Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Fintech on AWS で 満たすグローバルセキュリティ基準 / X-Tech-JAWS...
Search
Kenichi Takano
October 20, 2017
Technology
1
350
Fintech on AWS で 満たすグローバルセキュリティ基準 / X-Tech-JAWS #1 Fintech
X-Tech JAWS 【第1回】~多彩な業種で利活用が進むAWSの今~
Session2 の資料
https://xtechjaws.doorkeeper.jp/events/65811
Kenichi Takano
October 20, 2017
Tweet
Share
More Decks by Kenichi Takano
See All by Kenichi Takano
Introduction to Tokenization
keketa
2
570
PAY ID Introduction - PAY Developer Meetup #00
keketa
1
910
Other Decks in Technology
See All in Technology
大規模アジャイルフレームワークから学ぶエンジニアマネジメントの本質
staka121
PRO
3
1.1k
Goで作って学ぶWebSocket
ryuichi1208
3
2.7k
LINEギフトにおけるバックエンド開発
lycorptech_jp
PRO
0
270
NFV基盤のOpenStack更新 ~9世代バージョンアップへの挑戦~
vtj
0
350
PHPカンファレンス名古屋-テックリードの経験から学んだ設計の教訓
hayatokudou
2
540
2/18 Making Security Scale: メルカリが考えるセキュリティ戦略 - Coincheck x LayerX x Mercari
jsonf
0
190
株式会社Awarefy(アウェアファイ)会社説明資料 / Awarefy-Company-Deck
awarefy
3
11k
Two Blades, One Journey: Engineering While Managing
ohbarye
4
1.9k
クラウド食堂とは?
hiyanger
0
110
ウォンテッドリーのデータパイプラインを支える ETL のための analytics, rds-exporter / analytics, rds-exporter for ETL to support Wantedly's data pipeline
unblee
0
120
分解して理解する Aspire
nenonaninu
2
1k
Pwned Labsのすゝめ
ken5scal
1
400
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Code Review Best Practice
trishagee
67
18k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Bash Introduction
62gerente
611
210k
Building Your Own Lightsaber
phodgson
104
6.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
570
Transcript
'JOUFDIPO"84Ͱ ຬͨ͢άϩʔόϧηΩϡϦςΟج४ 95FDI+"84
ɾ,FOJDIJ5BLBOP ɾ#"4& *OD1":%JWJTJPO.BOBHFS ɾ1":+1 1BZNFOUGPS.FSDIBOUT IUUQTQBZKQ ɾ1":*% 1BZNFOUGPS$VTUPNFST
IUUQTJEQBZKQ 8IP
ɾαʔϏεʹ͍ͭͯ ɹɾ1":+1 ɹɾ1":*% ɾ'JOUFDIܾࡁࣄۀऀʹͱͬͯͷηΩϡϦςΟ ɹɾܾࡁۀքͷհ ɹɾ1$*%44 ɹɾ"84Ͱຬͨ͢ηΩϡϦςΟج४ "HFOEB
ωοτγϣοϓ࡞αʔϏε ։ൃऀ͚ΦϯϥΠϯܾࡁαʔϏε ߪೖऀ͚*%ܕܾࡁαʔϏε #"4&͕ࣾఏڙ͍ͯ͠ΔαʔϏε
ωοτγϣοϓ࡞αʔϏε ։ൃऀ͚ΦϯϥΠϯܾࡁαʔϏε ߪೖऀ͚*%ܕܾࡁαʔϏε ࠓ͜͜ͷ #"4&͕ࣾఏڙ͍ͯ͠ΔαʔϏε
ɾγϯϓϧͳ"1*ͱ͔Γ͍͢ྉۚܗଶͰ ɹ͋ΒΏΔαʔϏεʹܾࡁΛಋೖ͢Δ͜ͱ͕Մೳ ɾఆظ՝ۚɺ"QQMF1BZɺ23ίʔυܾࡁɺ1":*%ܾࡁ ɹͱ͍ͬͨଟ࠼ͳܾࡁखஈͷαϙʔτ ɾΫϨδοτΧʔυͷτʔΫϯԽɺࠃࡍج४ʹ४ڌͨ͠ ɹηΩϡϦςΟͰ҆৺ɾ҆શͷϓϥοτϑΥʔϜ IUUQTQBZKQ
1":+1ಋೖاۀ Ұ෦
1":+1ྉۚମܥ
ɾΦϯϥΠϯɾΦϑϥΠϯΘͣ ɹ͋ΒΏΔγʔϯͰ͔ΜͨΜʹࢧ͍͕Ͱ͖ΔαʔϏε ɾΦϯϥΠϯͰ*%ͱύεϫʔυΛೖྗ͢Δ͚ͩͰ ɹΦϑϥΠϯͰΞϓϦͰ23ίʔυΛಡΈऔΔ͚ͩͰ ɹࢧ͍͕ྃ ɾສਓҎ্ͷϢʔβʔ͕ར༻͓ͯ͠Γ ɹສΛ͑Δ͓ళɾαʔϏεͰ1":*%ࢧ͍͕Ͱ͖Δ IUUQTJEQBZKQ
1":*%ΦϯϥΠϯܾࡁͷར༻γʔϯ https://atf.thebase.in/
1":*%ϞόΠϧΞϓϦ iOS: https://itunes.apple.com/jp/app/pay-id/id1143404977 Android: COMING SOON
1":*%ϞόΠϧΞϓϦʹΑΔ 23ίʔυܾࡁ
23ίʔυܾࡁͷར༻γʔϯ ϙελʔ͔Βνέοτ༧ ϝχϡʔද͔Β͓หߪೖ
Πϕϯτ݊Λߪೖ ͦͷ··ϏʔϧΛ23Ͱ 23ίʔυܾࡁͷར༻γʔϯ!ΞΠυϧԣஸՆࡇΓ
ΦϑΟεΦΞγεఏڙ หক܉ఏڙ 23ίʔυܾࡁͷར༻γʔϯ!#"4&ौ୩ΦϑΟε ࣾͷҿΈɾஔ͖՛ࢠ ࣾൢചͷ͓ห
1":*%23ίʔυܾࡁಋೖͷϝϦοτ
1":*%23ίʔυܾࡁͷಋೖํ๏ 1":+1 #"4& PAY.JP: https://pay.jp BASE: https://thebase.in/qr
1":+1ࣄۀऀɺ1":*%ߪೖऀ͚ͷܾࡁαʔϏε ࣄۀऀ1":+1ͰΦϯϥΠϯɾΦϑϥΠϯͷܾࡁΛಋೖͰ͖ ߪೖऀ1":*%ΛͬͯΦϯϥΠϯɾΦϑϥΠϯͰࢧ͍Մೳ ࣄۀऀɾߪೖऀΦϯϥΠϯɾΦϑϥΠϯΘͣ ଟํ໘ͰαʔϏε֦େத
ܾࡁࣄۀऀʹͱͬͯͷηΩϡϦςΟ
ϒϥϯυ ΞΫϫΠΞϥ ΠγϡΞ ڞಉNW PSP ׂ ϥΠηϯεɾωοτ ϫʔΫఏڙɺϨΪϡ Ϩʔγϣϯࡦఆ Ճໍళ৹ࠪɾཧ
औҾཧ Χʔυൃߦ ༩৴ɾऔҾཧ ڞಉܾࡁNWఏڙ ܾࡁॲཧߦ ྫ Visa, MasterCard, JCB ࡾҪॅ༑Χʔυ, JCB ࡾҪॅ༑Χʔυ, JCB CAFIS CARDNET PAY.JP ΫϨδοτΧʔυܾࡁۀքͷϓϨΠϠʔཧ
ߪೖऀ Ճໍళ 141 ڞಉ/8 ϒϥϯυ ΞΫϫΠΞϥ ΠγϡΞ ڞಉ/8 Ճໍళܖ แׅՃໍళܖͰ141ͱܖ
͢Δέʔε༗Γ ͓͓·͔ͳΫϨδοτΧʔυܾࡁͷྲྀΕ
ΫϨδοτΧʔυऔҾʹ͓͚ΔηΩϡϦςΟରࡦͷڧԽ ʹ͚࣮ͨߦܭը ɾܦࡁ࢈ۀল͕ࠃࡍਫ४ͷΫϨδοτΧʔυऔҾͷ ɹηΩϡϦςΟڥΛඋ͢ΔͨΊࡦఆ࣮ͨ͠ߦܭը ɾ݄·Ͱ ɾඇର໘ՃໍళΧʔυใͷඇ௨աԽܕγεςϜͷҠߦ ɹɹɹɹɹɹɹ ௨աɾอ࣋͢Δ߹1$*%44ରԠ ɾΧʔυձࣾɾܾࡁࣄۀऀ1$*%44ରԠ http://www.meti.go.jp/press/2016/03/20170308003/20170308003-1.pdf
1$*%44 ɾΧʔυϒϥϯυͰ͋Δ"NFSJDBO&YQSFTT %JTDPWFS +$# .BTUFS$BSE 7JTBʹΑͬͯઃཱ͞Εͨʮ1$*44$ʯ ɹʹࡦఆ͞ΕͨάϩʔόϧηΩϡϦςΟج४ ɾཁ݅ʙҎ্ͷ߲ࠪΛຬ্ͨͨ͠ ɹճͷ24"ʹΑΔ๚ࠪରԠ͕ඞཁ
ɾ1":+11":*%1$*%44WFSTJPOʹશ४ڌ https://www.pcisecuritystandards.org/
1$*%44ཁ݅αϚϦʔ ҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ Χʔυॴ༗ऀͷσʔλΛอޢ͢Δ ੬ऑੑཧϓϩάϥϜΛอक͢Δ ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ
ใηΩϡϦςΟϙϦγʔΛอक͢Δ https://www.pcisecuritystandards.org/
"84ͱ1$*%44 ɾ"841$*%44ʹ४ڌ͍ͯ͠ΔαʔϏεϓϩόΠμʔ ɾ1":+11":*%"84Λϑϧ׆༻ͯ͠1$*%44ʹ४ڌ ɾ"84ͷΠϯϑϥΛ׆༻͢Δ͜ͱͰ1$*%44ͷ ɹଟ͘ͷཁ݅Λύε͢Δ͜ͱ͕Ͱ͖Δ https://aws.amazon.com/jp/compliance/pci-dss-level-1-faqs/
º
º Amazon EC2 Amazon VPC AWS Lambda Amazon S3 Amazon
ElasticCache Amazon RDS Amazon Route 53 Amazon CloudFront Elastic Load Balancing AWS CodeDeploy Amazon CloudWatch AWS CloudTrail AWS Certificate Manager IAM AWS KMS Amazon API Gateway* Amazon SES Amazon Inspector
º ҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ Χʔυॴ༗ऀͷσʔλΛอޢ͢Δ ੬ऑੑཧϓϩάϥϜΛอक͢Δ ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ
ใηΩϡϦςΟϙϦγʔΛอक͢Δ
҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ Χʔυॴ༗ऀͷσʔλΛอޢ͢Δ ɾ71$Λϑϧ׆༻ͯ҆͠શͳωοτϫʔΫΛ࣮ݱ ɾΧʔυॴ༗ऀͷσʔλ,.4Λ׆༻ͨ͠҉߸Խ ɾ"84$FSUJpDBUF.BOBHFSʹΑΔ44-5-4ূ໌ॻཧ
͓͓·͔ͳߏਤ
҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ ɾͭͷ71$Ͱηάϝϯςʔγϣϯ ɹɹɾBQQ ɹɹɾWBVMU Χʔυσʔλձһڥ ɾ71$1FFSJOH 3PVUF5BCMF 4FDVSJUZ(SPVQͰΞΫηε੍ޚ
ˠ,.4 ,FZ.BOBHFNFOU4FSWJDF ʹΑΔ҉߸ԽΛ׆༻ Χʔυॴ༗ऀͷσʔλอޢ ɾΧʔυ൪߸ΛಡΈऔΓෆೳʹ ɾΧʔυ൪߸ͷ҉߸Խ ɾ҉߸Խʹ͏Ωʔͷཧ ɾ҉߸ԽΩʔࣗମͷ҉߸Խ ɾΩʔΛ҉߸Խ͢Δผͷ҉߸ԽΩʔͷཧ
,.4ͷ׆༻ ɾ$VTUPNFS.BTUFS,FZT ɾσʔλΛ҉߸Խ͢ΔϚελʔΩʔ ɾΧʔυ൪߸҉߸Խʹؔ࿈͢ΔΩʔͷཧΛ,.4ʹҰ ɾ*".ʹΑΔΩʔΛऔΓѻ͏ϩʔϧɾϙϦγʔͷ੍ޚ ɾ%BUB,FZT ɾϚελʔΩʔΛ҉߸Խ͢ΔσʔλΩʔ
੬ऑੑཧϓϩάϥϜΛอक͢Δ ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ ɾ"NB[PO*OTQFDUPSʹΑΔ੬ऑੑஅ ࢼݧಋೖத ɾ*".ʹΑΔϢʔβʔΞΧϯτͷཧ ɾ$MPVE5SBJMʹΑΔࠪূͷཧ
੬ऑੑཧϓϩάϥϜΛอक͢Δ ɾ"NB[PO*OTQFDUPSͰ&$্ͰՔಇ͢Δ ɹΞϓϦέʔγϣϯͷධՁɺ੬ऑੑஅ ɾͦͷଞ֤छϕϯμʔఏڙͷ੬ऑੑஅπʔϧΛ׆༻ ɾϦεΫʹԠͨ͡ηΩϡϦςΟύονͷద༻
"NB[PO*OTQFDUPSͰݕग़͞Εͨ੬ऑੑ
ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ɾΧʔυձһσʔλڥͷΞΫηεΛ*".Ͱݶఆ੍ޚ ɾ*".ͰϢʔβʔͷݖݶɺೝূɺύεϫʔυཧΛγεςϜԽ ɾҰఆظؒඇΞΫςΟϒͳϢʔβʔແޮԽ ɾҰఆճͷύεϫʔυޡΓʹΑΔϢʔβʔϩοΫ ɾύεϫʔυϙϦγʔͷنఆ
ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ ɾ$MPVE5SBJMʹΑΔ"84ࠪূͷܧଓతͳཧ ɾ"84-BNCEB 4Λ׆༻ͨ͠γεςϜࠪূͷཧ ɾ֎෦ϕϯμʔʹΑΔఆظతͳϖωτϨʔγϣϯςετஅ
$MPVE5SBJMʹΑΔࠪূҰྫ
·ͱΊ "84Λϑϧ׆༻͢Δ͜ͱͰ1$*%44४ڌ͕εϚʔτʹ
ͪͳΈʹʜ
1":+1ΛܾͬͨࡁγεςϜͳΒ 1$*%44ରԠෆཁͰ͢ ߪೖऀ Ճໍళ $IFDLPVUϞδϡʔϧʹΑΔϑΥʔϜը໘ఏࣔ ߪೖը໘ͳͲදࣔ ΧʔυձһใΛૹ৴ τʔΫϯΛฦ͢ τʔΫϯΛͬͯαʔόʔଆͰܾࡁॲཧ ɾ1":+1͕ఏڙ͍ͯ͠Δ$IFDLPVUΛ͔ͭͬͯΧʔυ൪߸͕
ɹՃໍళͷαʔόʔΛ௨ա͠ͳ͍ΈΛ͔ΜͨΜʹ࣮ݱ ɾͰηΩϡΞͳߪೖϑΥʔϜΛ࡞ ɾϦμΠϨΫτͳ͠Ͱܾࡁ݁ https://pay.jp/security
None
#"4&1":+11":*% ଞۀछίϥϘϨʔγϣϯେܴͰ͢ ɾ&$ɺΦϯϥΠϯΦϑϥΠϯͷܾࡁγεςϜͰ͓ࠔΓͷํ ɾ1":+11":*%ͷσʔλΛ׆༻ͨ͠৽͍͠৴༻ͷΈ ɾࢧ͍ͱ͍͏ߦҝੜ׆ʹࠜͨ͟͠ͷɺ ɹΏ͑ʹͲΜͳۀछʹ͓͍ͯՄೳੑ͕͋Δ
͓ΘΓ