Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The World of Apps (2), Lecture 6 of FinTech

The World of Apps (2), Lecture 6 of FinTech

Slides I used at FinTech - Financial Innovation and the Internet, Graduate School of Business and Finance, Waseda University, on November 8, 2019.

Kenji Saito

November 08, 2019
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. Manifesto of Futurism. Lecture 6 : The World of Apps

    (2) FinTech — Financial Innovation and the Internet 2019 Fall Kenji Saito Professor, Graduate School of Business and Finance, Waseda University [email protected] Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.1/28
  2. The lecture slides can be found at : https://speakerdeck.com/ks91 Lecture

    6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.2/28
  3. Schedule (provisional) Lecture 1 9/27 Overview of FinTech (1) •

    Lecture 2 10/4 Overview of FinTech (2) • Lecture 3 10/11 Internet Technology and Governance (1) • Lecture 4 10/18 Internet Technology and Governance (2) • Lecture 5 10/25 The World of Apps (1) • Lecture 6 11/8 The World of Apps (2) • Lecture 7 11/15 Blockchain (1) Lecture 8 11/22 Blockchain (2) Lecture 9 11/29 Other Ledger Technology and Applications (1) Lecture 10 12/6 Other Ledger Technology and Applications (2) Lecture 11 12/13 Cyber-Physical Society and Future of Finance (1) Lecture 12 12/20 Cyber-Physical Society and Future of Finance (2) Lecture 13 1/10 FinTech Ideathon (1) Lecture 14 1/17 FinTech Ideathon (2) Lecture 15 1/24 Presentations and Conclusions Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.3/28
  4. At Previous Lecture, We Did Assignment Review The World of

    the Web Birth and evolution of World Wide Web Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.4/28
  5. Today’s Topic API (Application Programming Interface) Web API (REST) in

    particular Basics of cryptography Cryptographic hash function Public key cryptography and digital signature Zero-knowledge proof Q & A session Assignment Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.5/28
  6. From the Previous Lecture Technology and evolution of World Wide

    Web Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.6/28
  7. World Wide Web #SPXTFS #SPXTFS XXXBNB[PODPKQ MJOLT MJOLT MJOLT CSPXTF

    CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF XXXHPPHMFDPKQ XXXZBIPPDPKQ Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.7/28
  8. Element Technologies of the World Wide Web HTTP/HTTPS HyperText Transfer

    Protocol (Secure) Protocol used for transferring HTML files HTML Hyper Text Markup Language Markup language for describing web pages Designed and recommended by the W3C URI Uniform Resource Identifier Identifier of an information resource on the Internet (not necessarily on WWW) URL (Uniform Resource Locator) is one way to implement URI Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.8/28
  9. Format of URL (Uniform Resource Locator) In case of https

    scheme Scheme https://www.google.com Host name : Port # 443 /search Path ? Search string q = refrigerator Port number, path, and search string are optional For https scheme, the port number defaults to 443 Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.9/28
  10. HTTPS Demo $ openssl s_client -connect www.waseda.jp:443 Then GET /

    Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.10/28
  11. Characteristics of HTTP/HTTPS You can get 1 resource (file) per

    request Each request is independent (state-less) It was enough to achieve its original purpose Original purpose → easy access to documents such as scientific papers But then there appeared a lot of applications for which this is inadequate. . . Want to treat a series of requests as a session Shopping, logging into membership site, etc. Art of maintaining states for that purpose Unique URL generation including a representation of the state HTTP cookies (like shared magic numbers) Access tokens Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.11/28
  12. Generalized Access Token 8FC4FSWFS SFRVFTU SFRVFTU SFTQPOTF SFTQPOTF TFBSDI SFHJTUFS

    HFOFSBUFTUPLFO EBUBQSPUFDUFECZBDDFTTSJHIU %BUBCBTF #SPXTFS 5JNF JOEFQFOEFOUDPOOFDUJPO JOEFQFOEFOUDPOOFDUJPO IFBEFS SFTPVSDF IFBEFS IFBEFS SFTPVSDF 9Z;X 9Z;X 9Z;X EBUBQSPUFDUFE CZBDDFTTSJHIU It is important that communication paths are encrypted Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.12/28
  13. API API : Application Programming Interface Interface through which an

    application can make use of some features provided somewhere Web API : API by HTTP(S) requests In the case, features are provided by a web server Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.13/28
  14. REST (Representational State Transfer) Stateless client/server protocol Well-defined set of

    methods POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete) Uniquely identify resources by URI Some demonstrations Often returns results in the form of JSON (JavaScript Object Notation) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.14/28
  15. REST – contd. Hypermedia that can handle both application information

    and state transitions An example of state transitions (state machines) (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.15/28
  16. Basics of Cryptography Cryptographic hash function Public key cryptography and

    digital signature Zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.16/28
  17. Cryptographic Hash Function       

                 *OQVUUIBUHJWFTUIFTBNFEJHFTU $BO` UEFEVDF 'JYFEMFOHUIEFpOFECZ UIFGVODUJPO FYCJU *OQVU )BTIWBMVF EJHFTU *GJOQVUTBSFKVTU CJUEJ⒎FSFOU 5PUBMMZEJ⒎FSFOU PVUQVU $SZQUPHSBQIJDIBTIGVODUJPO 4)" 3*1&.% FUD $BO` UEFEVDF $BO`UEFEVDF *U` TJOGFBTJCMFUPDBMDVMBUFBO JOQVUUIBUQSPEVDFTBTQFDJpD EJHFTU Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.17/28
  18. Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017

    by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.18/28
  19. Public Key Cryptography 5IF*OUFSOFU %JTUSJCVUFQVCMJDLFZTJOBEWBODF -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF  BTZNNFUSJDDSZQUPTZTUFN 4FOEFS LFZQBJS

    3FDFJWFS QMBJOUFYU QVCMJDLFZ QSJWBUFLFZ &ODSZQUX QVCMJDLFZ %FDSZQUX QSJWBUFLFZ 4FOEFODSZQUFEUFYU It is extremely difficult to deduce the private key from a public key Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.19/28
  20. Digital Signature (RSA) 5IF*OUFSOFU &ODSZQUX QVCMJDLFZ 4FOEQMBJOUFYUX TJHOBUVSF %PFTUIFFODSZQUFETJHOBUVSF NBUDIUIFEJHFTU

    DPNQVUFEGSPNUIFQMBJOUFYU %FDSZQUX QSJWBUFLFZ 3FDFJWFS 4FOEFS QMBJOUFYU QMBJOUFYU TJHOBUVSF TJHOBUVSF %JTUSJCVUFQVCMJDLFZTJOBEWBODF LFZQBJS EJHFTU QVCMJDLFZ QSJWBUFLFZ EJHFTUTFFOBT FODSZQUFEEBUB Can prove that it was sent by the very person and has not been altered This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman) ECDSA is used in Bitcoin, etc., instead (Elliptic Curve DSA : Digital Signature Algorithm) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.20/28
  21. Generalized Digital Signature Signing Input : <plain text, private key>

    Output : signature Verifying Input : <plain text, signature, public key> Output : OK or NG Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.21/28
  22. Public Key Certificate 5IFSFJTOPHVBSBOUFFUIBUUIFQVCMJDLFZ PCUBJOFEUISPVHIUIF*OUFSOFUJTHFOVJOF 8FEPOULOPXJGUIFQVCMJDLFZVTFEGPSTJHOJOH UIFDFSUJpDBUFJTHFOVJOFPSOPUFJUIFS "MJDF #PC $BSPMF

    DFSUJpFS # C " # 8IPTF $ 5IF*OUFSOFU TJHOBUVSF 4JHOBUVSFPO"TQVCMJDLFZ  $FSUJpDBUF #VUXFOFFE$TQVCMJDLFZ UPWFSJGZUIFTJHOBUVSF .BMJTTB BUUBDLFS & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " QVCMJDLFZ LFZQBJS QVCMJDLF LF LF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ Public key infrastructure is used in the Web and elsewhere It has a root ← need to trust someone unconditionally, and CA is a point of failure Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.22/28
  23. What is Zero-Knowledge Proof? 4PVSDFl;FSPLOPXMFEHFQSPPGz 8JLJQFEJB Verifier remains to have

    no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.23/28
  24. What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing

    zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote ⃝ for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted ⃝ Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.24/28
  25. Q & A Lecture 6 : The World of Apps

    (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.25/28
  26. Assignment Lecture 6 : The World of Apps (2) —

    FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.26/28
  27. Exercise 3. “Blockchain” Please give a specific example of financial

    services (1) If a user is an “end (edge)”, what is the “center” involving people in the example? (2) How will the service change if the center is automated? Deadline and how to submit November 13, 2019 at 17:59 JST From Course N@vi Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.27/28
  28. See You Next Week! Lecture 6 : The World of

    Apps (2) — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-11-08 – p.28/28