Slide 1

Slide 1 text

ύεΩʔ͸ϢʔβʔೝূΛ Ͳ͏ม͑Δͷ͔ʁ ͦͷಛ௃ͱಋೖʹ͓͚Δ՝୊ ҏ౦ ྒ(@ritou) - Developers Summit 2023ʢ2023.02.09-10ʣ

Slide 2

Slide 2 text

ҏ౦ ྒ (@ritou) • גࣜձࣾ MIXI - ΤϯδχΞ • OpenID ϑΝ΢ϯσʔγϣϯɾδϟύϯ - ΤόϯδΣϦετ • Digital Identityؔ࿈ͷϒϩάɺࣥචɺษڧձ… 2

Slide 3

Slide 3 text

ൃදͷ಺༰ • ͜Ε·ͰͷϢʔβʔೝূ • ύεΩʔͷಛ௃ • ύεΩʔಋೖͷϙΠϯτ 3

Slide 4

Slide 4 text

͜Ε·ͰͷϢʔβʔೝূ

Slide 5

Slide 5 text

ύεϫʔυೝূ - Memorized Secrets • ೝূཁૉ : ஌ࣝ • ϢʔβʔɺαʔϏε͕ύεϫʔυΛڞ༗ • Ϣʔβʔ͸هԱ͢Δ • αʔϏε͸҆શʹอଘ • Ϣʔβʔ͔ΒૹΒΕͨϢʔβʔࣝผࢠͱύεϫʔυͷ૊Έ߹ΘͤΛ αʔϏε͕ݕূ͢Δํ๏͕Ұൠత 5

Slide 6

Slide 6 text

ύεϫʔυೝূͷཁ݅ͱ࣮ঢ় • Ϣʔβʔͷཁ݅ • ύεϫʔυΛ๨Εͳ͍ • ਪଌՄೳͳύεϫʔυΛආ͚ɺෳ਺ͷαʔϏεͰ࢖͍·Θ͞ͳ͍ • ύεϫʔυΛୈ̏ऀʹڭ͑ͳ͍ • αʔϏεͷཁ݅ • ύεϫʔυΛ҆શʹ؅ཧ͢Δ • ֤छ߈ܸ͔ΒϢʔβʔΛอޢ͢Δ 6 ←๨ΕΔ

Slide 7

Slide 7 text

ΞΧ΢ϯτϦΧόϦʔ • ͋ΔೝূํࣜͰ “ϩάΠϯͰ͖ͳ͍” ঢ়ଶ͔Βͷճ෮ • ผͷखஈͰ౰ਓೝূ / ਎ݩ֬ೝ + ઃఆมߋ • ผͷೝূํࣜ : SMS͕࢖͑ͳ͍ͷͰόοΫΞοϓίʔυΛར༻ • ొ࿥࣌ͷ਎ݩ֬ೝํ๏Λར༻ : PW࠶ઃఆ༻ͷURLΛϝʔϧૹ৴ • CSܦ༝ͷKYC : ఏग़ࡁΈͷ਎෼ূ໌ॻΛར༻ 7

Slide 8

Slide 8 text

ύεϫʔυೝূͷཁ݅ͱ࣮ঢ় • Ϣʔβʔͷཁ݅ • ύεϫʔυΛ๨Εͳ͍ • ਪଌՄೳͳύεϫʔυΛආ͚ɺෳ਺ͷαʔϏεͰ࢖͍·Θ͞ͳ͍ • ύεϫʔυΛୈ̏ऀʹڭ͑ͳ͍ • αʔϏεͷཁ݅ • ύεϫʔυΛ҆શʹ؅ཧ͢Δ • ֤छ߈ܸ͔ΒϢʔβʔΛอޢ͢Δ 8 ਪଌՄೳͳύεϫʔυΛ ෳ਺αʔϏεͰ࢖͍ճ͢ ෮߸Մೳͳঢ়ଶͰ อଘ͍ͯͨ͠஋͕࿙Ӯ

Slide 9

Slide 9 text

ύεϫʔυϦετ/ύεϫʔυεϓϨʔ ߈ܸ • ύεϫʔυϦετ߈ܸ : ଞαʔϏε͔Β࿙ӮɺϑΟογϯάͰऔಘ͞ Εͨ”(ϝʔϧΞυϨεͳͲؚΉ)Ϣʔβʔࣝผࢠͱύεϫʔυͷ૊Έ߹ Θͤ”Λར༻ͯ͠ϩάΠϯࢼߦ • ύεϫʔυεϓϨʔ߈ܸ : “ϢʔβʔࣝผࢠͷϦετͱΑ͘࢖ΘΕ͍ͯ Δύεϫʔυ”ͷ૊Έ߹ΘͤͰϩάΠϯࢼߦ • ύεϫʔυҎ֎ͷೝূํࣜͱͷ૊Έ߹ΘͤʹΑΔରࡦ͕ඞཁ 9

Slide 10

Slide 10 text

TOTP - Single-Factor OTP Device • ೝূཁૉ : ॴ༗ • Ϣʔβʔ/αʔϏεͰൿີ伴Λڞ༗ɺ • ϞόΠϧΞϓϦͳͲ͕࣌ࠁϕʔεͰੜ੒ͨ͠OTP(RFC6238)Λར༻ • ۚ༥ػؔͳͲͰ͸ϋʔυ΢ΣΞτʔΫϯ͕ར༻͞Ε͍͕ͯͨɺ2010 ೥୅ʹGoogle͕Google Authenticatorͱͱ΋ʹ2ஈ֊ೝূΛఏڙͯ͠ ͔Βීٴ 10

Slide 11

Slide 11 text

SMS OTP - Out-of-Band Devices • ೝূཁૉ : ॴ༗ • SMSܦ༝ͰૹΒΕͨϫϯλΠϜύεϫʔυ(OTP)Λར༻ • αʔϏε͸ొ࿥ࡁΈͷి࿩൪߸ʹOTPΛૹ৴ • Ϣʔβʔ͸ड৴ͨ͠OTPΛαʔϏεʹૹ৴ • Ϣʔβʔͷେྔొ࿥ରࡦͱͯ͠΋࢖ΘΕ͖ͯͨɻαʔϏεଆͷૹ৴ί ετɺ஗Ԇ΍ಧ͔ͳ͍ϦεΫͱ͍͏ϦεΫ΋ແࢹͰ͖ͳ͍ɻ 11

Slide 12

Slide 12 text

Email OTP - Out-of-Band Devices • ೝূཁૉ : ॴ༗ (?) • Emailܦ༝ͰૹΒΕͨϫϯλΠϜύεϫʔυ(OTP)Λར༻ • αʔϏε͸ొ࿥ࡁΈͷϝʔϧΞυϨεʹOTPΛૹ৴ • Ϣʔβʔ͸ड৴ͨ͠OTPΛαʔϏεʹૹ৴ 12

Slide 13

Slide 13 text

ೝূ༻ΞϓϦ - Out-of-Band Devices • ೝূཁૉ : ॴ༗ • ೝূ༻ͷ୺຤΍ϞόΠϧΞϓϦ΁ͷϓογϡ௨஌Λར༻ • αʔϏε͸Ϣʔβʔʹඥ͚ͮΒΕͨ୺຤/ΞϓϦʹϓογϡ௨஌ • Ϣʔβʔ͸୺຤/ΞϓϦͰϩάΠϯ͢Δ͜ͱΛڐՄ • MFAർ࿑߈ܸ(MFA fatigue attacks) ͕࿩୊ʹ 13

Slide 14

Slide 14 text

όοΫΞοϓίʔυ - Look-Up Secrets • ೝূཁૉ : ॴ༗ • ͋Β͔͡ΊϢʔβʔʹ഑෍ͨ͠୯Ұ΋͘͠͸ෳ਺ͷจࣈྻΛར༻ • SMS͕ड৴Ͱ͖ͳ͍ • ೝূ༻ΞϓϦ͕ར༻Ͱ͖ͳ͍ • 2ཁૉ/2ஈ֊ೝূΛઃఆ͢Δࡍʹ߹Θͤͯઃఆͤ͞Δͷ͕Ұൠత 14

Slide 15

Slide 15 text

ύεϫʔυೝূͷཁ݅ͱ࣮ঢ় • Ϣʔβʔͷཁ݅ • ύεϫʔυΛ๨Εͳ͍ • ਪଌՄೳͳύεϫʔυΛආ͚ɺෳ਺ͷαʔϏεͰ࢖͍·Θ͞ͳ͍ • ύεϫʔυΛୈ̏ऀʹڭ͑ͳ͍ • αʔϏεͷཁ݅ • ύεϫʔυΛ҆શʹ؅ཧ͢Δ • ֤छ߈ܸ͔ΒϢʔβʔΛอޢ͢Δ 15 ←ϑΟογϯάαΠτʹ ೖྗͯ͠͠·͏

Slide 16

Slide 16 text

ϑΟογϯά߈ܸ • IPA ৘ใηΩϡϦςΟ10େڴҖ2023 ݸਓ޲͚1Ґ(2࿈೼த) • 2ஈ֊ೝূɺ2ཁૉೝূΛར༻ͯ͠΋ඃ֐ʹૺ͏Մೳੑ͕͋Δ • Adversary-in-the-MiddleʢAiTMʣ 16 ग़య : ৘ใηΩϡϦςΟ10େڴҖ 2023ɿIPA ಠཱߦ੓๏ਓ ৘ใॲཧਪਐػߏ https://www.ipa.go.jp/security/vuln/10threats2023.html

Slide 17

Slide 17 text

Adversary-in-the- MiddleʢAiTMʣ • ϑΟογϯάαΠτ͕தؒऀͱͳ Γਖ਼نͷαʔϏεʹϩάΠϯࢼߦ • ύεϫʔυ + SMS/Email OTP • ύεϫʔυ + ೝূΞϓϦ • ੒ޭ͢ΔͱϩάΠϯηογϣϯࣗ ମ(Cookie/Token)ΛऔಘՄೳ ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹ further fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from- cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/

Slide 18

Slide 18 text

Adversary-in-the-MiddleʢAiTMʣͷ࢓૊Έ 18 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ example.com example.net

Slide 19

Slide 19 text

Adversary-in-the-MiddleʢAiTMʣͷ࢓૊Έ 19 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ example.com example.net

Slide 20

Slide 20 text

Adversary-in-the-MiddleʢAiTMʣͷ࢓૊Έ 20 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ 50514.4051 ೖྗը໘Λදࣔ example.com example.net

Slide 21

Slide 21 text

Adversary-in-the-MiddleʢAiTMʣͷ࢓૊Έ 21 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ 50514.4051 ೖྗը໘Λදࣔ 50514.4051Λ ਖ਼نαʔϏεʹૹΔ example.com example.net

Slide 22

Slide 22 text

Adversary-in-the-MiddleʢAiTMʣͷ࢓૊Έ 22 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ 50514.4051 ೖྗը໘Λදࣔ 50514.4051Λ ਖ਼نαʔϏεʹૹΔ ϩάΠϯηογϣϯΛ औಘՄೳ example.com example.net

Slide 23

Slide 23 text

Ϣʔβʔ/αʔϏε͕ͱΕΔϑΟογϯάରࡦ • Ϣʔβʔ͕ύεϫʔυϚωʔδϟʔͷར༻ : ύεϫʔυ΍TOTPઃఆΛ ΦϦδϯ(υϝΠϯ)ͱඥ෇͚ͯ؅ཧ͠ɺҰக͍ͯ͠Δ΋ͷ͕ϑΥʔϜ ೖྗ࣌ʹબ୒Մೳ • αʔϏε͕WebOTPͷ࠾༻ : ૹ৴ͨ͠SMSϝοηʔδʹؚ·ΕΔΦϦ δϯ(υϝΠϯ)ͱOTPͷೖྗΛଅ͍ͯ͠ΔURL͕Ұக͍ͯ͠Ε͹ड৴ ͨ͠SMSʹؚ·ΕΔOTPͷ஋͕ϑΥʔϜʹࣗಈೖྗ 23

Slide 24

Slide 24 text

ύεϫʔυϚωʔδϟʔʹΑΔରࡦ 24 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ਖ਼نαʔϏεͷύεϫʔυ͕ ϑΟογϯάαʔϏεʹ͸ఏҊ͞Εͳ͍ example.com example.net

Slide 25

Slide 25 text

WebOTPʹΑΔରࡦ 25 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ 50514.4051 ೖྗը໘Λදࣔ ϑΟογϯάαʔϏεʹ͸051ࣗಈೖྗ͕ߦΘΕͳ͍ example.com example.net

Slide 26

Slide 26 text

• ೝূཁૉ : ॴ༗ • ϋʔυ΢ΣΞσόΠε಺ʹ҆શʹอ࣋͞Εͨ҉߸伴Λ༻͍ͨެ։伴ೝ ূΛར༻ • ηΩϡϦςΟΩʔΛࢦ͚ͩ͢ɺ৮ΕΔ(≠ੜମೝূ)͚ͩͰར༻Մೳ • ύεϫʔυೝূͱ૊Έ߹Θͤͨ2ஈ֊ೝূͰͷར༻͕޿·ͬͨ 26 FIDO w/ User Presence - Single-Factor Cryptographic Device/Software

Slide 27

Slide 27 text

FIDO w/ User Veri fi cation - Multi-Factor Cryptographic Software/Device • ೝূཁૉ : ॴ༗ + ஌ࣝ/ੜମ • ϋʔυ΢ΣΞσόΠε಺ʹ҆શʹอ࣋͞Εͨ҉߸伴Λ༻͍ͨެ։伴ೝ ূ ͱ ϩοΫղআͳͲͰ࢖ΘΕΔϩʔΧϧೝূ ͷ૊Έ߹Θͤ • ηΩϡϦςΟΩʔ + PIN • εϚʔτϑΥϯ / PC + ը໘ϩοΫղআ 27

Slide 28

Slide 28 text

FIDOͷϑΟογϯά଱ੑ • WebAuthn : WebΞϓϦέʔγϣϯͰFIDOΛར༻͢ΔͨΊͷϒϥ΢ βAPI • ར༻αʔϏε͸ࣗ਎ͷΦϦδϯ(υϝΠϯ)Λࢦఆ • ϒϥ΢β͸ͦͷ஋Λݕূͯ͠ෆҰகͷ৔߹͸ೝূෆՄೳ • ϑΟογϯάαΠτͱਖ਼نαʔϏε͕γεςϜతʹ۠ผ͞ΕΔ 28

Slide 29

Slide 29 text

FIDOͷϑΟογϯά଱ੑ 29 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ '*%0ʹΑΔ ௥ՃೝূΛཁٻ example.net example.com

Slide 30

Slide 30 text

FIDOͷϑΟογϯά଱ੑ 30 ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther fi nancial fraud - Microsoft Security Blog https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further- fi nancial-fraud/ ύεϫʔυΛਖ਼ن αʔϏεʹૹΔ '*%0ʹΑΔ ௥ՃೝূΛཁٻ example.net ϑΟογϯάαΠτʹਖ਼نαʔϏεͷೝূ৘ใ͸ૹΒΕͳ͍ example.com

Slide 31

Slide 31 text

FIDOͷ՝୊ • 伴؅ཧͷݎ࿚ੑΏ͑ͷϦΧόϦʔࠔ೉໰୊ • Authenticator(ηΩϡϦςΟΩʔɺରԠ୺຤)͕յΕͨɺແͨ͘͠ɺ ങ͍ସ͑ͨ৔߹ʹอଘ͞Ε͍ͯΔ҉߸伴͕ར༻Ͱ͖ͳ͘ͳΓɺશͯ ͷαʔϏεͰ࠶ొ࿥͕ඞཁ • όοΫΞοϓ • ೝূڧ౓Λམͱͣ͞ɺϑΟογϯά଱ੑΛอͭʹ͸ෳ਺ͷ Authenticatorͷొ࿥͕ඞཁ 31

Slide 32

Slide 32 text

ύεΩʔͷಛ௃

Slide 33

Slide 33 text

ύεΩʔ : FIDO multi-device credentials • 伴؅ཧΛσόΠε͔ΒϢʔβʔʹ • ϓϥοτϑΥʔϜϢʔβʔͱඥ෇͚ : Apple, Google, MS Account • ύεϫʔυϚωʔδϟʔ : 1Password(༧ఆ) • ͜Ε·ͰͷFIDOʹ͋ͬͨ伴؅ཧͷݎ࿚ੑ͸ࣦΘΕΔ͕ɺόοΫΞο ϓΛՄೳʹ͢Δ͜ͱͰ “ϑΟογϯά଱ੑΛ࣋ͪརศੑͷߴ͍ೝূํ ࣜ” ͱͯ͠ීٴΛૂ͏ 33

Slide 34

Slide 34 text

ύεΩʔͷڍಈ : https://webauthn.io 34 • ύεΩʔͷొ࿥(ੜ੒) : ֬ೝը໘ -> ϩʔΧϧೝূ(ੜମ/PIN) ϩʔΧϧೝূ ੜମ 1*/ ύλʔϯ

Slide 35

Slide 35 text

ύεΩʔͷڍಈ : https://webauthn.io 35 • ύεΩʔͰϩάΠϯ : ύεΩʔબ୒ը໘ -> ϩʔΧϧೝূ(ੜମ/PIN) ϩʔΧϧೝূ ੜମ 1*/ ύλʔϯ ผ୺຤͔Β΋ ಉ༷ʹར༻Մೳ

Slide 36

Slide 36 text

ରԠ؀ڥ • “ύεΩʔରԠ؀ڥ” ≠ “FIDO multi-device credentials” ʹ஫ҙ͕ඞཁ • ϓϥοτϑΥʔϜɺ୺຤ɺϒϥ΢βͷ૊Έ߹ΘͤͰڍಈ͕ܾ·Δ • ύεΩʔ͕ಉظ͞ΕΔ΋ͷ : Safari on MacOS/iOS/iPadOS, Android + Chrome/Firefox • ύεΩʔ͕ಉظ͞Εͳ͍΋ͷ : Chrome on MacOS… 36

Slide 37

Slide 37 text

“hybrid” transport • “ผ୺຤ͷύεΩʔΛར༻ͯ͠ϩάΠϯ” ͕ՄೳʹͳΔ࢓૊Έ • QRίʔυ + BLE Ͱ઀ଓͨ͠୺຤ͷύεΩʔΛར༻Մೳ 37

Slide 38

Slide 38 text

Conditional UI / Auto fi ll • Ϣʔβʔ໊/ϝʔϧΞυϨεೖྗϑΥʔϜʹར༻ՄೳͳύεΩʔ͕දࣔ ͞Εɺબ୒͢ΔͱύεΩʔͷೝূ͕࢝·Δ • طଘͷೝূํࣜͷUI͔Βͷ ”γϣʔτΧοτ” ͕Մೳ 38

Slide 39

Slide 39 text

ύεΩʔಋೖͷϙΠϯτ

Slide 40

Slide 40 text

ύεΩʔಋೖʹΑΓ࣮ݱ͍ͨ͜͠ͱ • શମ/ಛఆϢʔβʔͷ҆શੑ޲্ʁ • ඞཁͳೝূڧ౓ɺରԠ؀ڥΛࡉ͔͘ҙࣝ͢Δඞཁ͋Γ • ೚ҙͰͷϑΟογϯά଱ੑͱརศੑ޲্ʁ • γϯϓϧʹೝূํࣜΛ”૿΍͢”ײ֮ 40

Slide 41

Slide 41 text

ID࿈ܞͱͷؔ܎ • ID࿈ܞΛఏڙ/ར༻͢ΔଆͦΕͧΕʹύεΩʔରԠͷϝϦοτ͕͋Δ • Identity Provider(IdP) : ύεΩʔʹରԠ͢Δ͜ͱͰ࿈ܞ͢ΔRP΋ͦ ͷԸܙΛड͚ΒΕΔ • Relying Party(RP) : IdPʹґଘ͠ͳ͍҆શੑͱརศੑͷߴ͍ೝূํࣜ Λར༻Մೳ 41

Slide 42

Slide 42 text

ಋೖύλʔϯ • ϝΠϯͷೝূํࣜͱͯ͠ಋೖɺಛఆػೳΛར༻͢ΔࡍʹඞਢԽ • Φϓγϣφϧͳೝূํࣜͱͯ͠ಋೖ • ௚઀ಋೖ͸͠ͳ͍͕ɺಋೖ͍ͯ͠ΔIdPͱID࿈ܞ • OpenID ConnectͰ͸IdPͰ࣮ࢪͨ͠ೝূํࣜͷछྨɺಛ௃Λ఻ୡ ͢Δύϥϝʔλ͕͋Δ 42

Slide 43

Slide 43 text

ύεΩʔಋೖ࣌ͷݕ౼ࣄ߲ - ύεΩʔͷొ࿥ • ͍ͭొ࿥ΛٻΊΔ͔ • Ϣʔβʔͷ৽نొ࿥ͷࡍʹཁٻʁಛఆػೳΛ࢖͏࣌ʁ೚ҙʁ • ొ࿥࣌ͷೝূڧ౓ • ॳճ͸ݱঢ়औΓ͏ΔೝূํࣜΛཁٻ͔ͯ͠Βʁ • 2ͭ໨Ҏ߱͸طʹొ࿥ࡁΈͷύεΩʔͰͷೝূΛٻΊΔʁ • ೝূڧ౓ʹറΓ͕ͳ͍ͳΒͦͷ··ʁ 43

Slide 44

Slide 44 text

ύεΩʔಋೖ࣌ͷݕ౼ࣄ߲ - ϩάΠϯ • ύεΩʔ͕ಉظ͞Ε͍ͯͳ͍؀ڥ • ผ୺຤ͰͷύεΩʔΛར༻ʁ : “hybrid transport” • ೝূڧ౓Λམͱͤͳ͍ͷͰͦͷ؀ڥͰ͸ར༻ෆՄೳʁ • ೚ҙͷಋೖͳͷͰผͷೝূํࣜΛར༻ʁ 44

Slide 45

Slide 45 text

ύεΩʔಋೖ࣌ͷݕ౼ࣄ߲ - ࠶ೝূ • ༗ޮظݶ੾Εɺॏཁͳॲཧͷલʹ࠶ೝূΛඞཁͱ͢Δ͔ • ࠷ऴϩάΠϯ͔ΒҰఆظؒܦͬͨΒύεΩʔʹΑΔ࠶ೝূΛཁٻʁ • ॏཁͳॲཧͷલʹ͸ຖճɺύεΩʔʹΑΔ࠶ೝূΛཁٻʁ • ύεΩʔͰ࠶ೝূͨ͠ΒҰఆظؒ͸࠶ೝূ͕লུʁ • ࠶ೝূ͕ඞཁͱͳΔΑ͏ͳॲཧ͸ଘࡏ͠ͳ͍͠ɺ༗ޮظݶ੾Εͷ৔ ߹͸ϩάΞ΢τঢ়ଶͱͯ͠ѻ͏ʁ 45

Slide 46

Slide 46 text

ύεΩʔಋೖ࣌ͷݕ౼ࣄ߲ - ϦΧόϦʔ • ύεΩʔ͕࢖͑ͳ͍ঢ়گʹ͓͍ͯɺϢʔβʔʹԿΛཁٻ͠ɺԿΛ෮چ ͢Δ͔ • ໰͍߹Θ͔ͤΒͷKYCͳͲͰϢʔβʔΛ֬ೝ͠ɺ࠶౓ύεΩʔΛొ ࿥ͤ͞Δʁ • ผͷೝূํࣜΛ࢖͍ɺύεΩʔΛ࠶౓ొ࿥ʁ 46

Slide 47

Slide 47 text

·ͱΊ

Slide 48

Slide 48 text

·ͱΊ • ݱঢ়࢖ΘΕ͍ͯΔϢʔβʔೝূํࣜͰ͸ϑΟογϯά଱ੑ͕՝୊ • ύεΩʔ͸FIDO(WebAuthn)ͷϑΟογϯά଱ੑɺϩʔΧϧೝূͷར ศੑΛอͪͭͭɺϦΧόϦʔͷ՝୊Λվળͨ͠࢓૊Έ • ύεΩʔͷಋೖύλʔϯɺಋೖʹ͋ͨΓߟྀ͢΂͖ϙΠϯτ͕͋Δ 48

Slide 49

Slide 49 text

׬ ҙݟɺײ૝ɺ࣭໰ ͓଴͓ͪͯ͠Γ·͢ɻ