SlideShare a Scribd company logo

Secure Elements in Web Applications

O
Olivier Potonniée

The Path to Inter-Industry Standards for Utilizing Secure Elements in Web Applications

Technology
1 of 15
Download to read offline
The Path to Inter-Industry Standards for Utilizing Secure Elements in Web Applications Olivier POTONNIEE, Karen LU September 2015
Secure Elements and The Web Secure Elements in Web Applications2 Telecom • Login / Strong Authentication Payment • Card-present eCommerce ID • eGov • Authentication & Signature Transport • View balance • Reload / Buy tickets online
Low level Secure Element APIs PC/SC Open Mobile API (OMAPI) 8.1:  10:  3 Secure Elements in Web Applications
Cross-Platform Secure Element (SE) API Secure Elements in Web Applications4 PC/SC (MSWindows, MacOS, Linux) OMAPI (Android) NFC Desktop Mobile Web Applications Web Runtime OS Secure Element API Access Control …
Secure Element API Standardization Proposed to W3C (SysApps & WebCrypto WGs) http://opoto.github.io/secure-element/ Transferred to a GlobalPlatform WG https://github.com/globalplatform Implementation Included in Firefox OS 2.2 (June 2015) 5 Secure Elements in Web Applications
Secure Element API Secure Elements in Web Applications6 Transport-level API (similar to SIM Alliance’s OMAPI) Secure Element Manager Reader Session Channel Enumerate readers SE insertion / removal events Is SE present? Connect to SE SE ATR Connect to Applet Basic / Logical Transmit APDUs
Access Control Toolbox Secure Elements in Web Applications7 • PIN • Secure Messaging Mutual AuthentN • GlobalPlatform Access Control Secure Element Security Model • Permissions: Access to device/resources (GPS, storage, etc…) • Same Origin Policy (SOP): Data isolation per domain Web Security Model
Access Control (1/2): The Web Secure Elements in Web Applications8 • PIN • Secure Messaging Mutual AuthentN • GlobalPlatform Access Control Secure Element Security Model • Permissions: Access to device/resources (GPS, storage, etc…) • Same Origin Policy (SOP): Data isolation per domain Web Security Model
Domain-binded SE apps (SOP compliant) Secure Elements in Web Applications9 An SE app with one credential per domain An SE app is tied to a single domain, which hosts a centralized service Other apps use a delegation protocol to use the centralized service Identity Provider SAML/OpenID Connect Login Authenticate Service Provider (Relying Party)
Access Control (2/2): Secure Elements Secure Elements in Web Applications10 • PIN • Secure Messaging Mutual AuthentN • GlobalPlatform Access Control Secure Element Security Model • Permissions: Access to device/resources (GPS, storage, etc…) • Same Origin Policy (SOP): Data isolation per domain Web Security Model
Access Control Enforcer GlobalPlatform Access Control Secure Elements in Web Applications11 Access Rules SE Application Cached Access Rules User Device Application Access Rule: Authorizes a specific app on device to access a specific app on SE [and send specific commands] http://www.globalplatform.org/specificationsdevice.asp
Secure Element API to build Trusted Services AuthentN Signature Payment Reload Web Applications … Public APIs Restricted APIs WebRuntime Privilege apps, e.g. Extensions 12 Secure Elements in Web Applications Secure Element API Access Control
The security palette Secure Elements in Web Applications13 Secure Element Built-ins GlobalPlatform Access Control Trusted Services Domain Binding
Participate! Secure Elements in Web Applications14 . New Working Group: Hardware Security (HaSec) Will work on use cases and APIs http://www.w3.org/2015/hasec/2015-hasec-charter.html . New Working Group: WebApis-for-SE Will work on APIs and Implementation Chaired by Hank Chavers (hank.chavers at globalplatform.org)
Thanks! Secure Elements in Web Applications15 Questions?

Recommended

Secure element content
Secure element contentSecure element content
Secure element content
Manjula Weerasinghe
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
Leonard Moustacchis
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 

Recommended

Secure element content
Secure element contentSecure element content
Secure element content
Manjula Weerasinghe
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
Leonard Moustacchis
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Richard Bullington-McGuire
 
Smart Card Authentication
Smart Card AuthenticationSmart Card Authentication
Smart Card Authentication
Dan Usher
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
What UICC Means for NFC & Security
What UICC Means for NFC & SecurityWhat UICC Means for NFC & Security
What UICC Means for NFC & Security
ForgeRock
 
CNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsCNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile payments
Sam Bowne
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 
Identity & access management jonas syrstad
Identity & access management jonas syrstadIdentity & access management jonas syrstad
Identity & access management jonas syrstad
Meandmine2
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to Solus
Solus
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3
Agile Set, LLC
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
End point control
End point controlEnd point control
End point control
Lan & Wan Solutions
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
Andrea Colombetti
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
Sam Bowne
 
Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891
Lan & Wan Solutions
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
Sam Bowne
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
Auth-Shield
Auth-ShieldAuth-Shield
Auth-Shield
Chetan Kapila
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
FIDO Alliance
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
Faults
FaultsFaults
Faults
Meganbri03
 

More Related Content

What's hot

Identity & access management jonas syrstad
Identity & access management jonas syrstadIdentity & access management jonas syrstad
Identity & access management jonas syrstad
Meandmine2
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
Hai Nguyen
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3
Agile Set, LLC
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
Andrea Colombetti
 
Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891
Lan & Wan Solutions
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 

What's hot (20)

What UICC Means for NFC & Security
What UICC Means for NFC & SecurityWhat UICC Means for NFC & Security
What UICC Means for NFC & Security
 
CNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile paymentsCNIT 128: 9: Mobile payments
CNIT 128: 9: Mobile payments
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
Identity & access management jonas syrstad
Identity & access management jonas syrstadIdentity & access management jonas syrstad
Identity & access management jonas syrstad
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to Solus
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
 
Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3Neumann 24727 B10.12 Update 20091029 AM R3
Neumann 24727 B10.12 Update 20091029 AM R3
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
End point control
End point controlEnd point control
End point control
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891Useridentity 150909123719-lva1-app6891
Useridentity 150909123719-lva1-app6891
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
 
TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 
Auth-Shield
Auth-ShieldAuth-Shield
Auth-Shield
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 

Viewers also liked

Event driven network
Event driven networkEvent driven network
Event driven network
Harish B
 
Records and Information Management Survey by MCS Management Services
Records and Information Management Survey by MCS Management ServicesRecords and Information Management Survey by MCS Management Services
Records and Information Management Survey by MCS Management Services
MCS Management Services
 
Things to consider in the learning
Things to consider in the learningThings to consider in the learning
Things to consider in the learning
epafroditus
 
Beyond These Walls - Back to School PPT
Beyond These Walls - Back to School PPTBeyond These Walls - Back to School PPT
Beyond These Walls - Back to School PPT
MarcJScott
 
Senior Project 12 pics.
Senior Project 12 pics.Senior Project 12 pics.
Senior Project 12 pics.
Selena Maddox
 
Osb developer's guide
Osb developer's guideOsb developer's guide
Osb developer's guide
Harish B
 
Considerations of a Business Partnership
Considerations of a Business PartnershipConsiderations of a Business Partnership
Considerations of a Business Partnership
Joseph Treff
 
Rambus corporate-overview
Rambus corporate-overviewRambus corporate-overview
Rambus corporate-overview
Rambus
 

Viewers also liked (20)

Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 
Faults
FaultsFaults
Faults
 
Event driven network
Event driven networkEvent driven network
Event driven network
 
Records and Information Management Survey by MCS Management Services
Records and Information Management Survey by MCS Management ServicesRecords and Information Management Survey by MCS Management Services
Records and Information Management Survey by MCS Management Services
 
Differeniation
DiffereniationDiffereniation
Differeniation
 
Things to consider in the learning
Things to consider in the learningThings to consider in the learning
Things to consider in the learning
 
A Discourse on e-Discovery - MCS Management Services
A Discourse on e-Discovery - MCS Management ServicesA Discourse on e-Discovery - MCS Management Services
A Discourse on e-Discovery - MCS Management Services
 
Beyond These Walls - Back to School PPT
Beyond These Walls - Back to School PPTBeyond These Walls - Back to School PPT
Beyond These Walls - Back to School PPT
 
Senior Project 12 pics.
Senior Project 12 pics.Senior Project 12 pics.
Senior Project 12 pics.
 
Herba LIfe
Herba LIfeHerba LIfe
Herba LIfe
 
Efectos tardios quimioterapia
Efectos tardios quimioterapiaEfectos tardios quimioterapia
Efectos tardios quimioterapia
 
Osb developer's guide
Osb developer's guideOsb developer's guide
Osb developer's guide
 
OMA Overview of the Organization & Work
OMA Overview of the Organization & WorkOMA Overview of the Organization & Work
OMA Overview of the Organization & Work
 
Considerations of a Business Partnership
Considerations of a Business PartnershipConsiderations of a Business Partnership
Considerations of a Business Partnership
 
Records & Information Management and the Law Firm - MCS Management Services
Records & Information Management and the Law Firm - MCS Management ServicesRecords & Information Management and the Law Firm - MCS Management Services
Records & Information Management and the Law Firm - MCS Management Services
 
FIPS 201 / PIV
FIPS 201 / PIVFIPS 201 / PIV
FIPS 201 / PIV
 
Poaching
PoachingPoaching
Poaching
 
Poaching
PoachingPoaching
Poaching
 
Rambus corporate-overview
Rambus corporate-overviewRambus corporate-overview
Rambus corporate-overview
 
Understanding Digital Payments
Understanding Digital PaymentsUnderstanding Digital Payments
Understanding Digital Payments
 

Similar to Secure Elements in Web Applications

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
CA API Management
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
CA API Management
 
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
mfrancis
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
Jorge Orchilles
 

Similar to Secure Elements in Web Applications (20)

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
Meet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_finalMeet up slides_mumbai_21032020_final
Meet up slides_mumbai_21032020_final
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current era
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
Uncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdf
 
Uncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdf
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
 
Anypoint platform security components
Anypoint platform security componentsAnypoint platform security components
Anypoint platform security components
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
 
Baltimore jan2019 mule4
Baltimore jan2019 mule4Baltimore jan2019 mule4
Baltimore jan2019 mule4
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
 
Spsbe15 high-trust apps for on-premises development
Spsbe15 high-trust apps for on-premises developmentSpsbe15 high-trust apps for on-premises development
Spsbe15 high-trust apps for on-premises development
 
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
The Role of the OSGi Gateway in GST Security Objectives and Architecture - An...
 
Syn framework 4.0 and sql server
Syn framework 4.0 and sql serverSyn framework 4.0 and sql server
Syn framework 4.0 and sql server
 
IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Secure Elements in Web Applications

  • 1. The Path to Inter-Industry Standards for Utilizing Secure Elements in Web Applications Olivier POTONNIEE, Karen LU September 2015
  • 2. Secure Elements and The Web Secure Elements in Web Applications2 Telecom • Login / Strong Authentication Payment • Card-present eCommerce ID • eGov • Authentication & Signature Transport • View balance • Reload / Buy tickets online
  • 3. Low level Secure Element APIs PC/SC Open Mobile API (OMAPI) 8.1:  10:  3 Secure Elements in Web Applications
  • 4. Cross-Platform Secure Element (SE) API Secure Elements in Web Applications4 PC/SC (MSWindows, MacOS, Linux) OMAPI (Android) NFC Desktop Mobile Web Applications Web Runtime OS Secure Element API Access Control …
  • 5. Secure Element API Standardization Proposed to W3C (SysApps & WebCrypto WGs) http://opoto.github.io/secure-element/ Transferred to a GlobalPlatform WG https://github.com/globalplatform Implementation Included in Firefox OS 2.2 (June 2015) 5 Secure Elements in Web Applications
  • 6. Secure Element API Secure Elements in Web Applications6 Transport-level API (similar to SIM Alliance’s OMAPI) Secure Element Manager Reader Session Channel Enumerate readers SE insertion / removal events Is SE present? Connect to SE SE ATR Connect to Applet Basic / Logical Transmit APDUs
  • 7. Access Control Toolbox Secure Elements in Web Applications7 • PIN • Secure Messaging Mutual AuthentN • GlobalPlatform Access Control Secure Element Security Model • Permissions: Access to device/resources (GPS, storage, etc…) • Same Origin Policy (SOP): Data isolation per domain Web Security Model
  • 8. Access Control (1/2): The Web Secure Elements in Web Applications8 • PIN • Secure Messaging Mutual AuthentN • GlobalPlatform Access Control Secure Element Security Model • Permissions: Access to device/resources (GPS, storage, etc…) • Same Origin Policy (SOP): Data isolation per domain Web Security Model
  • 9. Domain-binded SE apps (SOP compliant) Secure Elements in Web Applications9 An SE app with one credential per domain An SE app is tied to a single domain, which hosts a centralized service Other apps use a delegation protocol to use the centralized service Identity Provider SAML/OpenID Connect Login Authenticate Service Provider (Relying Party)
  • 10. Access Control (2/2): Secure Elements Secure Elements in Web Applications10 • PIN • Secure Messaging Mutual AuthentN • GlobalPlatform Access Control Secure Element Security Model • Permissions: Access to device/resources (GPS, storage, etc…) • Same Origin Policy (SOP): Data isolation per domain Web Security Model
  • 11. Access Control Enforcer GlobalPlatform Access Control Secure Elements in Web Applications11 Access Rules SE Application Cached Access Rules User Device Application Access Rule: Authorizes a specific app on device to access a specific app on SE [and send specific commands] http://www.globalplatform.org/specificationsdevice.asp
  • 12. Secure Element API to build Trusted Services AuthentN Signature Payment Reload Web Applications … Public APIs Restricted APIs WebRuntime Privilege apps, e.g. Extensions 12 Secure Elements in Web Applications Secure Element API Access Control
  • 13. The security palette Secure Elements in Web Applications13 Secure Element Built-ins GlobalPlatform Access Control Trusted Services Domain Binding
  • 14. Participate! Secure Elements in Web Applications14 . New Working Group: Hardware Security (HaSec) Will work on use cases and APIs http://www.w3.org/2015/hasec/2015-hasec-charter.html . New Working Group: WebApis-for-SE Will work on APIs and Implementation Chaired by Hank Chavers (hank.chavers at globalplatform.org)
  • 15. Thanks! Secure Elements in Web Applications15 Questions?