The Future of Online Money: Creating Secure Payments Globally

Transcript

1. The Future of Online Money Creating Secure Payments Globally Jonathan

   LeBlanc Twitter: @jcleblanc Book: http://bit.ly/iddatasecurity

2. 10 Years ago, the iPhone launched

3. 2013: More cell phones than toilets (time.com) 7 billion people,

   6.5 billion with cell phones, 4.5 billion with access to toilets. 2014: More cell phones than people (independent.co.uk) 7.22 billion cell phones, 7.19-7.2 billion people. 2015: More people own a cell phone than a toothbrush (CTA) 3.7 billion people own a cell phone, 3.5 billion own a toothbrush. 2020: More people with a phone than electricity (cnet.com) 5.4 billion people will own a cell, 5.3 billion will have electricity, 3.5 billion with running water, 2.8 billion cars on the road. Mobile, by the Numbers...

4. 3 Years: IoT vendor revenue could top $470 billion for

   hardware, software, and solutions. - Bain 5 Years: Nearly $6 trillion will be spent on IoT solutions. - BI Intelligence 10 Years: IoT market will grow from 15.4 billion devices (2015) to 30.7 billion devices (2020), and 75.4 billion (2025). – IHS 15 Years: Investment is expected to top $60 trillion. - GE The IoT Market by 2020 and beyond

5. We’ve Built a New Generation of Inventors

6. Prototyping and Mainstreaming

7. Contextual Commerce

8. Removing Interaction Hurdles

9. Applications need to know about you & what you want

10. How do we Secure Payments?

11. Securing Payments within unsecure channels

12. Securing Channels: Asynchronous & Synchronous Cryptography

13. Credit Card Tokenization Credit Card Information Address Information Card Holder

    Name ... 7e29c5c48f44755598dec3549155 ad66f1af4671091353be4c4d7694 d71dc866

14. Apple / Android pay tokenization system EMV payment tokenisation specification

15. None

16. Merchant register is changed to hardware transfer bridge Network handles

    direct merchant requests. Vault stores surrogate to token lookup.

17. Secure Element Host-based Card Emulation

18. Context and Verification

19. What do we Need to Identify Someone? 33 bits of

    entropy to identify approximately 8 billion people uniquely.

20. What do we Need to Identify Someone? ΔS = -log2

    Pr(X=x) ΔS: Reduction in entropy, measured in bits Pr(X=x): Probability that the fact would be true of a random person

21. Building up Bits of Entropy Date of Birth Birth Month:

    ΔS = -log2 Pr(MOB=December) = -log2 (1/12) = 3.58 bits Birthday: ΔS = -log2 Pr(DOB=Dec 6th) = -log2 (1/365) = 8.51 bits Location ZIP code is 95123: ΔS = -log2 (65,276/7,503,205,943) = 16.81 bits City is Santa Clara: ΔS = -log2 (122,192/7,503,205,943) = 15.90 bits State is CA: ΔS = -log2 (39,140,000/7,503,205,943) = 7.58 bits

22. Browser Fingerprinting https://panopticlick.eff.org/

23. Device Fingerprinting

24. //------------- // Build Info: http://developer.android.com/reference/android/os/Build.html //------------- System.getProperty("os.version"); // OS version

    android.os.Build.DEVICE // Device android.os.Build.MODEL // Model android.os.Build.VERSION.SDK_INT // SDK version of the framework android.os.Build.SERIAL // Hardware serial number, if available Retrieving Build Information for Android Device

25. Location Awareness

26. Purchase History Ninety percent of individuals could be uniquely identified

    using just four pieces of information - telegraph.co.uk

27. Getting Paired Devices

28. The Future of Secure Payments

29. Thank you! https://www.slideshare.net/jcleblanc Jonathan LeBlanc Twitter: @jcleblanc Book: http://bit.ly/iddatasecurity