1. No category

IoT Authentication

PKI (ITU X.509) for On-line & Off-line
"IoT Authentication for Emergency & Offline Payment
during Earthquake, Power Disruption, Typhoon”
Unho Choi, Ph.D. UNHCR
Offline e-Gov. + Disaster Situation
International Donation ?
UNHCR Cash ?
Global Fund ?
WFP electronic cards ?
NGO ?
ATM ?
POS ? Bank ?
IoT Authentication ?
Copyright © Unho Choi 2015
FIDO Alliance
Bio Sensor + PKI = Secure Domain (FIDO)
Tokenization with
Dynamic code(OTP) = ?
Authentication
Server
“B9E2995B2B7602AE825CE7DE819F10
F088419E595A9AAE81919EF58”
APPLE PKI ?
PKI – DEVELOPING COUNTRY
Nigeria, Kenya ……
Mongolia
ICAO, e-UNLP ……
Iran
Morocco
Equator
Vietnam
Philippines
Jordan
Rwanda
Egypt
Cameroon
Brunei
Iraq
Costa
Rica
Indonesia
Kenya
US, France, Sweden,
Panama
Germany,
Turkey,
Norway ……
completed
Proceeding
Started
PKI (ITU X.509)
Public Key Certificate
Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity
Period / Public Key
< Before user registration >
Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature
Extended Validation
(Empty)
Public Key Certificate
< After user registration >
Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity
Period / Public Key
Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature
Extended Validation
“B9E2995B2B7602
AE825CE7DE819F
10F088419E595A9
AAE81919EF58
 Biometric Code + at least one of Additional Code
Bar Code/ QR / UPC / RFID / URL /CRL
/ PUF/ GS1/ GSIN / IPv6 / MAC / MAC/
Cryptographic hash functions address/
unique identification information etc.
Copyright © Unho Choi May 2015
Muiti Application on e-ID
Multi App
1 App
3 App´s
eService
eService
eHealth
eTicketing
Example
Finland
FINID
Italy
CNS
5 App´s
eService
eDL
eGate
eBanking
eLibrary
Hong Kong
HKSAR
10 App´s
eID
eService
eHealth
eTicketing
ATM
eDL
ePurse
eGates
Travel document
Malaysia
MyKad
Sample
NIGERIA - CHIP DESIGN
UBIQUITOUS AUTHENTICATION MANAGEMENT
National
ID
Driver
License
Medical
e-Voting
Pension
Passport
ICAO
Tax
PKI
+
Data
PKI
+
Data
PKI
+
Data
PKI
+
Data
PKI
+
Data
PKI
+
Data
PKI
+
Data
Physical
Access
/Smart
Car
PC/
Cloud
Logon
Smart
Phone
/ Smart
Home
PKI
PKI
PKI
Physical unclonable functions
IoT Authentication ?
Copyright © Unho Choi May 2015
Multi Bio Combination ?
Diverse combinations of Biometrics
Combination
2 more finger
Combination
1 finger + IRIS
Combination
Iris + Vein
Combination
Iris + Facial
Combination
Finger+ Sign
Combination
Voice+ Facial
Combination with each Palm/ Blood /
Voice / DNA / Keystroke etc.
Allocated purpose of use
Application Services
Bank/
Credit
Card
Payment
Government
Internet
Cloud
Car
IoT
911
Emergency
Allocated purpose of use
Emergency
Reset
Recover
911
Copyright © Unho Choi May 2015
IoT Authentication Key for Smart Phone
IoT Network
Communication
Terminal
Centralized
Controller
IoT Service
Provicer
Emergency
Recover
Reset
911
Copyright © Unho Choi May 2015
IoT Authentication Key for National ID ?
IoT Network
Communication
Terminal
Smart Card
Centralized
Controller
IoT Service
Provicer
Emergency
Recover
Reset
911
Copyright © Unho Choi May 2015
IoT Authentication Code ?
(a)
Biometrics
(b)
Biometrics
UPC/EPC
(c)
Biometrics
PAN
(d)
Biometrics
PUF
(e)
Biometrics
Dynamic
Signature
(f)
Biometrics
Activity
feature
(g)
Biometrics
UPC/EPC
PAN
(h)
Biometrics
UPC/EPC
PAN
PUF
(i)
Biometrics
UPC/EPC
PAN
PUF
Dynamic
Signature
Copyright © Unho Choi May 2015
IoT Authentication Code Format
Biometric code
PAN code
(j)
B9E2995B2B7602AE825CE7DE819F10F088419E595A9AA
Biometric code
(k)
PAN code
UPC/EPC
OTP
PUF code
B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58
UPC/EPC
Emergency
Recover
PUF code
Reset
911
Copyright © Unho Choi May 2015
On-line & Off-line
Online application (with GEO location / GPS)
Bank
Credit Card
e-Government
Cloud
Internet
1st Public Key for on-line
at Authentication Server
Off-line application support for each service etc. by Government & Financial Authority
Bio Sensor on ATM
for cash withdrawal etc.
Bio Sensor on POS
for buy food etc.
Bio Sensor on Centralized
Controller
for control IoT Devices etc.
Bio Sensor on Smart
Card/Phone
for control Smart Car etc.
2nd Public Key for off-line for ATM, POS, Centralized Controller, Phone/Card
Store with Private Key at Secure Domain (IC Chip)
Copyright © Unho Choi May 2015
Key Distribution
United Nations
Public Key
Private Key
UN CA
(Certificate Authority)
“B 9 E29 95B2B760 2AE8 25CE7DE819F10F
Bank
WFP
Public Key
Public Key
Global Fund
Public Key
UNDP
Public Key
ATM, POS (Off-line)
Public Key
Private Key
Copyright © Unho Choi May 2015
Operation Process
Biometrics data
acquisition module
Biometrics data
management module
Key management
module
Biometric
authentication module
VPN management
module
Authentication
execution module
OTP generation
module
Device data acquisition
module
Copyright © Unho Choi May 2015
Q&A
“ Take chain of Mountain view ”
Unho Choi
Ph.D., CGEIT, CRISC, ISO 27001, CISSP, PMP
[email protected]

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz