SlideShare a Scribd company logo

SOTP_Introduction

Download as PPTX, PDF
J
Johnson Wu
1 of 13
SOTP Introduction ——QIWI Solutions SOTP
AGENDA ✧Background ✧Function ✧Feature ✧Application ✧Solution
NOW In 2015, Symantec Reports 160 Billions lost on network security issues. In 2015, 300 millions PC and 2 billions production. TREND Background Tokenless Cloud based authentication Big data online and mobile applications are highly susceptible to cyber- attacks and frauds, have become increasingly sophisticated.
Background- Traditional Security Technologies limitation Infrastructure of Information Security is Cryptography OTP & PKI based on black box Algorithms Traditional Cryptography Limitation Public Algorithms + Key Fixed & public Algorithm,, Private Key Key and hardware protection. Challenge Mobile Device without hardware protection Key, easy to be disclosured in Open OS. Extra hardware device not easy to carry out and complicated operation is not friendly for end users Convenience Requirement
SOTP Functions SOTP(Super One-Time-Password), a unique and strong Multi-Factor Authentication Solution, adopts a new cryptosystem based refactoring algorithm, to ensure the reliability of cross- platform mobile and web application SOTP Enhanced Authentication Channel Encryption Storage Encryption Tokenization Multiple Factors Bi-Directional authentication Without Keys Dynamic algorithms Bi-Directional authentication Create Channel encryption Multiple Factors Dynamic algorithms Sensitive information tokenization
SOTP Features Flexible Products SOTP could be plug-ins, SDKS, or whole security solutions for Data encryption, channel encryption and Authentication. Multi-Factors SOTP authentication factors includes Time, geolocation, Hardware device, APP information, Action and others Tokenless Compared to OTP and PKI tokens, which have the unique key inside of tokens and public algorithms. SOTP has the unique algorithms for each user, supports algorithms updating via plug-ins. Ensure security of online and mobile application while keeping it convenient and transparent for users.
SOTP Structure Payment Application System SOTP ServerApi SOTP ServerApi SOTP Client API Intranet Internet SOTP HSM SOTP Authentication Server SOTP Plug-ins Server SOTP Authentication System SOTP Database Server SOTP Client API SOTP Client API
SOTP Application- Register ✧ SOTP Logon ✧ SOTP Secure Payment ✧ SOTP SMS Encryption ✧ SOTP Channel Encryption ✧ SOTP Data Encryption ✧ Risk Control System (Option) SOTP Secure Solutions: Payment 实名认证 Mobile Logon SMS Channel Encryption PC Logon Data Encryption SOTP First Time Register Upload ID Card Verify ID Download SOTP Take dynamic video or photos and upload Verify ID and Phots ✧ Verify ID correction ✧ Verify ID and Photos consistency ✧ Download SOTP
SOTP Application- Authentication Download Plug-ins Mobile Device APP Payment APP SOTP Plug-ins Person-Algo Bi-directional SCP Payment Server Application System SOTP Auth Server HSM Device APP code User Multi-factor c alculate pass word Bi-direction Channel encr yption Mobile Device APP SDK Payment server Application System SOTP Downloa d Server HSM Device APP code User 1. Get hardware device information from APP 2. Submit APP information to SOTP download server. 3. Accord APP information to generate unique algorithm. 4. Combined unique algorithms and keys to distribute to end user app via plug-ins. Authentication & Transmission 1. Check plug-ins status 2. Calculate passcode with multi-factors 3. Submit the passcode to server authentication 4. Authentication successful, generate session key to guarantee the transmission security.
1. APP Server encrypted SMS via SOTP Server, SMS only can be decrypted by unique plug-ins mobile client . 2. Encrypted SMS send to SMS gateway, then transfer to mobile client 3. Decrypted SMS via SOTP plug-ins. SOTP SMS Encryption 1. Data encryption key is managed by SOTP Server. 2. Encrypted local key by SOTP, and decrypted local key by unique plug-ins. 3. Dynamic data protection through SOTP SDK. 4. Supports SOTP Key updating by update plug- ins Data Encryption SOTP Authentication Solutions Mobile Device APP SDK APP Server APP Server SOTP Server SOTP Databas e Device APP code User Mobile Device APP SDK APP Server SMS Gateway APP Server OTP Server Device APP code User
1. Input username on PC, and send it to server 2. Verify user and send logon request to mobile device 3. Confirm logon request on mobile device, and send it to server 4. PC logon successful PC client Logon (1) Mobile Device APP SOTP Plug-ins APP Server APP Server SOTP Server Device APP Code User Input username on PC Browser or client PC Client 1. Generate QR code 2. Scaning QR code, generate logon request through SOTP 3. Verify mobile client logon request. 4. PC logon successful PC client Logon (2) Mobile Device APP Scan QR code to generate logon re quest APP Server APP Server SOTP Server Device APP Code User Generate QR code on PC Browser or client PC Client SOTP Authentication Solutions
Provide cost-effective hardware OATH tokens for existing application 1. Hardware Solutions Agile SDK for easy integration 3. SOTP Mobile SDK SOTP Authentication Solutions For QIWI 2. Risk Control Mechanism Multi-Factors logon to guarantee Mobile user identification. Detected Mobile Root & Jailbreak, provide risk control system based on different user habits, location, mobile device UDID 4. Flexible Solutions 1. Enhance Authentication Security 2. Data Storage Security 3. Bi-directional authentication 4. Channel Encryption 5. Tokenization
Thank you SOTP

Recommended

Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...
Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...
Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...Martin Prosek
 
WSO2 Telco MCX
WSO2 Telco MCXWSO2 Telco MCX
WSO2 Telco MCXEdgar Silva
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyFIDO Alliance
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactionslfilliat
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotpHai Nguyen
 

Recommended

Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...
Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...
Mobile Identity 2013 - Optimising and simplifying authentication and authoriz...Martin Prosek
 
WSO2 Telco MCX
WSO2 Telco MCXWSO2 Telco MCX
WSO2 Telco MCXEdgar Silva
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyFIDO Alliance
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactionslfilliat
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotpHai Nguyen
 
Презентация компании Siemens "Система контроля и управления доступом Aliro"
Презентация компании Siemens "Система контроля и управления доступом Aliro"Презентация компании Siemens "Система контроля и управления доступом Aliro"
Презентация компании Siemens "Система контроля и управления доступом Aliro"journalrubezh
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
KazooCon 2014 - Control Cellular Service via APIs
KazooCon 2014 - Control Cellular Service via APIsKazooCon 2014 - Control Cellular Service via APIs
KazooCon 2014 - Control Cellular Service via APIs2600Hz
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Digital authentication
Digital authenticationDigital authentication
Digital authenticationallanh0526
 
Mobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsMobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsFIDO Alliance
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCloudIDSummit
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service Nya
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
Expected Use Cases of FIDO Authentication in Social Apps
Expected Use Cases of FIDO Authentication in Social AppsExpected Use Cases of FIDO Authentication in Social Apps
Expected Use Cases of FIDO Authentication in Social AppsFIDO Alliance
 
FAD® | Autograph signature on electronic media
FAD® | Autograph signature on electronic mediaFAD® | Autograph signature on electronic media
FAD® | Autograph signature on electronic mediaFirma Autógrafa Digital
 
Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axel de Blok
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCloudIDSummit
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Trlfilliat
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber SecurityArtanContracting
 

More Related Content

What's hot

Презентация компании Siemens "Система контроля и управления доступом Aliro"
Презентация компании Siemens "Система контроля и управления доступом Aliro"Презентация компании Siemens "Система контроля и управления доступом Aliro"
Презентация компании Siemens "Система контроля и управления доступом Aliro"journalrubezh
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
KazooCon 2014 - Control Cellular Service via APIs
KazooCon 2014 - Control Cellular Service via APIsKazooCon 2014 - Control Cellular Service via APIs
KazooCon 2014 - Control Cellular Service via APIs2600Hz
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Digital authentication
Digital authenticationDigital authentication
Digital authenticationallanh0526
 
Mobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsMobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsFIDO Alliance
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCloudIDSummit
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service Nya
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
Expected Use Cases of FIDO Authentication in Social Apps
Expected Use Cases of FIDO Authentication in Social AppsExpected Use Cases of FIDO Authentication in Social Apps
Expected Use Cases of FIDO Authentication in Social AppsFIDO Alliance
 
FAD® | Autograph signature on electronic media
FAD® | Autograph signature on electronic mediaFAD® | Autograph signature on electronic media
FAD® | Autograph signature on electronic mediaFirma Autógrafa Digital
 
Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axel de Blok
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCloudIDSummit
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 

What's hot (19)

Презентация компании Siemens "Система контроля и управления доступом Aliro"
Презентация компании Siemens "Система контроля и управления доступом Aliro"Презентация компании Siemens "Система контроля и управления доступом Aliro"
Презентация компании Siemens "Система контроля и управления доступом Aliro"
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
KazooCon 2014 - Control Cellular Service via APIs
KazooCon 2014 - Control Cellular Service via APIsKazooCon 2014 - Control Cellular Service via APIs
KazooCon 2014 - Control Cellular Service via APIs
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
 
Digital authentication
Digital authenticationDigital authentication
Digital authentication
 
Mobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsMobile Connect and the FIDO standards
Mobile Connect and the FIDO standards
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
Expected Use Cases of FIDO Authentication in Social Apps
Expected Use Cases of FIDO Authentication in Social AppsExpected Use Cases of FIDO Authentication in Social Apps
Expected Use Cases of FIDO Authentication in Social Apps
 
FAD® | Autograph signature on electronic media
FAD® | Autograph signature on electronic mediaFAD® | Autograph signature on electronic media
FAD® | Autograph signature on electronic media
 
Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 

Similar to SOTP_Introduction

Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Trlfilliat
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber SecurityArtanContracting
 
WSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoWSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoMifan Careem
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfDimitrisLogothetis10
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEurotech
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET Journal
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)Andrea Colombetti
 
Soracom iot handsonworkshop_canada_uploads
Soracom iot handsonworkshop_canada_uploadsSoracom iot handsonworkshop_canada_uploads
Soracom iot handsonworkshop_canada_uploadsSoracom Global, Inc.
 
Soracom iot hands-on workshop in Montreal
Soracom iot hands-on workshop in MontrealSoracom iot hands-on workshop in Montreal
Soracom iot hands-on workshop in MontrealSoracom Global, Inc.
 
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...SORACOM,INC
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentKona Software Lab Limited.
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCloudIDSummit
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 

Similar to SOTP_Introduction (20)

Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Tr
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
US Security for Cyber Security
US Security for Cyber SecurityUS Security for Cyber Security
US Security for Cyber Security
 
WSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected TelcoWSO2 Ecosystem platform for Connected Telco
WSO2 Ecosystem platform for Connected Telco
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioning
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTP
 
OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)OmniSource_ppt_2011_7-2 (2)(1)
OmniSource_ppt_2011_7-2 (2)(1)
 
Soracom iot handsonworkshop_canada_uploads
Soracom iot handsonworkshop_canada_uploadsSoracom iot handsonworkshop_canada_uploads
Soracom iot handsonworkshop_canada_uploads
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Soracom iot hands-on workshop in Montreal
Soracom iot hands-on workshop in MontrealSoracom iot hands-on workshop in Montreal
Soracom iot hands-on workshop in Montreal
 
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
FiSH 2017 (Fukuoka International Startup Hub)| SORACOM The secure, scalable, ...
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul MadsenCIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
CIS 2015- IoT? The ‘I’ needs to be ‘Identity’- Paul Madsen
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 

SOTP_Introduction

  • 3. NOW In 2015, Symantec Reports 160 Billions lost on network security issues. In 2015, 300 millions PC and 2 billions production. TREND Background Tokenless Cloud based authentication Big data online and mobile applications are highly susceptible to cyber- attacks and frauds, have become increasingly sophisticated.
  • 4. Background- Traditional Security Technologies limitation Infrastructure of Information Security is Cryptography OTP & PKI based on black box Algorithms Traditional Cryptography Limitation Public Algorithms + Key Fixed & public Algorithm,, Private Key Key and hardware protection. Challenge Mobile Device without hardware protection Key, easy to be disclosured in Open OS. Extra hardware device not easy to carry out and complicated operation is not friendly for end users Convenience Requirement
  • 5. SOTP Functions SOTP(Super One-Time-Password), a unique and strong Multi-Factor Authentication Solution, adopts a new cryptosystem based refactoring algorithm, to ensure the reliability of cross- platform mobile and web application SOTP Enhanced Authentication Channel Encryption Storage Encryption Tokenization Multiple Factors Bi-Directional authentication Without Keys Dynamic algorithms Bi-Directional authentication Create Channel encryption Multiple Factors Dynamic algorithms Sensitive information tokenization
  • 6. SOTP Features Flexible Products SOTP could be plug-ins, SDKS, or whole security solutions for Data encryption, channel encryption and Authentication. Multi-Factors SOTP authentication factors includes Time, geolocation, Hardware device, APP information, Action and others Tokenless Compared to OTP and PKI tokens, which have the unique key inside of tokens and public algorithms. SOTP has the unique algorithms for each user, supports algorithms updating via plug-ins. Ensure security of online and mobile application while keeping it convenient and transparent for users.
  • 7. SOTP Structure Payment Application System SOTP ServerApi SOTP ServerApi SOTP Client API Intranet Internet SOTP HSM SOTP Authentication Server SOTP Plug-ins Server SOTP Authentication System SOTP Database Server SOTP Client API SOTP Client API
  • 8. SOTP Application- Register ✧ SOTP Logon ✧ SOTP Secure Payment ✧ SOTP SMS Encryption ✧ SOTP Channel Encryption ✧ SOTP Data Encryption ✧ Risk Control System (Option) SOTP Secure Solutions: Payment 实名认证 Mobile Logon SMS Channel Encryption PC Logon Data Encryption SOTP First Time Register Upload ID Card Verify ID Download SOTP Take dynamic video or photos and upload Verify ID and Phots ✧ Verify ID correction ✧ Verify ID and Photos consistency ✧ Download SOTP
  • 9. SOTP Application- Authentication Download Plug-ins Mobile Device APP Payment APP SOTP Plug-ins Person-Algo Bi-directional SCP Payment Server Application System SOTP Auth Server HSM Device APP code User Multi-factor c alculate pass word Bi-direction Channel encr yption Mobile Device APP SDK Payment server Application System SOTP Downloa d Server HSM Device APP code User 1. Get hardware device information from APP 2. Submit APP information to SOTP download server. 3. Accord APP information to generate unique algorithm. 4. Combined unique algorithms and keys to distribute to end user app via plug-ins. Authentication & Transmission 1. Check plug-ins status 2. Calculate passcode with multi-factors 3. Submit the passcode to server authentication 4. Authentication successful, generate session key to guarantee the transmission security.
  • 10. 1. APP Server encrypted SMS via SOTP Server, SMS only can be decrypted by unique plug-ins mobile client . 2. Encrypted SMS send to SMS gateway, then transfer to mobile client 3. Decrypted SMS via SOTP plug-ins. SOTP SMS Encryption 1. Data encryption key is managed by SOTP Server. 2. Encrypted local key by SOTP, and decrypted local key by unique plug-ins. 3. Dynamic data protection through SOTP SDK. 4. Supports SOTP Key updating by update plug- ins Data Encryption SOTP Authentication Solutions Mobile Device APP SDK APP Server APP Server SOTP Server SOTP Databas e Device APP code User Mobile Device APP SDK APP Server SMS Gateway APP Server OTP Server Device APP code User
  • 11. 1. Input username on PC, and send it to server 2. Verify user and send logon request to mobile device 3. Confirm logon request on mobile device, and send it to server 4. PC logon successful PC client Logon (1) Mobile Device APP SOTP Plug-ins APP Server APP Server SOTP Server Device APP Code User Input username on PC Browser or client PC Client 1. Generate QR code 2. Scaning QR code, generate logon request through SOTP 3. Verify mobile client logon request. 4. PC logon successful PC client Logon (2) Mobile Device APP Scan QR code to generate logon re quest APP Server APP Server SOTP Server Device APP Code User Generate QR code on PC Browser or client PC Client SOTP Authentication Solutions
  • 12. Provide cost-effective hardware OATH tokens for existing application 1. Hardware Solutions Agile SDK for easy integration 3. SOTP Mobile SDK SOTP Authentication Solutions For QIWI 2. Risk Control Mechanism Multi-Factors logon to guarantee Mobile user identification. Detected Mobile Root & Jailbreak, provide risk control system based on different user habits, location, mobile device UDID 4. Flexible Solutions 1. Enhance Authentication Security 2. Data Storage Security 3. Bi-directional authentication 4. Channel Encryption 5. Tokenization