Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
v3.0
김재중 이사(jjkim@signgate.com)
December 6th , 2016
FIDO Seoul Seminar 2016
K-FIDO (/w Accredited Certificate)
Bio-Authentication Case Study
NID and Identification Method
PART
I.
National ID and
Identification Method
- 4 -Copyright © 2016 KICA. All Rights Reserved.
Identification Method
Birthday
Gender Birth Area Code
Error Verification ...
- 5 -Copyright © 2016 KICA. All Rights Reserved.
2. Type of Offline Identification Methods
• The citizen can use a lot of ...
- 6 -Copyright © 2016 KICA. All Rights Reserved.
3. Type of Online Identification Methods
Credit Card
Authentication
i-PIN...
- 7 -Copyright © 2016 KICA. All Rights Reserved.
4. Statistic of Identification Method
• The Use Rate of Identification Me...
- 8 -Copyright © 2016 KICA. All Rights Reserved.
5. User authentication method for various services
Service Function Ident...
PART
II.
K-FIDO
: Accredited Certificate + FIDO
+
FIDOAccredited
Certificate
- 10 -Copyright © 2016 KICA. All Rights Reserved.
 5 Accredited CAs issued accredited certificates to subscriber around 3...
- 11 -Copyright © 2016 KICA. All Rights Reserved.
 Accredited Certificate Applications- Top5
96%
83%
65%
36% 32%
95%
65% ...
- 12 -Copyright © 2016 KICA. All Rights Reserved.
 Statistics on Accredited CA’s
No
Accredited CA/
Web site
Accredited
Da...
- 13 -Copyright © 2016 KICA. All Rights Reserved.
Status and Problems
SD Card
Internal
Memory
(Android)
Storage
Improvemen...
- 14 -Copyright © 2016 KICA. All Rights Reserved.
3. What is K-FIDO?
 K-FIDO : Accredited Certificate + FIDO
– K-FIDO sta...
- 15 -Copyright © 2016 KICA. All Rights Reserved.
FIDO Authenticator
4. Service Architecture
RP APP
Smartphone
(Samsung, L...
- 16 -Copyright © 2016 KICA. All Rights Reserved.
4.1 Secure Storage for smartphone(1/2)
<Android 6.0 above (use AES Key)>...
- 17 -Copyright © 2016 KICA. All Rights Reserved.
4.1 Secure Storage for smartphone(2/2)
Encryption
(AES)
Decryption
(AES)...
- 18 -Copyright © 2016 KICA. All Rights Reserved.
5. Logical Architecture
RP Application
FIDO Client
ASM
Authenticator
(Ir...
- 19 -Copyright © 2016 KICA. All Rights Reserved.
5.1 Registration Process
FIDO Client
Authenticator
Biometric Sensor
Cert...
- 20 -Copyright © 2016 KICA. All Rights Reserved.
5.2 Authentication Process
FIDO Client
Authenticator
Biometric Sensor
PK...
- 21 -Copyright © 2016 KICA. All Rights Reserved.
6. K-FIDO Service Demo
Settings
 Lock screen and security
 Fingerprint...
- 22 -Copyright © 2016 KICA. All Rights Reserved.
6. Service Demo: ① Registration
 The Registration of Accredited Certifi...
- 23 -Copyright © 2016 KICA. All Rights Reserved.
6. Service Demo: ② APP Login
 Example of Smartphone Login
– The accredi...
- 24 -Copyright © 2016 KICA. All Rights Reserved.
6. Service Demo : ③ Web Login
 Example of Web page Login
– Web Brower i...
PART
III.
Bio-Authentication
Case Study
- 26 -Copyright © 2016 KICA. All Rights Reserved.
1. Bio-Authentication Service Model
• Samsung’s payment
platform
• Suppo...
- 27 -Copyright © 2016 KICA. All Rights Reserved.
2. Bio-authentication Case Study
Name Purpose
Authentication
Type
Authen...
- 28 -Copyright © 2016 KICA. All Rights Reserved.
Samsung(FIDO)
FIDO Client
ASM
Authenticator
KICA Library SAMSUNG
(Samsun...
- 29 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Credit Card
Payments
Internet
Banking
Money Transfer...
- 30 -Copyright © 2016 KICA. All Rights Reserved.
3.1 Samsung Pay: Overview
Safe and secure mobile payments virtually anyw...
- 31 -Copyright © 2016 KICA. All Rights Reserved.
3.2 Samsung Pay: Security
 Security & Protection: Designed with our hig...
- 32 -Copyright © 2016 KICA. All Rights Reserved.
3.3 Samsung Pay: Credit Card Payment
Settings
 Lock screen and security...
- 33 -Copyright © 2016 KICA. All Rights Reserved.
3.4 Samsung Pay: Add Card Process
Select ‘Add Card’Add Card Enter card i...
- 34 -Copyright © 2016 KICA. All Rights Reserved.
3.5 Samsung Pay: Payment Process
Fingerprint or Iris AuthenticationSelec...
- 35 -Copyright © 2016 KICA. All Rights Reserved.
3.6 Samsung Pay: ATM Saving/Withdrawal
Smart Phone
(Samsung)
 This is a...
- 36 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
...
- 37 -Copyright © 2016 KICA. All Rights Reserved.
4. Samsung Card: Fingerprint Login
Agree Term Mobile Authentication Fing...
- 38 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
...
- 39 -Copyright © 2016 KICA. All Rights Reserved.
5. IBK Bank: Registration(1/2)
 The i-ONE Bank service in IBK Bank prov...
- 40 -Copyright © 2016 KICA. All Rights Reserved.
5. IBK Bank: Registration(1/2)
 This is an accredited certificate regis...
- 41 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
...
- 42 -Copyright © 2016 KICA. All Rights Reserved.
6. KEB Hana Bank: Iris Registration(1/2)
Iris-login Information Agree Te...
- 43 -Copyright © 2016 KICA. All Rights Reserved.
6. KEB Hana Bank: Iris Registration(2/2)
Check User Info SMS / Security ...
- 44 -Copyright © 2016 KICA. All Rights Reserved.
6. KEB Hana Bank: Money Transfer
ARS AuthenticationStart Money Transfer ...
- 45 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
...
- 46 -Copyright © 2016 KICA. All Rights Reserved.
7. Wooribank: Certificate Registration
Bio-Auth CenterLogin Start Regist...
- 47 -Copyright © 2016 KICA. All Rights Reserved.
7. Wooribank: Login / Money Transfer
Select Money TransferWooribank APP ...
Dr. Jae Jung Kim
(jjkim@signgate.com)
Upcoming SlideShare
Loading in …5
×

Bio-Authentication (FIDO) and PKI Trends in Korea

Hear case studies on Bio-Authentication and PKI Trends in Korea presented by JJ Kim, CTO & Director, Korea Information Certificate Authority.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

Bio-Authentication (FIDO) and PKI Trends in Korea

  1. 1. v3.0 김재중 이사(jjkim@signgate.com) December 6th , 2016 FIDO Seoul Seminar 2016
  2. 2. K-FIDO (/w Accredited Certificate) Bio-Authentication Case Study NID and Identification Method
  3. 3. PART I. National ID and Identification Method
  4. 4. - 4 -Copyright © 2016 KICA. All Rights Reserved. Identification Method Birthday Gender Birth Area Code Error Verification Code Resident Registration Number NID Card Accredited Certificate Mobile Authentication internet-Personal Identification Number • Randomly Generated 13 digit numbers  17 M users(2015) 1. National ID and i-PIN
  5. 5. - 5 -Copyright © 2016 KICA. All Rights Reserved. 2. Type of Offline Identification Methods • The citizen can use a lot of identification methods such as accredited certificate, mobile, bank account, credit card for internet services that needs non face-to-face identification service . Citizen Internet Services Credit Card IssuerBankTelco Company Non Face-to-Face Identification Service Accredited Certificate Mobile phone Credit Card Online Identification PassportNID Card Driver License Face-to-Face Identification Accredited CA Bank Account, Check Card Face-to-Face Identification
  6. 6. - 6 -Copyright © 2016 KICA. All Rights Reserved. 3. Type of Online Identification Methods Credit Card Authentication i-PIN Accredited Certificate Mobile Authentication • Name • Phone number • Telco name • Birthday • Gender • Citizen or Foreigner • i-Pin ID • Password1 • Password2 (image letters) • Credit card number • Validity period (Month/Year) • Password (2digits) Certificate Password Identification MethodAccredited CA i-PIN Service ProviderCredit Card Issuer Telco Company
  7. 7. - 7 -Copyright © 2016 KICA. All Rights Reserved. 4. Statistic of Identification Method • The Use Rate of Identification Method in Korea 81% 84% 49% 27% 0% 95% 88% 56% 36% 7% 96% 84% 51% 35% 6% 0% 20% 40% 60% 80% 100% 120% Accredited Certificate Mobile Authentication i-PIN OTP ETC 2013 2014 2015 (Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015)
  8. 8. - 8 -Copyright © 2016 KICA. All Rights Reserved. 5. User authentication method for various services Service Function Identification Method Web portal Log-in (optional) • ID/Password • OTP (software) Registration • Mobile authentication ID/password retrieval (one selected) • Registered mobile phone • E-mail notification • i-PIN E-transaction Log-in • Accredited certificate • ID/Password (Inquiry only) Electronic payment Account transfer • Account information + Accredited certificate Credit card payment • PIN (6-digits) + Mobile authentication : Easy Payment • Credit card information + Accredited certificate - VISA Anshim Click, Internet Secure Payment (ISP) Mobile phone Payment • Mobile phone information + resident registration number Financial institution (Internet banking) Log-in • Accredited certificate, ID/PW(Inquiry only) Account transfer Type 1 • Accredited certificate + OTP generator • PKI token(Accredited certificate) + security card Type 2 • Accredited certificate + security card (2-channel authentication) Public Procurement Service Electronic bidding • Accredited certificate + fingerprint security token(Bio-HSM) • Various user authentication methods used for user authentication for web portals, e-transactions, financial institutions and e-government services are shown.
  9. 9. PART II. K-FIDO : Accredited Certificate + FIDO + FIDOAccredited Certificate
  10. 10. - 10 -Copyright © 2016 KICA. All Rights Reserved.  5 Accredited CAs issued accredited certificates to subscriber around 33 millions in total.  Major PKI Applications * Internet Banking, Online Stock, Internet Shopping, e-Procurement, e-Government Services, etc. - 5,000,000 10,000,000 15,000,000 20,000,000 25,000,000 30,000,000 35,000,000 40,000,000 The annual number of valid accredited certificates (as of December 2015, published by KISA) 1. Statistic of Accredited Certificate in Korea 33M
  11. 11. - 11 -Copyright © 2016 KICA. All Rights Reserved.  Accredited Certificate Applications- Top5 96% 83% 65% 36% 32% 95% 65% 70% 32% 34% 97% 74% 71% 39% 37% 0% 20% 40% 60% 80% 100% 120% Internet Banking Payment of Shopping Mall E-government Services Online Stock trading Internet Insurance 2013 2014 2015 63% 42% 43% 1% 1% 62% 42% 40% 3% 2% 60% 42% 43% 4% 4% 0% 10% 20% 30% 40% 50% 60% 70% Removable Disk(USB etc.) Hard Disk Smart Phone PKI Token Smart Card 2013 2014 2015  Accredited certificate storage utilization rate by media (Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015) 1. Statistic of Accredited Certificate Usage
  12. 12. - 12 -Copyright © 2016 KICA. All Rights Reserved.  Statistics on Accredited CA’s No Accredited CA/ Web site Accredited Date Characteristics 1 KICA (CA: SignGATE) http://www.signgate.com 2000. 02. 10 Corporation 2 KOSCOM (CA: SignKorea) http://www.signkorea.com 2000. 02. 10 Special purpose Corporation 3 KFTC (CA: YesSign) http://www.yessign.com 2000. 04. 12 Non-commercial Organization 4 CrossCert (CA: CrossCert) http://gca.crosscert.com 2001. 11. 24 Corporation 5 KTNET (CA: TradeSign) http://www.tradesign.net 2002. 03. 11 State-run Corporation with special mission (As of 2016; published by MSIP) 1. Status of Accredited CAs in Korea
  13. 13. - 13 -Copyright © 2016 KICA. All Rights Reserved. Status and Problems SD Card Internal Memory (Android) Storage Improvements Accredited certificates stored in Hard Disk(SD Card) are easy to hacking by malicious code. NPKI Folder Stored in APP Certificate Password: 10 digits(arphanumeric+1 special character) Accredited certificates should be stored more secure storages such as HSM, USIM, etc. User’s Biometric Authentication  fingerprint, Face, Voice, Iris, etc. Smart Authentication (USIM) Smart OTP HSM Too many to remember, difficult to type, and not secure Better Privacy, Better Experience, Better Security User Authentication Secure Storage 2. Problem statements
  14. 14. - 14 -Copyright © 2016 KICA. All Rights Reserved. 3. What is K-FIDO?  K-FIDO : Accredited Certificate + FIDO – K-FIDO stands for biometric accredited certification service that uses accredited certificate without password using FIDO. – K-FIDO uses biometric authentication such as fingerprint in smartphone instead of password. – K-FIDO specification will be published by KISA(Korea Internet Security Agency) in 2016. Password Accredited Certificate Fingerprint Iris (Source: Wooribank APP)
  15. 15. - 15 -Copyright © 2016 KICA. All Rights Reserved. FIDO Authenticator 4. Service Architecture RP APP Smartphone (Samsung, LG, APPLE) FIDO Client Fingerprint Sensor CA Biometric API PKI Module FIDO Server RP Server OCSP PC Certificate Issuance/ Reissuance/ Renewal Certificate Paste/Move FIDO UAF Protocol • Developed by the extension of FIDO UAF Protocol. • Distribute RP APP with FIDO Client and K-FIDO Authenticator. • Recommend to use KeyStore, TrustZone, KeyChain as a storage of accredited certificate and private key. • Any types of authentication method can be added. K-FIDO (Source: KISA Technical Specification)  K-FIDO Service Architecture Iris Sensor Certificate Verification
  16. 16. - 16 -Copyright © 2016 KICA. All Rights Reserved. 4.1 Secure Storage for smartphone(1/2) <Android 6.0 above (use AES Key)> 1) Android KeyStore Encryption (AES) Decryption (AES) AES key KeyStore Encrypted private key1 RSA key pair KeyStore Encrypted private key1 Encryption (AES) Decryption (AES) Session key Encryption (RSA) Decryption (RSA) Session key Encrypted private key2 Encrypted Session key Encrypted private key2 Encrypted private key1 Encrypted private key1 <Android 4.3 above and 5.x below(Use RSA Key)> (Source: KISA Technical Specification)
  17. 17. - 17 -Copyright © 2016 KICA. All Rights Reserved. 4.1 Secure Storage for smartphone(2/2) Encryption (AES) Decryption (AES) AES key KeyChain Encrypted private key1 Encrypted private key2 Encrypted private key1 2) Android TrustZone (Source: www.arm.com) <iOS 2.0 above (use AES Key)> 3) iOS KeyChain (Source: KISA Technical Specification)
  18. 18. - 18 -Copyright © 2016 KICA. All Rights Reserved. 5. Logical Architecture RP Application FIDO Client ASM Authenticator (Iris, Fingerprint) REE (Normal World) TEE (Secure World) Crypto Module PKI Module Certificate Management Module(CA) User (Smartphone) Service Server FIDO Server RP Server Service Provider(SP) CA Server OCSP Server (OCSP) Accredited CA Certificate Management (Issuance, Reissuance, Renewal, Revocation) Electronic Signature Electronic Signature Biometric Sensors FIDO Service Provider FIDO AuthCode FIDO UAF Protocol Certificate Verification Electronic Signature  The K-FIDO system consists of a smartphone, an accredited CA, a FIDO service provider, and a service provider.
  19. 19. - 19 -Copyright © 2016 KICA. All Rights Reserved. 5.1 Registration Process FIDO Client Authenticator Biometric Sensor Certificate Management Module(CA) FIDO Server CA Server ① Request Certificate Issuance ② UAF Registration Request ③ Bio-authentication ④ FIDO signature ⑤ UAF Registration Response ⑥ Request Certificate Issuance Crypto Module Secure Element RP Application ⑦ Generate key pairs ⑧ Request Certificate Issuance FIDO Registration ⑪ Save the accredited certificate and encrypted private key  The K-FIDO registration process uses FIDO registration protocol and issues the accredited certificate for CA after checked a bio-authentication of user. ⑨ Issue a certificate ⑩ accredited certificate
  20. 20. - 20 -Copyright © 2016 KICA. All Rights Reserved. 5.2 Authentication Process FIDO Client Authenticator Biometric Sensor PKI Module FIDO Server ① Request electronic signature ② UAF Authentication Request ③ Bio-authentication ④ FIDO signature ⑤ UAF Authentication Response ⑥ Request electronic signature Crypto Module Secure Element RP Application ⑦ Request electronic signature ⑧ Generate electronic signature Service Server ⑨ Send Signed Data OCSP Server FIDO Authentication ⑪ Certificate Verification RP Server ⑩ Verify Signed Data ⑫ Verify AuthCode  The K-FIDO authentication process uses FIDO authentication protocol and generates an electronic signature by user’s private key. Service provider verifies the signed data from OCSP server.
  21. 21. - 21 -Copyright © 2016 KICA. All Rights Reserved. 6. K-FIDO Service Demo Settings  Lock screen and security  Fingerprints  Demo Scenario of K-FIDO Service PC Push Mobile Mobile (Source: KICA K-FIDO Demo APP)
  22. 22. - 22 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo: ① Registration  The Registration of Accredited Certificate – Fingerprint match policy is single matching with each accredited certificate and fingerprint. – User can choose the different biometric authentications if a site provides multiple authenticators. Execute KICA App Register Fingerprint Verify Password Registration Result 1. Client “Bio-Authentication Center” icon 3. If matched, perform fingerprint authentication 2. Input the password for the selected an accredited certificate. 4. If succeeded, fingerprint registration for the accredited certificate will be completed. (Source: KICA K-FIDO Demo APP)
  23. 23. - 23 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo: ② APP Login  Example of Smartphone Login – The accredited certificates store in user’s smartphone. – K-FIDO authenticator can connect any FIDO clients and any Service Provide APPs with SDK. App Execution Select Certificate Complete Login 1. Click “login” icon based on accredited certificate. 2. Select an accredited certificate to use and authenticate with a registered fingerprint. 3. It matched, login process will be succeed. (Source: KICA K-FIDO Demo APP)
  24. 24. - 24 -Copyright © 2016 KICA. All Rights Reserved. 6. Service Demo : ③ Web Login  Example of Web page Login – Web Brower in PC doesn’t install any ActiveX software. (HTML5) – The User signed up for the web site and registered his/her mobile phone number. 1. Select login based on fingerprint. 2. Input an ID and click “Login” KICA AppPush Service to the registered user’s smartphone Select Certificate 5. Complete Web page Login 3. Select an accredited certificate to use, touch the fingerprint, and authenticated with a registered fingerprint. 4. Send authentication result to the service provider server. (Source: KICA K-FIDO Demo APP)
  25. 25. PART III. Bio-Authentication Case Study
  26. 26. - 26 -Copyright © 2016 KICA. All Rights Reserved. 1. Bio-Authentication Service Model • Samsung’s payment platform • Support credit card/account payment, ATM saving /withdrawal, etc. • Alternative to certificate passwords (KISA) • Firmware-level support from Samsung Galaxy Note7 (Samsung PASS) • Cloud-based service (SECaaS) • Target for small & medium business • Alternative to Passwords (FIDO Alliance) • User authentication method with fingerprint, Iris, etc. CASE Study On-Premises Type Cloud TypeASP Type ?
  27. 27. - 27 -Copyright © 2016 KICA. All Rights Reserved. 2. Bio-authentication Case Study Name Purpose Authentication Type Authenticator Service Type FIDO Service Phone Brand Open Date Samsung Pay Payment, ATM Saving/ Withdrawal, etc FIDO (Samsung) Fingerprint, Iris ASP Type KICA Samsung 2015.08.20 Samsung Card Login, Payment FIDO (KICA) Fingerprint ASP Type KICA Samsung, APPLE 2016.08 IBK Bank Money Transfer K-FIDO (KICA) Fingerprint ASP Type KICA Samsung 2016.08.12 KEB Hana bank Money Transfer FIDO (Samsung PASS) Iris On-Premise Samsung Samsung 2016.08.19 Wooribank Login, Money Transfer K-FIDO (Samsung PASS) Iris ASP Type Samsung + KICA Samsung 2016.08.19 (Source: Samsung Pay APP, Samsung Card APP, IBK APP, Wooribank APP, KEB Hana bank APP)
  28. 28. - 28 -Copyright © 2016 KICA. All Rights Reserved. Samsung(FIDO) FIDO Client ASM Authenticator KICA Library SAMSUNG (Samsung PASS) Authentication Framework RP Client SDK FIDO Client ASM Authenticator FIDO Module K-FIDO Module K-FIDO Module FIDO Module Crypto Module Certificate Management Module PKI Module SAMSUNG (Samsung PAY) Pay Framework FIDO Module Pay Module Sensor 2. Case Study: Device Configuration FIDO FIDO Client ASM Authenticator KICA Library RP Client SDK FIDO Client ASM Authenticator FIDO Module K-FIDO Module Sensor
  29. 29. - 29 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Credit Card Payments Internet Banking Money Transfer Account Payment ATM Saving ATM Withdraw Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 3. CASE1: Samsung Pay General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Samsung Pay is the new, simple and secure way to pay with your Samsung Galaxy device. Accepted almost anywhere you can swipe or tap your card. CASE 1
  30. 30. - 30 -Copyright © 2016 KICA. All Rights Reserved. 3.1 Samsung Pay: Overview Safe and secure mobile payments virtually anywhere you can swipe your card Everywhere Secure MST, NFC payment Offline & online Payment One hand operation Easy to setup Consistent User Experience Value Added Service Fingerprint Authentication (FIDO support) Samsung KNOX Tokenization Simple CASE 1 (Source: Samsung Pay)
  31. 31. - 31 -Copyright © 2016 KICA. All Rights Reserved. 3.2 Samsung Pay: Security  Security & Protection: Designed with our highest level of security available Fingerprint Authentication Samsung Knox Each transaction uses a random token instead of your card number, which means your actual information isn’t shared when you shop and your details stay safe. TokenizationTransaction are authorized with your fingerprint, so you’re in control of when each payment is made. With Samsung KNOX, your phone is constantly monitored for vulnerabilities. Even if your phone is ever compromised, your card information is still safely encrypted within a separate and secure data vault. CASE 1 (Source: Samsung Pay)
  32. 32. - 32 -Copyright © 2016 KICA. All Rights Reserved. 3.3 Samsung Pay: Credit Card Payment Settings  Lock screen and security  Fingerprints • NFC : Near Field Communication • MST: Magnetic Secure Transmission NFC MST+  Payment process of Samsung Pay CASE 1 (Source: Samsung Pay)
  33. 33. - 33 -Copyright © 2016 KICA. All Rights Reserved. 3.4 Samsung Pay: Add Card Process Select ‘Add Card’Add Card Enter card info Agree Term Mobile Authentication Fingerprint VerificationType Payment Password Enter Signature Complete 1 2 3 4 5 6 7 8 9 10 CASE 1 (Source: Samsung Pay)
  34. 34. - 34 -Copyright © 2016 KICA. All Rights Reserved. 3.5 Samsung Pay: Payment Process Fingerprint or Iris AuthenticationSelect Card or Bank Account Touch POS Device 1 2 3 Number 1: Samsung Pay (Easy and Secure) Customer Satisfaction Survey of Easy Payment Service (August 30, 2016, Korea Consumer Agency) CASE 1 (Source: Samsung Pay)
  35. 35. - 35 -Copyright © 2016 KICA. All Rights Reserved. 3.6 Samsung Pay: ATM Saving/Withdrawal Smart Phone (Samsung)  This is a working scenario of FIDO based ATM in Wooribank. ATM (NFC Reader) ① Select Withdraw from bank account ② Enter your bank account PIN ③ Type in the withdrawal amount ④ Scan your fingerprint to withdraw your cash ④ Hold your device near the ATM card reader ⑤ Withdraw the money from ATM machine CASE 1 (Source: Wooribank ATM)
  36. 36. - 36 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 4. CASE2: Samsung Card General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Fingerprint based FIDO Service  Samsung Card: This model provides a fingerprint authentication for login, easy payment using Samsung, APPLE smartphone. CASE 2
  37. 37. - 37 -Copyright © 2016 KICA. All Rights Reserved. 4. Samsung Card: Fingerprint Login Agree Term Mobile Authentication Fingerprint Authentication Registration End Login Start Fingerprint Authentication Login Success  Step1 : The User registers fingerprint logins  Step2: The user logs in with the fingerprint. CASE 2 (Source: Samsung Card APP)
  38. 38. - 38 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 5. CASE3: IBK Bank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Fingerprint based K-FIDO Service  IBK Bank: This model provides a fingerprint authentication instead of accredited certificate password for site login, money transfer and so on using Samsung smartphone. CASE 3
  39. 39. - 39 -Copyright © 2016 KICA. All Rights Reserved. 5. IBK Bank: Registration(1/2)  The i-ONE Bank service in IBK Bank provides K-FIDO based smart banking service. ① Click “Authentication Center” menu ② Click “Fingerprint Registration” menu ③ Select Accredited Certificate ④ Type the password of selected accredited certificate Certification Center Certification List Certificate Password Register Fingerprint CASE 3 (Source: IBK bank APP)
  40. 40. - 40 -Copyright © 2016 KICA. All Rights Reserved. 5. IBK Bank: Registration(1/2)  This is an accredited certificate registration process with fingerprint. Complete Registration ⑥ Click “User Agreement” ⑦ Mobile Authentication ⑧ OTP Authentication ⑨ Perform Fingerprint authentication ⑩ Complete Registration ⑤ Start Fingerprint Registration OTP Numbers OTP Numbers Mobile authentication Term and Conditions Next Fingerprint CASE 3 (Source: IBK bank APP)
  41. 41. - 41 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 6. CASE4: KEB Hana Bank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device PIN Fingerprint Iris Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Iris based FIDO service  KEB Hana Bank: This model provides a iris authentication of Samsung Pass for money transfer and so on using Samsung smartphone. (Alternative of Accredited certificate but ARS authentication and OTP are still used) CASE 4
  42. 42. - 42 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Iris Registration(1/2) Iris-login Information Agree Term Create Samsung Account Iris Registration Start Login Select Iris-Login 1 2 3 4 5 6 CASE 4 (Source: KEB Hana Bank APP)
  43. 43. - 43 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Iris Registration(2/2) Check User Info SMS / Security Card Authentication Show Iris Info Samsung PASS info Agree S-PASS Term Set S-PASS PIN Iris Authentication Registration End 7 8 9 10 11 12 13 14 CASE 4 (Source: www.etnews.com)
  44. 44. - 44 -Copyright © 2016 KICA. All Rights Reserved. 6. KEB Hana Bank: Money Transfer ARS AuthenticationStart Money Transfer Iris Authentication End Money Transfer 1 2 3 4 ARS: 2-channeal authentication (phone, internet) Withdrawal account information Deposit account information CASE 4 (Source: www.etnews.com)
  45. 45. - 45 -Copyright © 2016 KICA. All Rights Reserved. Android iOS Windows Easy Payments Credit Card Payments Internet Banking Authentication Login Android Samsung LG Others Windows PCs Mobile App Stores Google Play iOS AppStore 7. CASE5: Wooribank General Purpose Protocols FIDO(UAF) K-FIDO(UAF) Hardware ARM TrustZone Secure Element USIM IC Card Software In Apps Security Foundations On Device Fingerprint Iris PIN Voice Face Platforms Distribution On Premise Type ASP Type Samsung Pay KICA Samsung PASS Cloud Type Security as a Service Authenticator Use CasesServices Model  Iris based K-FIDO Service  Wooribank: This model provides a iris authentication of Samsung Pass instead of accredited certificate password for site login, money transfer and so on using Samsung smartphone. (No use ARS authentication and security card) CASE 5
  46. 46. - 46 -Copyright © 2016 KICA. All Rights Reserved. 7. Wooribank: Certificate Registration Bio-Auth CenterLogin Start Registration User Notification Agree Term Mobile Authentication Iris Authentication Certificate Issuance Complete Registration 1 2 3 4 5 6 7 8 9 CASE 5 (Source: www.etnews.com)
  47. 47. - 47 -Copyright © 2016 KICA. All Rights Reserved. 7. Wooribank: Login / Money Transfer Select Money TransferWooribank APP Iris Authentication Iris Verification Input account info Confirm info Iris Verification Complete Transfer 1 2 3 4 Login 1 2 3 4 Money Transfer CASE 5 (Source: wooribank APP)
  48. 48. Dr. Jae Jung Kim (jjkim@signgate.com)

×