PKI ITU X 509 for On-line Off-line

PKI (ITU X. 509) for On-line & Off-line "Io. T Authentication for Emergency & Offline Payment during Earthquake, Power Disruption, Typhoon” Unho Choi, Ph. D. UNHCR

Offline e-Gov. + Disaster Situation International Donation ? UNHCR Cash ? Global Fund ? WFP electronic cards ? NGO ? ATM ? POS ? Bank ? Io. T Authentication ? Copyright © Unho Choi 2015

FIDO Alliance

Bio Sensor + PKI = Secure Domain (FIDO) Tokenization with Dynamic code(OTP) = ? Authentication Server “B 9 E 2995 B 2 B 7602 AE 825 CE 7 DE 819 F 10 F 088 419 E 595 A 9 AAE 81919 EF 58”

APPLE PKI ?

PKI – DEVELOPING COUNTRY Nigeria, Kenya …… Mongolia Iran Morocco ICAO, e-UNLP …… Equator Vietnam Philippines Jordan Rwanda Egypt Cameroon Brunei Iraq Costa Rica Indonesia Kenya US, France, Sweden, Panama Germany, Turkey, Norway …… completed Proceeding Started

PKI (ITU X. 509) Public Key Certificate Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key < Before user registration > Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature Extended Validation (Empty) Public Key Certificate < After user registration > Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature Extended Validation “B 9 E 2995 B 2 B 7602 AE 825 CE 7 DE 819 F 10 F 0 88419 E 595 A 9 AAE 81 919 EF 58 §Biometric Code + at least one of Additional Code Bar Code/ QR / UPC / RFID / URL /CRL / PUF/ GS 1/ GSIN / IPv 6 / MAC/ Cryptographic hash functions address/ unique identification information etc. Copyright © Unho Choi May 2015

Muiti Application on e-ID Multi App 1 App 3 App´s e. Service e. Health e. Ticketing Example Finland FINID Italy CNS 5 App´s e. Service e. DL e. Gate e. Banking e. Library Hong Kong HKSAR 10 App´s e. ID e. Service e. Health e. Ticketing ATM e. DL e. Purse e. Gates Travel document Malaysia My. Kad

Sample NIGERIA - CHIP DESIGN

UBIQUITOUS AUTHENTICATION MANAGEMENT National ID Driver License Medical e-Voting Pension Passport ICAO Tax PKI + Data PKI + Data Physical Access /Smart Car PC/ Cloud Logon Smart Phone / Smart Home PKI PKI Physical unclonable functions Io. T Authentication ? Copyright © Unho Choi May 2015

Multi Bio Combination ? Diverse combinations of Biometrics Combination 2 more finger Combination 1 finger + IRIS Combination Iris + Vein Combination Iris + Facial Combination Finger+ Sign Combination Voice+ Facial Combination with each Palm/ Blood / Voice / DNA / Keystroke etc. Allocated purpose of use Application Services Bank/ Credit Card Payment Government Internet Cloud Car Io. T 911 Emergency Allocated purpose of use Emergency Reset Recover 911 Copyright © Unho Choi May 2015

Io. T Authentication Key for Smart Phone Io. T Network Communication Terminal Centralized Controller Io. T Service Provicer Emergency Recover Reset 911 Copyright © Unho Choi May 2015

Io. T Authentication Key for National ID ? Io. T Network Communication Terminal Smart Card Centralized Controller Io. T Service Provicer Emergency Recover Reset 911 Copyright © Unho Choi May 2015

Io. T Authentication Code ? (a) Biometrics (b) Biometrics UPC/EPC (c) Biometrics PAN (d) Biometrics PUF (e) Biometrics Dynamic Signature (f) Biometrics Activity feature (g) Biometrics UPC/EPC PAN (h) Biometrics UPC/EPC PAN PUF (i) Biometrics UPC/EPC PAN PUF Dynamic Signature Copyright © Unho Choi May 2015

Io. T Authentication Code Format Biometric code PAN code (j) B 9 E 2995 B 2 B 7602 AE 825 CE 7 DE 819 F 10 F 088419 E 595 A 9 AA Biometric code (k) PAN code UPC/EPC OTP PUF code B 9 E 2995 B 2 B 7602 AE 825 CE 7 DE 819 F 10 F 088419 E 595 A 9 AAE 81919 EF 58 UPC/EPC Emergency Recover PUF code Reset 911 Copyright © Unho Choi May 2015

On-line & Off-line Online application (with GEO location / GPS) Bank Credit Card e-Government Cloud Internet 1 st Public Key for on-line at Authentication Server Off-line application support for each service etc. by Government & Financial Authority Bio Sensor on ATM for cash withdrawal etc. Bio Sensor on POS for buy food etc. Bio Sensor on Centralized Controller for control Io. T Devices etc. Bio Sensor on Smart Card/Phone for control Smart Car etc. 2 nd Public Key for off-line for ATM, POS, Centralized Controller, Phone/Card Store with Private Key at Secure Domain (IC Chip) Copyright © Unho Choi May 2015

Key Distribution United Nations Public Key Private Key UN CA (Certificate Authority) “B 9 E 2995 B 2 B 7602 AE 825 CE 7 DE 819 F 10 F Bank Public Key WFP Public Key Global Fund Public Key UNDP Public Key ATM, POS (Off-line) Public Key Private Key Copyright © Unho Choi May 2015

Operation Process Biometrics data acquisition module Biometrics data management module Key management module Biometric authentication module VPN management module Authentication execution module OTP generation module Device data acquisition module Copyright © Unho Choi May 2015

Q&A “ Take chain of Mountain view ” Unho Choi Ph. D. , CGEIT, CRISC, ISO 27001, CISSP, PMP choi@unhcr. org