Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Status and Development of Online Authentication Applications for Public Services in Asia

Status and Development of Online Authentication Applications for Public Services in Asia

LINE Developers

May 29, 2019
Tweet

More Decks by LINE Developers

Other Decks in Technology

Transcript

  1. Status and Development of Online Authentication
    Applications for Public Services in Asia
    May 29, 2019
    Karen Chang
    Vice President of Egis Technology
    Board Representative of FIDO Alliance
    Wei-Chung Hwang
    Deputy General Director,
    Institute for Information Industry

    View full-size slide

  2. | © 2019 Egis Technology Inc. 2
    Background of APKIC (1)
    • Asia PKI Forum founded in 2001,
    transformed to Asia PKI Consortium in
    2007, with leading organizations from
    Asia area supported by government and
    industrial sectors
    • Objectives:
    ▸ Promote the applications of PKI in e-commerce, e-
    government, e-financial, etc.
    ▸ Advance the interoperability among PKIs in countries in the
    Asia region
    ▸ Collaboration with global community to deliver a
    comprehensive framework of e-authentication

    View full-size slide

  3. | © 2019 Egis Technology Inc. 3
    Background of APKIC (2)
    Policy and Technology Promotion and Awareness
     Asia PKI Interoperability Guideline
     CA Responsibilities and Liability
     Legal Issues on New Security
    Technologies
     Mutual Recognition of National PKIs
    (Greater China, ASEAN)
     Cross Border Applications(Trade,
    Financial)
     FIDO UAF and PKI in Asia - Case
    Study and Recommendation
     Asia PKI Case Study
     Asia PKI Company List and Total
    Solutions
     Asia PKI Best Practice Award
     Asia PKI Innovation Award
     PKI Market Survey
     International Collaboration(PAA,
    AFACT, APSCA, FIDO, etc.)

    View full-size slide

  4. | © 2019 Egis Technology Inc. 4
    2018 Work Plan of APKIC
    • FIDO-PKI White Paper

    View full-size slide

  5. | © 2019 Egis Technology Inc. 5
    Contributors from APKIC & FIDO Alliance
    • TAIWAN
    – Chung-Yi Lin. Chunghwa Telecom
    – Eric Fan. National Taiwan University of Science and Technology, NTUST
    – Wei-Chung Hwang. Industrial Technology Research Institute, ITRI
    – Karen Chang. Taiwan Association of Information and Communication Standards, TAICS; Egis Technology Inc.;
    Asia PKI Consortium, APKIC; FIDO Alliance
    – Oliver Lien and Robin Lin. Taiwan-CA Inc., TWCA
    • USA
    – George Tang. Egis Technology Inc.
    • KOREA
    – Jonghyun Baek. Korea Internet and Security Agency, KISA
    • MACAO
    – Phoebe Ip. Macao Post and Telecommunications; eSignTrust Certification Services
    • THAILAND
    – Thitikorn Trakoonsirisak. Electronic Transactions Development Agency, ETDA
    • INDIA
    – Vijay Kumar. eMudhra

    View full-size slide

  6. | © 2019 Egis Technology Inc. 6
    Updates for FIDO & PKI in Asia
    China
    Korea
    Macao
    Thailand
    India
    Taiwan
    Hong Kong
    • eID by MPS with PKI
    • Domain/Regional PKI
    CFCA, BJCA, …
    • FIDO in Chinese
    FCWG
    • National eID (UIDAI)
    AADHAAR (Fingerprint & IRIS)
    • National PKI (CCA)
    eMudhra, (n)Code, …
    - Financial, Government,
    Procurement, …
    • Digital Signature Regulation
    • Nation eID
    NID card & i-PIN
    • FIDO in Telecom/Financial/Government and
    others
    • National PKI (KISA)
    NPKI & K-FIDO
    Financial, Commerce, Government…
    • Digital Signature Regulation
    • Private Sector
    TWID (Financial Identification with PKI)+FIDO
    TWID + Mobile ID
    FIDO for Internet Banking
    • Government Sector
    National FIDO & Government PKI (MOICA for Citizen)
    • Telecom (FIDO-based CRM)
    • Digital Signature Regulation
    • Hongkong Post, Macau Post -
    eID with PKI (and FIDO)
    • Digital Signature Regulation
    • National PKI (NRCA by ETDA)
    • eID (not active yet)
    • Digital ID Committee
    • National Digital ID Co., Ltd
    (NDID, Blockchain+MQ)
    • ETDA Connect
    FIDO/OpenID Connect
    • Digital Signature Regulation
    Singapore
    Malaysia
    • eID (SingPass)
    • eID with PKI and fingerprint (MyKad, …)
    • Online Identification Services (TBD)
    Japan
    • National eID
    My Number Card with JPKI
    • FIDO in Telecom/Financial/Commerce and others
    • Digital Signature Regulation

    View full-size slide

  7. | © 2019 Egis Technology Inc. 7
    Some more examples of Thailand and Taiwan…
    7

    View full-size slide

  8. | © 2019 Egis Technology Inc. 8
    FIDO in Thailand’s National Authentication &
    Identification Framework
    8
    Web
    Application
    ETD
    Connect
    FIDO Server
    Mobile Authen (IDP)
    FIDO Relying Party
    Mobile Authen (IDP)
    Web server
    FIDO Authenticator
    FIDO Client
    Mobile application
    User login on browser
    1
    Authentication request
    (OpenID Connect)
    2
    ETDA Connect send back
    ID Token
    Authentication request
    (OpenID Connect)
    3
    Authentication request
    server challenge + policy
    4
    5 User unlock private key (e.g. enter passcode)
    at mobile app
    Sign challenge with user’s
    private key
    6
    Validate signature
    with user’s public key
    7
    IdP returns ID Token
    to ETDA Connect
    8
    9
    Mobile Authentication
    NDID
    Platform

    View full-size slide

  9. | © 2019 Egis Technology Inc. 9
    Online Authentication & Identification Services in Taiwan
    MOEACA
    GCA
    HCA
    MOICA
    XCA
    FIDO2&UAF
    ☞ Citizen Service
    ☞ Health Bank
    ☞ Labor Services
    ☞ Tax Filing, e-Invoice
    ☞ …
    ☞ TBD: Decentralized Identification &
    Applications(e.g. Blockchain,
    Distributed Ledger, …)
    National
    Citizen
    Database
    23M
    18M
    5M
    28M
    ☞Needs:
     User Experience
     Mobile friendly
     Strong & Secure

    View full-size slide

  10. | © 2019 Egis Technology Inc. 10
    Deployment Architecture
    INTRANET
    (Ministry of Interior)
    PC
    MOBILE
    users
    INTERNET
    Web server
    RP server
    RP
    server
    Web
    server
    ESB
    server
    AP
    server
    FIDO server
    (FIDO2+UAF)
    DB
    server
    Firewall

    View full-size slide

  11. | © 2019 Egis Technology Inc. 11
    PKI-based ID Proofing for FIDO (2019)
    On PC’s browser, use MOICA Card or eID Card to request for a code (OTP)
    Download App on smartphone
    Online Authentication
    Platform by MOI
    Start registration
    Registration 1
    2
    Input code
    on App
    3 Enroll on smartphone
    with Biometrics
    Done!
    www
    Input Code
    Last Step…
    45 6524
    4
    Input Code
    4 5 6 5 2 4
    Welcome to
    Taiwan FIDO Services

    View full-size slide

  12. | © 2019 Egis Technology Inc. 12
    Online ID Proofing (2020~)
    Service Portal
    Online ID
    Proofing
    Fill in basic information
    1
    ID Number Address
    Name Telephone
    Birthday Email
    Upload both sides of ID Card
    2
    Household
    Number

    Selfie of Face & ID Card
    3 Review & Check
    4 Approval – Issue OTP
    5
    Have Card
    Reader?
    NO
    Insert eID Card
    www
    Input Code
    Last Step…
    45 6524
    YES
    Kiosk
    Desktop
    Have New
    eID Card?
    YES
    NO
    Mobile App

    View full-size slide

  13. | © 2019 Egis Technology Inc. 13
    Over-the-Counter ID Proofing (2020~)
    Present and check dual-identification document and issue OTP Code
    Download the client authenticator (App)
    1
    2
    Input OTP Code
    3 Enroll the biometrics
    4
    Download
    App
    456524
    Code
    Registration
    Input Code
    4 5 6 5 2 4
    Welcome to
    Taiwan FIDO Services

    View full-size slide

  14. | © 2019 Egis Technology Inc. 14
    Use Case #1: Access to Citizen Service Portal
    Identifying…
     Identification Services、Human Resource、
    Household Administration…
     Online Application、Resource Monitoring、
    Auditing Logs、Application Logs, …
    Government Cloud Services
    Citizen Cloud Services
    Citizen Service
    Portal

    View full-size slide

  15. | © 2019 Egis Technology Inc. 15
    Use Case #2: Access Citizen’s My Data
    FIDO
    Health Bank
    request your
    approval
    Request for
    Authentication
    Authentication
    on App
    Authenticated
    Access Granted
    1
    2
    3
    4
    Mobile APP
    Health Bank App
    User & Device
    Login with Password:Need to register
    with Health ID Card
    Login with Cards:Need Health ID
    Card(with passcode) or MOICA Card
    TO-BE
    AS-IS
    www.healthbank.com
    Welcome to My Health Bank
    ID Number: A123456789
    Fast Login

    View full-size slide

  16. | © 2019 Egis Technology Inc. 16
    2. Promotion
    & Expansion
    1.Deployment
    & Pilot • PKI-based ID proofing
    • MOI’s citizen services
    • Pilots on inter-ministerial services
    3.Open &
    Popularization
    Milestones
    2019
    2019~2020
    2020~2021
    2022
    • Online ID proofing (Selfie & New eID)
    • Central & Local Government
    Applications
    • Support/work with various PKIs
    • Over-the-Counter ID
    Proofing
    • Support/work with non-
    government services
    (Telecomm, Finance, etc.)
    Online application
    rate: 27.6%
    Online application
    rate: 50%
    0.5M users
    1M users
    3M users
    All Rights Reserved | FIDO Alliance | Copyright 2018

    View full-size slide

  17. | © 2019 Egis Technology Inc. 17
    Related Issues & Challenges
    All Rights Reserved | FIDO Alliance | Copyright 2018
    01 Account Recovery &
    ID Proofing
    06 FIDO is complementary
    to PKI/eID/Mobile but also
    compete to each others
    05 FIDO & “Mobile Connect”
    02 FIDO & PKI
    03 Privacy (Inter-applications) 04 FIDO & Federation
    • “Class 2”in the APKIC-FIDO white
    paper
    • TBD: FIDO & Cloud-based PKI

    View full-size slide

  18. | © 2019 Egis Technology Inc. 18
    Pros and Cons
    PKI eID
    FIDO
    Mobile ID
    User Experience
    Mobility & Device Coverage
    Ecosystem & Openness
    Online / Offline Usage
    Policy & Regulation
    Cost Effectiveness
     
    
      
    
      
    
      
    
      
      

    -- --

    View full-size slide

  19. | © 2019 Egis Technology Inc. 19
    No More Password!
    From Asia to the World
    • What Taiwan, Japan and APKIC can do in Asia?
    • We can do some more TOGETHER!!!

    View full-size slide