. User’s Biometric Authentication  fingerprint, Face, Voice, Iris, etc. Smart Authentication (USIM) Smart OTP HSM Too many to remember, difficult to type, and not secure Better Privacy, Better Experience, Better Security User Authentication Secure Storage 2. Problem statements
  • 14. - 14 -Copyright © 2016 KICA. All Rights Reserved. 3. What is K-FIDO?  K-FIDO : Accredited Certificate + FIDO – K-FIDO stands for biometric accredited certification service that uses accredited certificate without password using FIDO. – K-FIDO uses biometric authentication such as fingerprint in smartphone instead of password. – K-FIDO specification will be published by KISA(Korea Internet Security Agency) in 2016. Password Accredited Certificate Fingerprint Iris (Source: Wooribank APP)
  • 15. - 15 -Copyright © 2016 KICA. All Rights Reserved. FIDO Authenticator 4. Service Architecture RP APP Smartphone (Samsung, LG, APPLE) FIDO Client Fingerprint Sensor CA Biometric API PKI Module FIDO Server RP Server OCSP PC Certificate Issuance/ Reissuance/ Renewal Certificate Paste/Move FIDO UAF Protocol • Developed by the extension of FIDO UAF Protocol. • Distribute RP APP with FIDO Client and K-FIDO Authenticator. • Recommend to use KeyStore, TrustZone, KeyChain as a storage of accredited certificate and private key. • Any types of authentication method can be added. K-FIDO (Source: KISA Technical Specification)  K-FIDO Service Architecture Iris Sensor Certificate Verification
  • 16. - 16 -Copyright © 2016 KICA. All Rights Reserved. 4.1 Secure Storage for smartphone(1/2) <Android 6.0 above (use AES Key)> 1) Android KeyStore Encryption (AES) Decryption (AES) AES key KeyStore Encrypted private key1 RSA key pair KeyStore Encrypted private key1 Encryption (AES) Decryption (AES) Session key Encryption (RSA) Decryption (RSA) Session key Encrypted private key2 Encrypted Session key Encrypted private key2 Encrypted private key1 Encrypted private key1 <Android 4.3 above and 5.x below(Use RSA Key)> (Source: KISA Technical Specification)
  • 17. - 17 -Copyright © 2016 KICA. All Rights Reserved. 4.1 Secure Storage for smartphone(2/2) Encryption (AES) Decryption (AES) AES key KeyChain Encrypted private key1 Encrypted private key2 Encrypted private key1 2) Android TrustZone (Source: www.arm.com) <iOS 2.0 above (use AES Key)> 3) iOS KeyChain (Source: KISA Technical Specification)
  • 18. - 18 -Copyright © 2016 KICA. All Rights Reserved. 5. Logical Architecture RP Application FIDO Client ASM Authenticator (Iris, Fingerprint) REE (Normal World) TEE (Secure World) Crypto Module PKI Module Certificate Management Module(CA) User (Smartphone) Service Server FIDO Server RP Server Service Provider(SP) CA Server OCSP Server (OCSP) Accredited CA Certificate Management (Issuance, Reissuance, Renewal, Revocation) Electronic Signature Electronic Signature Biometric Sensors FIDO Service Provider FIDO AuthCode FIDO UAF Protocol Certificate Verification Electronic Signature  The K-FIDO system consists of a smartphone, an accredited CA, a FIDO service provider, and a service provider.
  • 19. - 19 -Copyright © 2016 KICA. All Rights Reserved. 5.1 Registration Process FIDO Client Authenticator Biometric Sensor Certificate Management Module(CA) FIDO Server CA Server ① Request Certificate Issuance ② UAF Registration Request ③ Bio-authentication ④ FIDO signature ⑤ UAF Registration Response ⑥ Request Certificate Issuance Crypto Module Secure Element RP Application ⑦ Generate key pairs ⑧ Request Certificate Issuance FIDO Registration ⑪ Save the accredited certificate and encrypted private key  The K-FIDO registration process uses FIDO registration protocol and issues the accredited certificate for CA after checked a bio-authentication of user. ⑨ Issue a certificate ⑩ accredited certificate
  • 20. - 20 -Copyright © 2016 KICA. All Rights Reserved. 5.2 Authentication Process FIDO Client Authenticator Biometric Sensor PKI Module FIDO Server ① Request electronic signature ② UAF Authentication Request ③ Bio-authentication ④ FIDO signature ⑤ UAF Authentication Response ⑥ Request electronic signature Crypto Module Secure Element RP Application ⑦ Request electronic signature ⑧ Generate electronic signature Service Server ⑨ Send Signed Data OCSP Server FIDO Authentication ⑪ Certificate Verification RP Server ⑩ Verify Signed Data ⑫ Verify AuthCode  The K-FIDO authentication process uses FIDO authentication protocol and generates an electronic signature by user’s private key. Service provider verifies the signed data from OCSP server.
  • 21. - 21 -Copyright © 2016 KICA. All Rights Reserved. 6. K-FIDO Service Demo Settings  Lock screen and security  Fingerprints  Demo Scenario of K-FIDO Service PC Push Mobile Mobile (Source: KICA K-FIDO Demo APP)
  • 22. - 22 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo: ① Registration  The Registration of Accredited Certificate – Fingerprint match policy is single matching with each accredited certificate and fingerprint. – User can choose the different biometric authentications if a site provides multiple authenticators. Execute KICA App Register Fingerprint Verify Password Registration Result 1. Client “Bio-Authentication Center” icon 3. If matched, perform fingerprint authentication 2. Input the password for the selected an accredited certificate. 4. If succeeded, fingerprint registration for the accredited certificate will be completed. (Source: KICA K-FIDO Demo APP)
  • 23. - 23 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo: ② APP Login  Example of Smartphone Login – The accredited certificates store in user’s smartphone. – K-FIDO authenticator can connect any FIDO clients and any Service Provide APPs with SDK. App Execution Select Certificate Complete Login 1. Click “login” icon based on accredited certificate. 2. Select an accredited certificate to use and authenticate with a registered fingerprint. 3. It matched, login process will be succeed. (Source: KICA K-FIDO Demo APP)
  • 24. - 24 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo : ③ Web Login  Example of Web page Login – Web Brower in PC doesn’t install any ActiveX software. (HTML5) – The User signed up for the web site and registered his/her mobile phone number. 1. Select login based on fingerprint. 2. Input an ID and click “Login” KICA AppPush Service to the registered user’s smartphone Select Certificate 5. Complete Web page Login 3. Select an accredited certificate to use, touch the fingerprint, and authenticated with a registered fingerprint. 4. Send authentication result to the service provider server. (Source: KICA K-FIDO Demo APP)
  • 26. - 26 -Copyright © 2016 KICA. All Rights Reserved. 1. Bio-Authentication Service Model • Samsung’s payment platform • Support credit card/account payment, ATM saving /withdrawal, etc. • Alternative to certificate passwords (KISA) • Firmware-level support from Samsung Galaxy Note7 (Samsung PASS) • Cloud-based service (SECaaS) • Target for small & medium business • Alternative to Passwords (FIDO Alliance) • User authentication method with fingerprint, Iris, etc. CASE Study On-Premises Type Cloud TypeASP Type ?
  • 27. - 27 -Copyright © 2016 KICA. All Rights Reserved. 2. Bio-authentication Case Study Name Purpose Authentication Type Authenticator Service Type FIDO Service Phone Brand Open Date Samsung Pay Payment, ATM Saving/ Withdrawal, etc FIDO (Samsung) Fingerprint, Iris ASP Type KICA Samsung 2015.08.20 Samsung Card Login, Payment FIDO (KICA) Fingerprint ASP Type KICA Samsung, APPLE 2016.08 IBK Bank Money Transfer K-FIDO (KICA) Fingerprint ASP Type KICA Samsung 2016.08.12 KEB Hana bank Money Transfer FIDO (Samsung PASS) Iris On-Premise Samsung Samsung 2016.08.19 Wooribank Login, Money Transfer K-FIDO (Samsung PASS) Iris ASP Type Samsung + KICA Samsung 2016.08.19 (Source: Samsung Pay APP, Samsung Card APP, IBK APP, Wooribank APP, KEB Hana bank APP)
  • 28. - 28 -Copyright © 2016 KICA. All Rights Reserved. Samsung(FIDO) FIDO Client ASM Authenticator KICA Library SAMSUNG (Samsung PASS) Authentication Framework RP Client SDK FIDO Client ASM Authenticator FIDO Module K-FIDO Module K-FIDO Module FIDO Module Crypto Module Certificate Management Module PKI Module SAMSUNG (Samsung PAY) Pay Framework FIDO Module Pay Module Sensor 2. Case Study: Device Configuration FIDO FIDO Client ASM Authenticator KICA Library RP Client SDK FIDO Client ASM Authenticator FIDO Module K-FIDO Module Sensor
  • 29. - 29 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Credit Card Payments Internet Banking Money Transfer Account Payment ATM Saving ATM Withdraw Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 3. CASE1: Samsung Pay General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Samsung Pay is the new, simple and secure way to pay with your Samsung Galaxy device. Accepted almost anywhere you can swipe or tap your card. CASE 1
  • 30. - 30 -Copyright © 2016 KICA. All Rights Reserved. 3.1 Samsung Pay: Overview Safe and secure mobile payments virtually anywhere you can swipe your card Everywhere Secure MST, NFC payment Offline & online Payment One hand operation Easy to setup Consistent User Experience Value Added Service Fingerprint Authentication (FIDO support) Samsung KNOX Tokenization Simple CASE 1 (Source: Samsung Pay)
  • 31. - 31 -Copyright © 2016 KICA. All Rights Reserved. 3.2 Samsung Pay: Security  Security & Protection: Designed with our highest level of security available Fingerprint Authentication Samsung Knox Each transaction uses a random token instead of your card number, which means your actual information isn’t shared when you shop and your details stay safe. TokenizationTransaction are authorized with your fingerprint, so you’re in control of when each payment is made. With Samsung KNOX, your phone is constantly monitored for vulnerabilities. Even if your phone is ever compromised, your card information is still safely encrypted within a separate and secure data vault. CASE 1 (Source: Samsung Pay)
  • 32. - 32 -Copyright © 2016 KICA. All Rights Reserved. 3.3 Samsung Pay: Credit Card Payment Settings  Lock screen and security  Fingerprints • NFC : Near Field Communication • MST: Magnetic Secure Transmission NFC MST+  Payment process of Samsung Pay CASE 1 (Source: Samsung Pay)
  • 33. - 33 -Copyright © 2016 KICA. All Rights Reserved. 3.4 Samsung Pay: Add Card Process Select ‘Add Card’Add Card Enter card info Agree Term Mobile Authentication Fingerprint VerificationType Payment Password Enter Signature Complete 1 2 3 4 5 6 7 8 9 10 CASE 1 (Source: Samsung Pay)
  • 34. - 34 -Copyright © 2016 KICA. All Rights Reserved. 3.5 Samsung Pay: Payment Process Fingerprint or Iris AuthenticationSelect Card or Bank Account Touch POS Device 1 2 3 Number 1: Samsung Pay (Easy and Secure) Customer Satisfaction Survey of Easy Payment Service (August 30, 2016, Korea Consumer Agency) CASE 1 (Source: Samsung Pay)
  • 35. - 35 -Copyright © 2016 KICA. All Rights Reserved. 3.6 Samsung Pay: ATM Saving/Withdrawal Smart Phone (Samsung)  This is a working scenario of FIDO based ATM in Wooribank. ATM (NFC Reader) ① Select Withdraw from bank account ② Enter your bank account PIN ③ Type in the withdrawal amount ④ Scan your fingerprint to withdraw your cash ④ Hold your device near the ATM card reader ⑤ Withdraw the money from ATM machine CASE 1 (Source: Wooribank ATM)
  • 36. - 36 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 4. CASE2: Samsung Card General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Fingerprint based FIDO Service  Samsung Card: This model provides a fingerprint authentication for login, easy payment using Samsung, APPLE smartphone. CASE 2
  • 37. - 37 -Copyright © 2016 KICA. All Rights Reserved. 4. Samsung Card: Fingerprint Login Agree Term Mobile Authentication Fingerprint Authentication Registration End Login Start Fingerprint Authentication Login Success  Step1 : The User registers fingerprint logins  Step2: The user logs in with the fingerprint. CASE 2 (Source: Samsung Card APP)
  • 38. - 38 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 5. CASE3: IBK Bank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Fingerprint based K-FIDO Service  IBK Bank: This model provides a fingerprint authentication instead of accredited certificate password for site login, money transfer and so on using Samsung smartphone. CASE 3
  • 39. - 39 -Copyright © 2016 KICA. All Rights Reserved. 5. IBK Bank: Registration(1/2)  The i-ONE Bank service in IBK Bank provides K-FIDO based smart banking service. ① Click “Authentication Center” menu ② Click “Fingerprint Registration” menu ③ Select Accredited Certificate ④ Type the password of selected accredited certificate Certification Center Certification List Certificate Password Register Fingerprint CASE 3 (Source: IBK bank APP)
  • 40. - 40 -Copyright © 2016 KICA. All Rights Reserved. 5. IBK Bank: Registration(1/2)  This is an accredited certificate registration process with fingerprint. Complete Registration ⑥ Click “User Agreement” ⑦ Mobile Authentication ⑧ OTP Authentication ⑨ Perform Fingerprint authentication ⑩ Complete Registration ⑤ Start Fingerprint Registration OTP Numbers OTP Numbers Mobile authentication Term and Conditions Next Fingerprint CASE 3 (Source: IBK bank APP)
  • 41. - 41 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 6. CASE4: KEB Hana Bank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Iris based FIDO service  KEB Hana Bank: This model provides a iris authentication of Samsung Pass for money transfer and so on using Samsung smartphone. (Alternative of Accredited certificate but ARS authentication and OTP are still used) CASE 4
  • 42. - 42 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Iris Registration(1/2) Iris-login Information Agree Term Create Samsung Account Iris Registration Start Login Select Iris-Login 1 2 3 4 5 6 CASE 4 (Source: KEB Hana Bank APP)
  • 43. - 43 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Iris Registration(2/2) Check User Info SMS / Security Card Authentication Show Iris Info Samsung PASS info Agree S-PASS Term Set S-PASS PIN Iris Authentication Registration End 7 8 9 10 11 12 13 14 CASE 4 (Source: www.etnews.com)
  • 44. - 44 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Money Transfer ARS AuthenticationStart Money Transfer Iris Authentication End Money Transfer 1 2 3 4 ARS: 2-channeal authentication (phone, internet) Withdrawal account information Deposit account information CASE 4 (Source: www.etnews.com)
  • 45. - 45 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 7. CASE5: Wooribank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device Fingerprint Iris PIN Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Iris based K-FIDO Service  Wooribank: This model provides a iris authentication of Samsung Pass instead of accredited certificate password for site login, money transfer and so on using Samsung smartphone. (No use ARS authentication and security card) CASE 5
  • 46. - 46 -Copyright © 2016 KICA. All Rights Reserved. 7. Wooribank: Certificate Registration Bio-Auth CenterLogin Start Registration User Notification Agree Term Mobile Authentication Iris Authentication Certificate Issuance Complete Registration 1 2 3 4 5 6 7 8 9 CASE 5 (Source: www.etnews.com)
  • 47. - 47 -Copyright © 2016 KICA. All Rights Reserved. 7. Wooribank: Login / Money Transfer Select Money TransferWooribank APP Iris Authentication Iris Verification Input account info Confirm info Iris Verification Complete Transfer 1 2 3 4 Login 1 2 3 4 Money Transfer CASE 5 (Source: wooribank APP)
  • 48. Dr. Jae Jung Kim (jjkim@signgate.com)