in Asia May 29, 2019 Karen Chang Vice President of Egis Technology Board Representative of FIDO Alliance Wei-Chung Hwang Deputy General Director, Institute for Information Industry
(1) • Asia PKI Forum founded in 2001, transformed to Asia PKI Consortium in 2007, with leading organizations from Asia area supported by government and industrial sectors • Objectives: ▸ Promote the applications of PKI in e-commerce, e- government, e-financial, etc. ▸ Advance the interoperability among PKIs in countries in the Asia region ▸ Collaboration with global community to deliver a comprehensive framework of e-authentication
(2) Policy and Technology Promotion and Awareness Asia PKI Interoperability Guideline CA Responsibilities and Liability Legal Issues on New Security Technologies Mutual Recognition of National PKIs (Greater China, ASEAN) Cross Border Applications(Trade, Financial) FIDO UAF and PKI in Asia - Case Study and Recommendation Asia PKI Case Study Asia PKI Company List and Total Solutions Asia PKI Best Practice Award Asia PKI Innovation Award PKI Market Survey International Collaboration(PAA, AFACT, APSCA, FIDO, etc.)
& FIDO Alliance • TAIWAN – Chung-Yi Lin. Chunghwa Telecom – Eric Fan. National Taiwan University of Science and Technology, NTUST – Wei-Chung Hwang. Industrial Technology Research Institute, ITRI – Karen Chang. Taiwan Association of Information and Communication Standards, TAICS; Egis Technology Inc.; Asia PKI Consortium, APKIC; FIDO Alliance – Oliver Lien and Robin Lin. Taiwan-CA Inc., TWCA • USA – George Tang. Egis Technology Inc. • KOREA – Jonghyun Baek. Korea Internet and Security Agency, KISA • MACAO – Phoebe Ip. Macao Post and Telecommunications; eSignTrust Certification Services • THAILAND – Thitikorn Trakoonsirisak. Electronic Transactions Development Agency, ETDA • INDIA – Vijay Kumar. eMudhra
& PKI in Asia China Korea Macao Thailand India Taiwan Hong Kong • eID by MPS with PKI • Domain/Regional PKI CFCA, BJCA, … • FIDO in Chinese FCWG • National eID (UIDAI) AADHAAR (Fingerprint & IRIS) • National PKI (CCA) eMudhra, (n)Code, … - Financial, Government, Procurement, … • Digital Signature Regulation • Nation eID NID card & i-PIN • FIDO in Telecom/Financial/Government and others • National PKI (KISA) NPKI & K-FIDO Financial, Commerce, Government… • Digital Signature Regulation • Private Sector TWID (Financial Identification with PKI)+FIDO TWID + Mobile ID FIDO for Internet Banking • Government Sector National FIDO & Government PKI (MOICA for Citizen) • Telecom (FIDO-based CRM) • Digital Signature Regulation • Hongkong Post, Macau Post - eID with PKI (and FIDO) • Digital Signature Regulation • National PKI (NRCA by ETDA) • eID (not active yet) • Digital ID Committee • National Digital ID Co., Ltd (NDID, Blockchain+MQ) • ETDA Connect FIDO/OpenID Connect • Digital Signature Regulation Singapore Malaysia • eID (SingPass) • eID with PKI and fingerprint (MyKad, …) • Online Identification Services (TBD) Japan • National eID My Number Card with JPKI • FIDO in Telecom/Financial/Commerce and others • Digital Signature Regulation
National Authentication & Identification Framework 8 Web Application ETD Connect FIDO Server Mobile Authen (IDP) FIDO Relying Party Mobile Authen (IDP) Web server FIDO Authenticator FIDO Client Mobile application User login on browser 1 Authentication request (OpenID Connect) 2 ETDA Connect send back ID Token Authentication request (OpenID Connect) 3 Authentication request server challenge + policy 4 5 User unlock private key (e.g. enter passcode) at mobile app Sign challenge with user’s private key 6 Validate signature with user’s public key 7 IdP returns ID Token to ETDA Connect 8 9 Mobile Authentication NDID Platform
(Ministry of Interior) PC MOBILE users INTERNET Web server RP server RP server Web server ESB server AP server FIDO server (FIDO2+UAF) DB server Firewall
for FIDO (2019) On PC’s browser, use MOICA Card or eID Card to request for a code (OTP) Download App on smartphone Online Authentication Platform by MOI Start registration Registration 1 2 Input code on App 3 Enroll on smartphone with Biometrics Done! www Input Code Last Step… 45 6524 4 Input Code 4 5 6 5 2 4 Welcome to Taiwan FIDO Services
(2020~) Service Portal Online ID Proofing Fill in basic information 1 ID Number Address Name Telephone Birthday Email Upload both sides of ID Card 2 Household Number … Selfie of Face & ID Card 3 Review & Check 4 Approval – Issue OTP 5 Have Card Reader? NO Insert eID Card www Input Code Last Step… 45 6524 YES Kiosk Desktop Have New eID Card? YES NO Mobile App
Access Citizen’s My Data FIDO Health Bank request your approval Request for Authentication Authentication on App Authenticated Access Granted 1 2 3 4 Mobile APP Health Bank App User & Device Login with Password:Need to register with Health ID Card Login with Cards:Need Health ID Card(with passcode) or MOICA Card TO-BE AS-IS www.healthbank.com Welcome to My Health Bank ID Number: A123456789 Fast Login
Expansion 1.Deployment & Pilot • PKI-based ID proofing • MOI’s citizen services • Pilots on inter-ministerial services 3.Open & Popularization Milestones 2019 2019~2020 2020~2021 2022 • Online ID proofing (Selfie & New eID) • Central & Local Government Applications • Support/work with various PKIs • Over-the-Counter ID Proofing • Support/work with non- government services (Telecomm, Finance, etc.) Online application rate: 27.6% Online application rate: 50% 0.5M users 1M users 3M users All Rights Reserved | FIDO Alliance | Copyright 2018
Challenges All Rights Reserved | FIDO Alliance | Copyright 2018 01 Account Recovery & ID Proofing 06 FIDO is complementary to PKI/eID/Mobile but also compete to each others 05 FIDO & “Mobile Connect” 02 FIDO & PKI 03 Privacy (Inter-applications) 04 FIDO & Federation • “Class 2”in the APKIC-FIDO white paper • TBD: FIDO & Cloud-based PKI