Status and Development of Online Authentication Applications for Public Services in Asia

Transcript

1. Status and Development of Online Authentication Applications for Public Services

   in Asia May 29, 2019 Karen Chang Vice President of Egis Technology Board Representative of FIDO Alliance Wei-Chung Hwang Deputy General Director, Institute for Information Industry

2. | © 2019 Egis Technology Inc. 2 Background of APKIC

   (1) • Asia PKI Forum founded in 2001, transformed to Asia PKI Consortium in 2007, with leading organizations from Asia area supported by government and industrial sectors • Objectives: ▸ Promote the applications of PKI in e-commerce, e- government, e-financial, etc. ▸ Advance the interoperability among PKIs in countries in the Asia region ▸ Collaboration with global community to deliver a comprehensive framework of e-authentication

3. | © 2019 Egis Technology Inc. 3 Background of APKIC

   (2) Policy and Technology Promotion and Awareness  Asia PKI Interoperability Guideline  CA Responsibilities and Liability  Legal Issues on New Security Technologies  Mutual Recognition of National PKIs (Greater China, ASEAN)  Cross Border Applications(Trade, Financial)  FIDO UAF and PKI in Asia - Case Study and Recommendation  Asia PKI Case Study  Asia PKI Company List and Total Solutions  Asia PKI Best Practice Award  Asia PKI Innovation Award  PKI Market Survey  International Collaboration(PAA, AFACT, APSCA, FIDO, etc.)

4. | © 2019 Egis Technology Inc. 4 2018 Work Plan

   of APKIC • FIDO-PKI White Paper

5. | © 2019 Egis Technology Inc. 5 Contributors from APKIC

   & FIDO Alliance • TAIWAN – Chung-Yi Lin. Chunghwa Telecom – Eric Fan. National Taiwan University of Science and Technology, NTUST – Wei-Chung Hwang. Industrial Technology Research Institute, ITRI – Karen Chang. Taiwan Association of Information and Communication Standards, TAICS; Egis Technology Inc.; Asia PKI Consortium, APKIC; FIDO Alliance – Oliver Lien and Robin Lin. Taiwan-CA Inc., TWCA • USA – George Tang. Egis Technology Inc. • KOREA – Jonghyun Baek. Korea Internet and Security Agency, KISA • MACAO – Phoebe Ip. Macao Post and Telecommunications; eSignTrust Certification Services • THAILAND – Thitikorn Trakoonsirisak. Electronic Transactions Development Agency, ETDA • INDIA – Vijay Kumar. eMudhra

6. | © 2019 Egis Technology Inc. 6 Updates for FIDO

   & PKI in Asia China Korea Macao Thailand India Taiwan Hong Kong • eID by MPS with PKI • Domain/Regional PKI CFCA, BJCA, … • FIDO in Chinese FCWG • National eID (UIDAI) AADHAAR (Fingerprint & IRIS) • National PKI (CCA) eMudhra, (n)Code, … - Financial, Government, Procurement, … • Digital Signature Regulation • Nation eID NID card & i-PIN • FIDO in Telecom/Financial/Government and others • National PKI (KISA) NPKI & K-FIDO Financial, Commerce, Government… • Digital Signature Regulation • Private Sector TWID (Financial Identification with PKI)+FIDO TWID + Mobile ID FIDO for Internet Banking • Government Sector National FIDO & Government PKI (MOICA for Citizen) • Telecom (FIDO-based CRM) • Digital Signature Regulation • Hongkong Post, Macau Post - eID with PKI (and FIDO) • Digital Signature Regulation • National PKI (NRCA by ETDA) • eID (not active yet) • Digital ID Committee • National Digital ID Co., Ltd (NDID, Blockchain+MQ) • ETDA Connect FIDO/OpenID Connect • Digital Signature Regulation Singapore Malaysia • eID (SingPass) • eID with PKI and fingerprint (MyKad, …) • Online Identification Services (TBD) Japan • National eID My Number Card with JPKI • FIDO in Telecom/Financial/Commerce and others • Digital Signature Regulation

7. | © 2019 Egis Technology Inc. 7 Some more examples

   of Thailand and Taiwan… 7

8. | © 2019 Egis Technology Inc. 8 FIDO in Thailand’s

   National Authentication & Identification Framework 8 Web Application ETD Connect FIDO Server Mobile Authen (IDP) FIDO Relying Party Mobile Authen (IDP) Web server FIDO Authenticator FIDO Client Mobile application User login on browser 1 Authentication request (OpenID Connect) 2 ETDA Connect send back ID Token Authentication request (OpenID Connect) 3 Authentication request server challenge + policy 4 5 User unlock private key (e.g. enter passcode) at mobile app Sign challenge with user’s private key 6 Validate signature with user’s public key 7 IdP returns ID Token to ETDA Connect 8 9 Mobile Authentication NDID Platform

9. | © 2019 Egis Technology Inc. 9 Online Authentication &

   Identification Services in Taiwan MOEACA GCA HCA MOICA XCA FIDO2&UAF ☞ Citizen Service ☞ Health Bank ☞ Labor Services ☞ Tax Filing, e-Invoice ☞ … ☞ TBD: Decentralized Identification & Applications(e.g. Blockchain, Distributed Ledger, …) National Citizen Database 23M 18M 5M 28M ☞Needs:  User Experience  Mobile friendly  Strong & Secure

10. | © 2019 Egis Technology Inc. 10 Deployment Architecture INTRANET

    (Ministry of Interior) PC MOBILE users INTERNET Web server RP server RP server Web server ESB server AP server FIDO server (FIDO2+UAF) DB server Firewall

11. | © 2019 Egis Technology Inc. 11 PKI-based ID Proofing

    for FIDO (2019) On PC’s browser, use MOICA Card or eID Card to request for a code (OTP) Download App on smartphone Online Authentication Platform by MOI Start registration Registration 1 2 Input code on App 3 Enroll on smartphone with Biometrics Done! www Input Code Last Step… 45 6524 4 Input Code 4 5 6 5 2 4 Welcome to Taiwan FIDO Services

12. | © 2019 Egis Technology Inc. 12 Online ID Proofing

    (2020~) Service Portal Online ID Proofing Fill in basic information 1 ID Number Address Name Telephone Birthday Email Upload both sides of ID Card 2 Household Number … Selfie of Face & ID Card 3 Review & Check 4 Approval – Issue OTP 5 Have Card Reader? NO Insert eID Card www Input Code Last Step… 45 6524 YES Kiosk Desktop Have New eID Card? YES NO Mobile App

13. | © 2019 Egis Technology Inc. 13 Over-the-Counter ID Proofing

    (2020~) Present and check dual-identification document and issue OTP Code Download the client authenticator (App) 1 2 Input OTP Code 3 Enroll the biometrics 4 Download App 456524 Code Registration Input Code 4 5 6 5 2 4 Welcome to Taiwan FIDO Services

14. | © 2019 Egis Technology Inc. 14 Use Case #1:

    Access to Citizen Service Portal Identifying…  Identification Services、Human Resource、 Household Administration…  Online Application、Resource Monitoring、 Auditing Logs、Application Logs, … Government Cloud Services Citizen Cloud Services Citizen Service Portal

15. | © 2019 Egis Technology Inc. 15 Use Case #2:

    Access Citizen’s My Data FIDO Health Bank request your approval Request for Authentication Authentication on App Authenticated Access Granted 1 2 3 4 Mobile APP Health Bank App User & Device Login with Password：Need to register with Health ID Card Login with Cards：Need Health ID Card(with passcode) or MOICA Card TO-BE AS-IS www.healthbank.com Welcome to My Health Bank ID Number: A123456789 Fast Login

16. | © 2019 Egis Technology Inc. 16 2. Promotion &

    Expansion 1.Deployment & Pilot • PKI-based ID proofing • MOI’s citizen services • Pilots on inter-ministerial services 3.Open & Popularization Milestones 2019 2019~2020 2020~2021 2022 • Online ID proofing (Selfie & New eID) • Central & Local Government Applications • Support/work with various PKIs • Over-the-Counter ID Proofing • Support/work with non- government services (Telecomm, Finance, etc.) Online application rate: 27.6% Online application rate: 50% 0.5M users 1M users 3M users All Rights Reserved | FIDO Alliance | Copyright 2018

17. | © 2019 Egis Technology Inc. 17 Related Issues &

    Challenges All Rights Reserved | FIDO Alliance | Copyright 2018 01 Account Recovery & ID Proofing 06 FIDO is complementary to PKI/eID/Mobile but also compete to each others 05 FIDO & “Mobile Connect” 02 FIDO & PKI 03 Privacy (Inter-applications) 04 FIDO & Federation • “Class 2”in the APKIC-FIDO white paper • TBD: FIDO & Cloud-based PKI

18. | © 2019 Egis Technology Inc. 18 Pros and Cons

    PKI eID FIDO Mobile ID User Experience Mobility & Device Coverage Ecosystem & Openness Online / Offline Usage Policy & Regulation Cost Effectiveness                       -- --

19. | © 2019 Egis Technology Inc. 19 No More Password!

    From Asia to the World • What Taiwan, Japan and APKIC can do in Asia? • We can do some more TOGETHER!!!

20. QUESTIONS & EXCHANGE [email protected]