Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Similar documents
eidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister

Security Strategy for Mobile ID GSMA Mobile Connect Summit

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

Bringing you an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator. Mars 2016

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Die Zukunft des M-Payment The future of m-payment NFC. Andreas Johne. Düsseldorf, 25. Januar 2008

NFC Identity and Access Control

Identity and Authentication PKI Portfolio

cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH

IDGo Middleware and SDK for Mobile Devices

AS emas emudhra Authentication Solution

SurePassID ServicePass User Guide. SurePassID Authentication Server 2017

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

August, Actividentity CTO Office

Secure Over-The-Air Services in NFC Ecosystems

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

The UICC. Recent Work of SCP and Related Security Aspects. Dr. Klaus Vedder Chairman ETSI TC SCP

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

A NEW MODEL FOR AUTHENTICATION

The Open Protocol for Access Control Identification and Ticketing with PrivacY

Scalable Security solutions to enable Cyber Security and to manage Digital Identities

FIPS and Mobility (SP Derived PIV Credentials) Sal Francomacaro FIPS201/PIV Team NIST ITL Computer Security Division

YubiKey Smart Card Minidriver User Guide. Installation and Usage YubiKey 4, YubiKey 4 Nano, YubiKey 4C, YubiKey 4C Nano, YubiKey NEO, YubiKey NEO-n

Secure Lightweight Activation and Lifecycle Management

Cryptologic and Cyber Systems Division

Overview of cryptovision's eid Product Offering. Presentation & Demo

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

YubiKey Smart Card Minidriver User Guide. Installation and Usage YubiKey 4, YubiKey 4 Nano, YubiKey 4C, YubiKey 4C Nano, YubiKey NEO, YubiKey NEO-n

Mobile/NFC Security Fundamentals. Secure Elements 101. Smart Card Alliance Webinar March 28, 2013

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

FIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies

FAMILY BROCHURE. Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

Secure Authentication for Mobile Internet Services

Java Card Technology-based Corporate Card Solutions

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Jrsys Mobile Banking Solutions

GSM Association (GSMA) Mobile Ticketing Initiative

SAP Security in a Hybrid World. Kiran Kola

Authentication Technology for a Smart eid Infrastructure.

Cyber Security and You: The Future of Physical Access in a Digital World. Chip Epps & Daniel Bailin HID Global

Dissecting NIST Digital Identity Guidelines

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions

A privacy-preserving authentication service using mobile devices

PKI is Alive and Well: The Symantec Managed PKI Service

Strong Authentication for Physical Access using Mobile Devices

Google on BeyondCorp: Empowering employees with security for the cloud era

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Verizon MDM UEM Unified Endpoint Management

hidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL

Mobile Derived Credentials Purebred Information Brief

Utimaco IS GmBH. Teo Poh Soon Director. CryptoServer Products Aachen, Germany June 2014 Page 1

CREDENTSYS CARD FAMILY

Google Identity Services for work

Strategies for the Implementation of PIV I Secure Identity Credentials

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP

Assuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09

Installation Guide for Android Revision v4.02, November 29th 2016

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

Certificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Yubico with Centrify for Mac - Deployment Guide

ENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION

PCMS. PC-linked Reader with Mass Storage.

How I Learned to Stop Worrying and Love the Internet of Things

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

ebook - TRUSTED esim TESTING FRAMEWORK - June 2016 BUILDING A TRUSTED EMBEDDED SIM TESTING FRAMEWORK IN THE AGE OF IOT

SxS Authentication solution. - SXS

How Next Generation Trusted Identities Can Help Transform Your Business

Enabling Mobile NFC CTST 2008

Cisco Desktop Collaboration Experience DX650 Security Overview

Leveraging HSPD-12 to Meet E-authentication E

Sagem Orga Strong, Global, Innovative.

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

BlackBerry Dynamics Security White Paper. Version 1.6

Junos Pulse Supported Mobile Platforms

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

Enabling Compliance for Physical and Cyber Security in Mobile Devices. Chip Epps & Daniel Bailin HID Global

Trusted identities for the cloud using open source technologies where Open ecard App meets SkIDentity

AirWatch for Android Devices for Skype for Business

Introduction to application management

New Paradigms of Digital Identity:


Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Giovanni Carnovale Technical Account Manager Southeast Europe VASCO Data Security

Enhancing the Security of Mobile Applications by using TEE and (U)SIM

Jordan Levesque - Keeping your Business Secure

Integrating AirWatch and VMware Identity Manager

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA

Strong Security Elements for IoT Manufacturing

The Benefits of EPCS Beyond Compliance August 15, 2016

The Device Has Left the Building

Transcription:

The enabler of solutions Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

SIMalliance Allows usage of Secure Elements in Mobile Devices Designed for Open Handset OS platforms Common API for Apps Mobile Applications OS and programming language agnostic Access to all kind of Secure Elements Secure Elements Easy to use API for APDU communication - The enabler of solutions 10/30/2014 Page 2

Motivation: Use Case Examples Payment Network Access Mobile Applications Ticketing Identity Management Secure Elements Company Access - The enabler of solutions 10/30/2014 Page 3

Architecture of Application Layer Mobile Applications Mobile Applications APIs Test Specifications SE provider Service Layer Transport Layer Access Control Mobile Device Generic Transport SIM Plug in Crypto API (PKCS / JCE) Crypto provider File Management Transport µsd Plug in Authentication Secure Storage Further SE Further SE Secure Element Provider Interface Storage File system Access Control Further Further Functions Further Functions Functions Secure Elements (e.g. SIM, Secure µsd, ) - The enabler of solutions 10/30/2014 Page 4

reference implementation (SEEK) Open Source project maintained by G&D since 2010 reference implementation for Android Integrated by almost all NFC Android handsets Offers drivers, applications, code samples, guidelines - The enabler of solutions 10/30/2014 Page 5

Revisions Kick-Off Release 2.02 Transport API +Service API Release 2.04 Maintenance +Recommendations for implementers Release 3.0 Maintenance +ANSI-C header Oct 2010 Mar 2011 Nov 2011 Jul 2012 Dec 2013 Feb 2014 Nov 2014 Current schedule Public draft available Release 1.01 Transport API Release 2.03 Maintenance Release 2.05 Maintenance - The enabler of solutions 10/30/2014 Page 6

Compliance Kick-Off Test Spec. 1.1 Transport API Maintenance Test Applet Test Spec. 2.0 Incl. C-Interface Mar 2013 Mar 2014 Jul 2014 Sep 2014 Nov 2014 Current schedule Device Compliance program for Test Spec. 1.0 Transport API - The enabler of solutions 10/30/2014 Page 7

The enabler of solutions Access Management Authentication & Authorization Identity Management Credential Issuance & Life-Cycle-Management Enrolment Identity Management Use credentials Mobile Applications Manage credentials External Secure Elements Secure Elements - The enabler of solutions 10/30/2014 Page 8

Solution: Secure Authentication Authentication Server 2. Forward 4. Grant access Application Server 1. Connect Applications 3. Out-Of-Band Authentication Challenge-Response protocol via OTA (OTP, PKI based or sym. signatures) Supported protocols: GSMA Mobile Connect, OATH, SAML, OpenID, FIDO - The enabler of solutions 10/30/2014 Page 9

Solution: Secure Cloud Storage Key and Certificate Management System Cloud Storage (Dropbox, Google Drive, ) Upload/Download of encrypted files Applications Key Management via OTA - The enabler of solutions 10/30/2014 Page 10

Solution: Secure System Login Key and Certificate Management System Certificate Management Domain Controller Verification Applications Key Management via OTA - The enabler of solutions 10/30/2014 Page 11

Solution: Secure Voice Key and Certificate Management System Certificate Management SIP Server 1. Registration 2. Mutual Authentication 3. Secure Voice & Messaging VoIP communication Key Management via OTA - The enabler of solutions 10/30/2014 Page 12

Solution: Derived Credentials Step 1) Authentication Derived Credential Issuer Remote provisioning of Derived Credentials e.g. NIST SP800-157, Guidelines for Personal Identity Verification (PIV) Derived Credentials Derived Credentials Provisioning System Step 2) Derived Credential Download Local provisioning of Derived Credentials e.g. EN 2(419212) (former 14890), Privacy based Chip Authentication (PCA) E.g. PIV Derived Credential Applet E.g. eidas (ANSSI, BSI, ANTS) Applet - The enabler of solutions 10/30/2014 Page 13

Solution: Vodafone Secure SIM Secure Login 2 factor authentication (access data + SIM identity) Login with End-2-End encryption Seamless integration into existing IT infrastructures No additional hardware required Easy administration via web admin portal Secure Data Encryption of E-Mails, documents, storage and VPN PKI keys and certificates are stored in the SIM Seamless integration into existing security technologies Additional hardware (Smart Cards, Security Tokens) not needed Easy administration via web admin portal Vodafone Secure SIM http://www.vodafone.de/business/firmenkunden/loesungen/security.html - The enabler of solutions 10/30/2014 Page 14

Trusted Execution Environment for Smart Connected Device Processor Normal World Secure World Trusted Execution Environment GP TEE Trusted User Interface API for secure user entry (e.g. PIN) v1.0 was published in June 2013 Rich App Rich App Rich App Trusted App Trusted App Trusted App TEE Client API Rich OS Core API Secure OS SE-API Trusted UI GP TEE Secure Element API for Secure Element Access v1.0 was published in August 2013 TEE Driver Kernel Module Microkernel Secure Elements Funding project: G&D implements currently a prototype compliant - The enabler of solutions 10/30/2014 Page 15

TEE Remote provisioning for Service Providers Secure apps OTA Download Trusted App Download Applet Trusted Service Manager Trusted Service Manager Manage credentials Management of SE and TEE security domains to reflect the business relationships Provisioning and deployment of SE applets and Trusted Applications for the TEE Personalized OTA access and lifecycle management of data and operations to unlimited number of devices. Microkernel Secure Elements - The enabler of solutions 10/30/2014 Page 16

Conclusion is implemented in many handsets (e.g. Android NFC devices from HTC, LG, Sony, Samsung) device qualification is established Mobile Applications Variety of solutions are possible First commercial services exist enables solutions Secure Elements TEE SE API enables TEE based solutions - The enabler of solutions 10/30/2014 Page 17

Thank you for your attention! Alexander Summerer Technology Consultant Mobile Security Giesecke & Devrient GmbH Prinzregentenstrasse 159 81607 Munich, GERMANY www.gi-de.com Telephone +49 89 4119-2418 alexander.summerer@gi-de.com - The enabler of solutions 10/30/2014 Page 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback