Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Fintech on AWS で 満たすグローバルセキュリティ基準 / X-Tech-JAWS #1 Fintech
Search
Kenichi Takano
October 20, 2017
Technology
1
340
Fintech on AWS で 満たすグローバルセキュリティ基準 / X-Tech-JAWS #1 Fintech
X-Tech JAWS 【第1回】~多彩な業種で利活用が進むAWSの今~
Session2 の資料
https://xtechjaws.doorkeeper.jp/events/65811
Kenichi Takano
October 20, 2017
Tweet
Share
More Decks by Kenichi Takano
See All by Kenichi Takano
Introduction to Tokenization
keketa
2
550
PAY ID Introduction - PAY Developer Meetup #00
keketa
1
870
Other Decks in Technology
See All in Technology
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
340
20240416_devopsdaystokyo
kzkmaeda
1
220
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
760
DevOpsDays History and my DevOps story
kawaguti
PRO
9
2.5k
エンジニアのキャリアをちょっと楽しくする3本の軸/Three Pillars to Make an Engineer's Career More Enjoyable
kwappa
0
2.7k
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
130
Janus
bkuhlmann
1
490
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
620
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
350
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
510
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
380
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
How to train your dragon (web standard)
notwaldorf
73
5.2k
A Tale of Four Properties
chriscoyier
151
22k
Navigating Team Friction
lara
178
13k
The Invisible Side of Design
smashingmag
294
49k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Code Reviewing Like a Champion
maltzj
514
39k
How to name files
jennybc
65
93k
Scaling GitHub
holman
457
140k
Done Done
chrislema
178
15k
Transcript
'JOUFDIPO"84Ͱ ຬͨ͢άϩʔόϧηΩϡϦςΟج४ 95FDI+"84
ɾ,FOJDIJ5BLBOP ɾ#"4& *OD1":%JWJTJPO.BOBHFS ɾ1":+1 1BZNFOUGPS.FSDIBOUT IUUQTQBZKQ ɾ1":*% 1BZNFOUGPS$VTUPNFST
IUUQTJEQBZKQ 8IP
ɾαʔϏεʹ͍ͭͯ ɹɾ1":+1 ɹɾ1":*% ɾ'JOUFDIܾࡁࣄۀऀʹͱͬͯͷηΩϡϦςΟ ɹɾܾࡁۀքͷհ ɹɾ1$*%44 ɹɾ"84Ͱຬͨ͢ηΩϡϦςΟج४ "HFOEB
ωοτγϣοϓ࡞αʔϏε ։ൃऀ͚ΦϯϥΠϯܾࡁαʔϏε ߪೖऀ͚*%ܕܾࡁαʔϏε #"4&͕ࣾఏڙ͍ͯ͠ΔαʔϏε
ωοτγϣοϓ࡞αʔϏε ։ൃऀ͚ΦϯϥΠϯܾࡁαʔϏε ߪೖऀ͚*%ܕܾࡁαʔϏε ࠓ͜͜ͷ #"4&͕ࣾఏڙ͍ͯ͠ΔαʔϏε
ɾγϯϓϧͳ"1*ͱ͔Γ͍͢ྉۚܗଶͰ ɹ͋ΒΏΔαʔϏεʹܾࡁΛಋೖ͢Δ͜ͱ͕Մೳ ɾఆظ՝ۚɺ"QQMF1BZɺ23ίʔυܾࡁɺ1":*%ܾࡁ ɹͱ͍ͬͨଟ࠼ͳܾࡁखஈͷαϙʔτ ɾΫϨδοτΧʔυͷτʔΫϯԽɺࠃࡍج४ʹ४ڌͨ͠ ɹηΩϡϦςΟͰ҆৺ɾ҆શͷϓϥοτϑΥʔϜ IUUQTQBZKQ
1":+1ಋೖاۀ Ұ෦
1":+1ྉۚମܥ
ɾΦϯϥΠϯɾΦϑϥΠϯΘͣ ɹ͋ΒΏΔγʔϯͰ͔ΜͨΜʹࢧ͍͕Ͱ͖ΔαʔϏε ɾΦϯϥΠϯͰ*%ͱύεϫʔυΛೖྗ͢Δ͚ͩͰ ɹΦϑϥΠϯͰΞϓϦͰ23ίʔυΛಡΈऔΔ͚ͩͰ ɹࢧ͍͕ྃ ɾສਓҎ্ͷϢʔβʔ͕ར༻͓ͯ͠Γ ɹສΛ͑Δ͓ళɾαʔϏεͰ1":*%ࢧ͍͕Ͱ͖Δ IUUQTJEQBZKQ
1":*%ΦϯϥΠϯܾࡁͷར༻γʔϯ https://atf.thebase.in/
1":*%ϞόΠϧΞϓϦ iOS: https://itunes.apple.com/jp/app/pay-id/id1143404977 Android: COMING SOON
1":*%ϞόΠϧΞϓϦʹΑΔ 23ίʔυܾࡁ
23ίʔυܾࡁͷར༻γʔϯ ϙελʔ͔Βνέοτ༧ ϝχϡʔද͔Β͓หߪೖ
Πϕϯτ݊Λߪೖ ͦͷ··ϏʔϧΛ23Ͱ 23ίʔυܾࡁͷར༻γʔϯ!ΞΠυϧԣஸՆࡇΓ
ΦϑΟεΦΞγεఏڙ หক܉ఏڙ 23ίʔυܾࡁͷར༻γʔϯ!#"4&ौ୩ΦϑΟε ࣾͷҿΈɾஔ͖՛ࢠ ࣾൢചͷ͓ห
1":*%23ίʔυܾࡁಋೖͷϝϦοτ
1":*%23ίʔυܾࡁͷಋೖํ๏ 1":+1 #"4& PAY.JP: https://pay.jp BASE: https://thebase.in/qr
1":+1ࣄۀऀɺ1":*%ߪೖऀ͚ͷܾࡁαʔϏε ࣄۀऀ1":+1ͰΦϯϥΠϯɾΦϑϥΠϯͷܾࡁΛಋೖͰ͖ ߪೖऀ1":*%ΛͬͯΦϯϥΠϯɾΦϑϥΠϯͰࢧ͍Մೳ ࣄۀऀɾߪೖऀΦϯϥΠϯɾΦϑϥΠϯΘͣ ଟํ໘ͰαʔϏε֦େத
ܾࡁࣄۀऀʹͱͬͯͷηΩϡϦςΟ
ϒϥϯυ ΞΫϫΠΞϥ ΠγϡΞ ڞಉNW PSP ׂ ϥΠηϯεɾωοτ ϫʔΫఏڙɺϨΪϡ Ϩʔγϣϯࡦఆ Ճໍళ৹ࠪɾཧ
औҾཧ Χʔυൃߦ ༩৴ɾऔҾཧ ڞಉܾࡁNWఏڙ ܾࡁॲཧߦ ྫ Visa, MasterCard, JCB ࡾҪॅ༑Χʔυ, JCB ࡾҪॅ༑Χʔυ, JCB CAFIS CARDNET PAY.JP ΫϨδοτΧʔυܾࡁۀքͷϓϨΠϠʔཧ
ߪೖऀ Ճໍళ 141 ڞಉ/8 ϒϥϯυ ΞΫϫΠΞϥ ΠγϡΞ ڞಉ/8 Ճໍళܖ แׅՃໍళܖͰ141ͱܖ
͢Δέʔε༗Γ ͓͓·͔ͳΫϨδοτΧʔυܾࡁͷྲྀΕ
ΫϨδοτΧʔυऔҾʹ͓͚ΔηΩϡϦςΟରࡦͷڧԽ ʹ͚࣮ͨߦܭը ɾܦࡁ࢈ۀল͕ࠃࡍਫ४ͷΫϨδοτΧʔυऔҾͷ ɹηΩϡϦςΟڥΛඋ͢ΔͨΊࡦఆ࣮ͨ͠ߦܭը ɾ݄·Ͱ ɾඇର໘ՃໍళΧʔυใͷඇ௨աԽܕγεςϜͷҠߦ ɹɹɹɹɹɹɹ ௨աɾอ࣋͢Δ߹1$*%44ରԠ ɾΧʔυձࣾɾܾࡁࣄۀऀ1$*%44ରԠ http://www.meti.go.jp/press/2016/03/20170308003/20170308003-1.pdf
1$*%44 ɾΧʔυϒϥϯυͰ͋Δ"NFSJDBO&YQSFTT %JTDPWFS +$# .BTUFS$BSE 7JTBʹΑͬͯઃཱ͞Εͨʮ1$*44$ʯ ɹʹࡦఆ͞ΕͨάϩʔόϧηΩϡϦςΟج४ ɾཁ݅ʙҎ্ͷ߲ࠪΛຬ্ͨͨ͠ ɹճͷ24"ʹΑΔ๚ࠪରԠ͕ඞཁ
ɾ1":+11":*%1$*%44WFSTJPOʹશ४ڌ https://www.pcisecuritystandards.org/
1$*%44ཁ݅αϚϦʔ ҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ Χʔυॴ༗ऀͷσʔλΛอޢ͢Δ ੬ऑੑཧϓϩάϥϜΛอक͢Δ ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ
ใηΩϡϦςΟϙϦγʔΛอक͢Δ https://www.pcisecuritystandards.org/
"84ͱ1$*%44 ɾ"841$*%44ʹ४ڌ͍ͯ͠ΔαʔϏεϓϩόΠμʔ ɾ1":+11":*%"84Λϑϧ׆༻ͯ͠1$*%44ʹ४ڌ ɾ"84ͷΠϯϑϥΛ׆༻͢Δ͜ͱͰ1$*%44ͷ ɹଟ͘ͷཁ݅Λύε͢Δ͜ͱ͕Ͱ͖Δ https://aws.amazon.com/jp/compliance/pci-dss-level-1-faqs/
º
º Amazon EC2 Amazon VPC AWS Lambda Amazon S3 Amazon
ElasticCache Amazon RDS Amazon Route 53 Amazon CloudFront Elastic Load Balancing AWS CodeDeploy Amazon CloudWatch AWS CloudTrail AWS Certificate Manager IAM AWS KMS Amazon API Gateway* Amazon SES Amazon Inspector
º ҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ Χʔυॴ༗ऀͷσʔλΛอޢ͢Δ ੬ऑੑཧϓϩάϥϜΛอक͢Δ ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ
ใηΩϡϦςΟϙϦγʔΛอक͢Δ
҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ Χʔυॴ༗ऀͷσʔλΛอޢ͢Δ ɾ71$Λϑϧ׆༻ͯ҆͠શͳωοτϫʔΫΛ࣮ݱ ɾΧʔυॴ༗ऀͷσʔλ,.4Λ׆༻ͨ͠҉߸Խ ɾ"84$FSUJpDBUF.BOBHFSʹΑΔ44-5-4ূ໌ॻཧ
͓͓·͔ͳߏਤ
҆શͳωοτϫʔΫͱγεςϜΛߏங͠ɺอक͢Δ ɾͭͷ71$Ͱηάϝϯςʔγϣϯ ɹɹɾBQQ ɹɹɾWBVMU Χʔυσʔλձһڥ ɾ71$1FFSJOH 3PVUF5BCMF 4FDVSJUZ(SPVQͰΞΫηε੍ޚ
ˠ,.4 ,FZ.BOBHFNFOU4FSWJDF ʹΑΔ҉߸ԽΛ׆༻ Χʔυॴ༗ऀͷσʔλอޢ ɾΧʔυ൪߸ΛಡΈऔΓෆೳʹ ɾΧʔυ൪߸ͷ҉߸Խ ɾ҉߸Խʹ͏Ωʔͷཧ ɾ҉߸ԽΩʔࣗମͷ҉߸Խ ɾΩʔΛ҉߸Խ͢Δผͷ҉߸ԽΩʔͷཧ
,.4ͷ׆༻ ɾ$VTUPNFS.BTUFS,FZT ɾσʔλΛ҉߸Խ͢ΔϚελʔΩʔ ɾΧʔυ൪߸҉߸Խʹؔ࿈͢ΔΩʔͷཧΛ,.4ʹҰ ɾ*".ʹΑΔΩʔΛऔΓѻ͏ϩʔϧɾϙϦγʔͷ੍ޚ ɾ%BUB,FZT ɾϚελʔΩʔΛ҉߸Խ͢ΔσʔλΩʔ
੬ऑੑཧϓϩάϥϜΛอक͢Δ ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ ɾ"NB[PO*OTQFDUPSʹΑΔ੬ऑੑஅ ࢼݧಋೖத ɾ*".ʹΑΔϢʔβʔΞΧϯτͷཧ ɾ$MPVE5SBJMʹΑΔࠪূͷཧ
੬ऑੑཧϓϩάϥϜΛอक͢Δ ɾ"NB[PO*OTQFDUPSͰ&$্ͰՔಇ͢Δ ɹΞϓϦέʔγϣϯͷධՁɺ੬ऑੑஅ ɾͦͷଞ֤छϕϯμʔఏڙͷ੬ऑੑஅπʔϧΛ׆༻ ɾϦεΫʹԠͨ͡ηΩϡϦςΟύονͷద༻
"NB[PO*OTQFDUPSͰݕग़͞Εͨ੬ऑੑ
ڧྗͳΞΫηείϯτϩʔϧରࡦͷ࣮ ɾΧʔυձһσʔλڥͷΞΫηεΛ*".Ͱݶఆ੍ޚ ɾ*".ͰϢʔβʔͷݖݶɺೝূɺύεϫʔυཧΛγεςϜԽ ɾҰఆظؒඇΞΫςΟϒͳϢʔβʔແޮԽ ɾҰఆճͷύεϫʔυޡΓʹΑΔϢʔβʔϩοΫ ɾύεϫʔυϙϦγʔͷنఆ
ωοτϫʔΫΛఆظతʹϞχλʔ͠ɺςετ͢Δ ɾ$MPVE5SBJMʹΑΔ"84ࠪূͷܧଓతͳཧ ɾ"84-BNCEB 4Λ׆༻ͨ͠γεςϜࠪূͷཧ ɾ֎෦ϕϯμʔʹΑΔఆظతͳϖωτϨʔγϣϯςετஅ
$MPVE5SBJMʹΑΔࠪূҰྫ
·ͱΊ "84Λϑϧ׆༻͢Δ͜ͱͰ1$*%44४ڌ͕εϚʔτʹ
ͪͳΈʹʜ
1":+1ΛܾͬͨࡁγεςϜͳΒ 1$*%44ରԠෆཁͰ͢ ߪೖऀ Ճໍళ $IFDLPVUϞδϡʔϧʹΑΔϑΥʔϜը໘ఏࣔ ߪೖը໘ͳͲදࣔ ΧʔυձһใΛૹ৴ τʔΫϯΛฦ͢ τʔΫϯΛͬͯαʔόʔଆͰܾࡁॲཧ ɾ1":+1͕ఏڙ͍ͯ͠Δ$IFDLPVUΛ͔ͭͬͯΧʔυ൪߸͕
ɹՃໍళͷαʔόʔΛ௨ա͠ͳ͍ΈΛ͔ΜͨΜʹ࣮ݱ ɾͰηΩϡΞͳߪೖϑΥʔϜΛ࡞ ɾϦμΠϨΫτͳ͠Ͱܾࡁ݁ https://pay.jp/security
None
#"4&1":+11":*% ଞۀछίϥϘϨʔγϣϯେܴͰ͢ ɾ&$ɺΦϯϥΠϯΦϑϥΠϯͷܾࡁγεςϜͰ͓ࠔΓͷํ ɾ1":+11":*%ͷσʔλΛ׆༻ͨ͠৽͍͠৴༻ͷΈ ɾࢧ͍ͱ͍͏ߦҝੜ׆ʹࠜͨ͟͠ͷɺ ɹΏ͑ʹͲΜͳۀछʹ͓͍ͯՄೳੑ͕͋Δ
͓ΘΓ