Who Owns Your Digital Identity 誰掌握你的數位身分？

Transcript

1. 誰掌握 你的數位身分？ Kaohsiung Denken Chen 本簡報

2. A Brief of Public-Key Cryptography Digital Credentials API Digital Identity

   Models Who Owns Your Identity? Who Owns Your Private Keys? Agenda

3. A Brief of Public-Key Cryptography Kaohsiung

4. Symmetric-Key Cryptography ciphertext plaintext encrypt decrypt

5. ciphertext Asymmetric-Key Cryptography (Public-Key Cryptography) plaintext encrypt decrypt public key

   private key

6. signature Asymmetric-Key Cryptography (Public-Key Cryptography) plaintext sign verify private key

   public key

7. signature plaintext sign verify private key; private seal. public key;

   public identity. wallet

8. Use Cases of Public-Key Cryptography Public-Key Cryptography 1976 2020s Digital

   Identities 1990s PGP (Pretty Good Privacy) SSL (Secure Sockets Layer) Diffie-Hellman key exchange 2008 Bitcoin & Blockchain RSA, Elliptic Curve

9. Digital Credentials API Kaohsiung

10. Introducing the Digital Credentials API origin trial (2024-11-22) This app

    won’t open. > Download a demo wallet application to your Android device. The source code can be found at the OpenWallet Foundation's Identity Credentials repository.

11. Introducing the Digital Credentials API origin trial (2024-09-04) Use this

    instead. > Download a demo wallet application to your Android device.
12. None
13. None

14. • mDL: mobile Driver License (ISO 18013-5) • Secure Area:

    Android Keystore Secure Area • EcCurve (Elliptic Curve): P256

15. Digital Credentials Demo https://digital-credentials.dev Tap “Request Credentials” > Request verified

    identity documents such as Mobile Driving Licenses or National ID cards.
16. None

17. Verifier OID4VP (OpenID for Verifiable Presentations) OID4VCI (OpenID for Verifiable

    Credential Issuance)

18. Sign in with • OAuth 2.0 (Authorization) • OID4VCI (Authentication)

    • OID4VP (Authorization)

19. Digital Identity Models from W3C Identity & the Web Kaohsiung

20. Centralized Identity Model Verifier

21. Centralized Identity Model Trust Verifier

22. Federated Identity Model Verifier

23. Federated Identity Model Verifier Trust

24. Decentralized Identity Model Verifier

25. Decentralized Identity Model Verifier Trust

26. • DNS: denkeni.org • (Google Account) • ENS: denkeni.eth •

    DID / VC: ? decentralized decentralized decentralized federated (E-mail)

27. Who Owns Your Identity? Kaohsiung

28. ISO/IEC 24760-1:2019(en) IT Security and Privacy — A framework for

    identity management — Part 1: Terminology and concepts What is an identity? • Identity: a set of attributes related to an entity. • Entity: a person, an organization, a device… • Attributes: characteristic or property of an entity. We present credentials to claim our identities (authentication).

29. W3C: Verifiable Credentials Data Model 3.2 Credentials What is verifiable

    credential? signature

30. Who Owns Your Private Keys? Kaohsiung

31. signature plaintext sign verify private key; private seal. public key;

    public identity. wallet

32. Android Keystore system > The Android Keystore system lets you

    store cryptographic keys in a container to make them more difficult to extract from the device. Once keys are in the keystore, you can use them for cryptographic operations, with the key material remaining non-exportable.

33. BIP 39 Mnemonic code for generating deterministic keys BIP 32

    Hierarchical Deterministic Wallets "Not your keys, Not your Bitcoin." "legal winner thank year wave sausage worth useful legal winner thank yellow" + m/44'/0'/0'/0/0 ↓ 1EBuf21icKTE5m3HWVndKx2bTxvqrWCqV6 (Bitcoin wallet address) Bitcoin Q&A: How Do I Secure My Bitcoin?

34. Who Owns Your Identity? 1. Google / Trusted Identity Model

    2. Keystore 3. Private Key Kaohsiung

35. Q&A