" iot authentication for emergency & offline payment during earthquake, power disruption,...
TRANSCRIPT
"IoT Authentication for Emergency & Offline Payment
during Earthquake, Power Disruption, Typhoon”
Unho Choi, Ph.D. UNHCR
PKI (ITU X.509) for On-line & Off-line
Offline e-Gov. + Disaster Situation
International Donation ?UNHCR Cash ?Global Fund ?WFP electronic cards ? NGO ?
ATM ? POS ? Bank ?
IoT Authentication ?
Copyright © Unho Choi 2015
FIDO Alliance
Bio Sensor + PKI = Secure Domain (FIDO)
Tokenization with Dynamic code(OTP)
= ?
“B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58”
Authentication Server
APPLE PKI ?
PanamaPanamaPanamaPanama
VietnamVietnamVietnamVietnam
PhilippinesPhilippinesPhilippinesPhilippines
EgyptEgyptEgyptEgypt
KenyaKenyaKenyaKenyaIndonesiaIndonesiaIndonesiaIndonesia
completedcompletedcompletedcompleted ProceedingProceedingProceedingProceeding StartedStartedStartedStarted
EquatorEquatorEquatorEquator
CamerooCameroonnCamerooCameroonn
BruneiBruneiBruneiBrunei
MoroccMoroccooMoroccMoroccoo
Costa Costa RicaRicaCosta Costa RicaRica
IranIranIranIran
MongoliaMongoliaMongoliaMongolia
RwandaRwandaRwandaRwanda JordanJordanJordanJordan
IraqIraqIraqIraq
Nigeria, Kenya ……
ICAO, e-UNLP ……
US, France, Sweden, Germany, Turkey, Norway ……
PKI – DEVELOPING COUNTRY
Public Key Certificate
Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key
Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature
Extended Validation
(Empty)
Public Key Certificate
Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key
Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature
Extended Validation
Biometric Code + at least one of Additional Code
< Before user registration >
< After user registration >
Bar Code/ QR / UPC / RFID / URL /CRL / PUF/ GS1/ GSIN / IPv6 / MAC / MAC/ Cryptographic hash functions address/unique identification information etc.
PKI (ITU X.509)
“B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58
Copyright © Unho Choi May 2015
Multi App
1 App
eService
3 App´s 5 App´s 10 App´s
eServiceeHealtheTicketing
eServiceeDLeGateeBankingeLibrary
eIDeServiceeHealtheTicketingATMeDLePurseeGatesTravel document
ExampleFinlandFINID
FinlandFINID
ItalyCNS
ItalyCNS
Hong KongHKSAR
Hong KongHKSAR
MalaysiaMyKad
MalaysiaMyKad
Muiti Application on e-ID
Sample
National ID
PKI+
Data
DriverLicens
e
PKI+
Data
Medical
PKI+
Data
e-Votin
g
PKI+
Data
Pension
PKI+
Data
Passport
ICAO
PKI+
Data
Tax
PKI+
Data
Physical
Access/
Smart Car
PKI
PC/ Clou
dLogo
n
PKI
Smart Phone/ Smart Home
PKI
IoT Authentication ?
UBIQUITOUS AUTHENTICATION MANAGEMENT
Copyright © Unho Choi May 2015
Physical unclonable functions
Bank/Credit Card
Payment
Government
Internet
Cloud Car IoT 911
Emergency
Combination 2 more finger
Combination 1 finger + IRIS
Combination Iris + Vein
Combination Iris + Facial
Combination Finger+ Sign
Combination Voice+ Facial
Combination with each Palm/ Blood / Voice / DNA / Keystroke etc.
Allocated purpose of use
Diverse combinations of Biometrics
Application Services
Allocated purpose of use
Multi Bio Combination ?
ResetEmergency
Recover 911
Copyright © Unho Choi May 2015
Communication Terminal
Centralized Controller
IoT Network
IoT Service Provicer
IoT Authentication Key for Smart Phone
Copyright © Unho Choi May 2015
Emergency Recover Reset 911
Centralized Controller
IoT Network
Smart Card
Communication Terminal
IoT Service Provicer
IoT Authentication Key for National ID ?
Copyright © Unho Choi May 2015Copyright © Unho Choi May 2015
Emergency Recover Reset 911
Biometrics(a)
UPC/EPC Biometrics(b)
UPC/EPCBiometrics PAN(g)
UPC/EPCBiometrics PAN PUF(h)
UPC/EPCBiometrics PAN PUF(i) Dynamic Signature
PAN Biometrics(c)
PUF Biometrics(d)
Dynamic SignatureBiometrics(e)
Activity featureBiometrics(f)
IoT Authentication Code ?
Copyright © Unho Choi May 2015
B9E2995B2B7602AE825CE7DE819F10F088419E595A9AA
Biometric code
UPC/EPC
PAN code
PUF code
(j)
B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58
Biometric code
UPC/EPC
PAN code
PUF code
(k)
OTP
IoT Authentication Code Format
Copyright © Unho Choi May 2015Copyright © Unho Choi May 2015
Emergency Recover Reset 911
Bank Credit Card e-Government Internet Cloud
Online application (with GEO location / GPS)
Bio Sensor on ATMfor cash withdrawal etc.
Bio Sensor on POSfor buy food etc.
Bio Sensor on Centralized Controllerfor control IoT Devices etc.
Bio Sensor on Smart Card/Phonefor control Smart Car etc.
Off-line application support for each service etc. by Government & Financial Authority
On-line & Off-line
1st Public Key for on-line
at Authentication Server
2nd Public Key for off-line for ATM, POS, Centralized Controller, Phone/Card
Store with Private Key at Secure Domain (IC Chip)
Copyright © Unho Choi May 2015
United NationsUnited Nations
Bank
Private Key
Public Key
“B9E2995B2B7602AE825CE7DE819F10F
UN CA(Certificate Authority)
Public KeyWFP
Public Key
Global Fund
Public KeyUNDP
Public Key
ATM, POS (Off-line)
Public Key Private Key
Key Distribution
Copyright © Unho Choi May 2015
Biometrics data acquisition module
Biometrics data management module
Biometric authentication module
VPN management module
Device data acquisition module
OTP generation module
Key management module
Authentication execution module
Operation Process
Copyright © Unho Choi May 2015
“ Take chain of Mountain view ”
Unho Choi Ph.D., CGEIT, CRISC, ISO 27001, CISSP, PMP [email protected]