"IoT Authentication for Emergency & Offline Payment

during Earthquake, Power Disruption, Typhoon”

Unho Choi, Ph.D. UNHCR

PKI (ITU X.509) for On-line & Off-line

Offline e-Gov. + Disaster Situation

International Donation ?UNHCR Cash ?Global Fund ?WFP electronic cards ? NGO ?

ATM ? POS ? Bank ?

IoT Authentication ?

Copyright © Unho Choi 2015

FIDO Alliance

Bio Sensor + PKI = Secure Domain (FIDO)

Tokenization with Dynamic code(OTP)

= ?

“B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58”

Authentication Server

APPLE PKI ?

PanamaPanamaPanamaPanama

VietnamVietnamVietnamVietnam

PhilippinesPhilippinesPhilippinesPhilippines

EgyptEgyptEgyptEgypt

KenyaKenyaKenyaKenyaIndonesiaIndonesiaIndonesiaIndonesia

completedcompletedcompletedcompleted ProceedingProceedingProceedingProceeding StartedStartedStartedStarted

EquatorEquatorEquatorEquator

CamerooCameroonnCamerooCameroonn

BruneiBruneiBruneiBrunei

MoroccMoroccooMoroccMoroccoo

Costa Costa RicaRicaCosta Costa RicaRica

IranIranIranIran

MongoliaMongoliaMongoliaMongolia

RwandaRwandaRwandaRwanda JordanJordanJordanJordan

IraqIraqIraqIraq

Nigeria, Kenya ……

ICAO, e-UNLP ……

US, France, Sweden, Germany, Turkey, Norway ……

PKI – DEVELOPING COUNTRY

Public Key Certificate

Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key

Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature

Extended Validation

(Empty)

Public Key Certificate

Version / Serial Number / Signature algorithm / Hash algorithm / Issuer Name / Validity Period / Public Key

Subject Distinguished Name / Subject Public Key Information / Issuer’s Signature

Extended Validation

Biometric Code + at least one of Additional Code

< Before user registration >

< After user registration >

Bar Code/ QR / UPC / RFID / URL /CRL / PUF/ GS1/ GSIN / IPv6 / MAC / MAC/ Cryptographic hash functions address/unique identification information etc.

PKI (ITU X.509)

“B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58

Copyright © Unho Choi May 2015

Multi App

1 App

eService

3 App´s 5 App´s 10 App´s

eServiceeHealtheTicketing

eServiceeDLeGateeBankingeLibrary

eIDeServiceeHealtheTicketingATMeDLePurseeGatesTravel document

ExampleFinlandFINID

FinlandFINID

ItalyCNS

ItalyCNS

Hong KongHKSAR

Hong KongHKSAR

MalaysiaMyKad

MalaysiaMyKad

Muiti Application on e-ID

Sample

National ID

PKI+

Data

DriverLicens

e

PKI+

Data

Medical

PKI+

Data

e-Votin

g

PKI+

Data

Pension

PKI+

Data

Passport

ICAO

PKI+

Data

Tax

PKI+

Data

Physical

Access/

Smart Car

PKI

PC/ Clou

dLogo

n

PKI

Smart Phone/ Smart Home

PKI

IoT Authentication ?

UBIQUITOUS AUTHENTICATION MANAGEMENT

Copyright © Unho Choi May 2015

Physical unclonable functions

Bank/Credit Card

Payment

Government

Internet

Cloud Car IoT 911

Emergency

Combination 2 more finger

Combination 1 finger + IRIS

Combination Iris + Vein

Combination Iris + Facial

Combination Finger+ Sign

Combination Voice+ Facial

Combination with each Palm/ Blood / Voice / DNA / Keystroke etc.

Allocated purpose of use

Diverse combinations of Biometrics

Application Services

Allocated purpose of use

Multi Bio Combination ?

ResetEmergency

Recover 911

Copyright © Unho Choi May 2015

Communication Terminal

Centralized Controller

IoT Network

IoT Service Provicer

IoT Authentication Key for Smart Phone

Copyright © Unho Choi May 2015

Emergency Recover Reset 911

Centralized Controller

IoT Network

Smart Card

Communication Terminal

IoT Service Provicer

IoT Authentication Key for National ID ?

Copyright © Unho Choi May 2015Copyright © Unho Choi May 2015

Emergency Recover Reset 911

Biometrics(a)

UPC/EPC Biometrics(b)

UPC/EPCBiometrics PAN(g)

UPC/EPCBiometrics PAN PUF(h)

UPC/EPCBiometrics PAN PUF(i) Dynamic Signature

PAN Biometrics(c)

PUF Biometrics(d)

Dynamic SignatureBiometrics(e)

Activity featureBiometrics(f)

IoT Authentication Code ?

Copyright © Unho Choi May 2015

B9E2995B2B7602AE825CE7DE819F10F088419E595A9AA

Biometric code

UPC/EPC

PAN code

PUF code

(j)

B9E2995B2B7602AE825CE7DE819F10F088419E595A9AAE81919EF58

Biometric code

UPC/EPC

PAN code

PUF code

(k)

OTP

IoT Authentication Code Format

Copyright © Unho Choi May 2015Copyright © Unho Choi May 2015

Emergency Recover Reset 911

Bank Credit Card e-Government Internet Cloud

Online application (with GEO location / GPS)

Bio Sensor on ATMfor cash withdrawal etc.

Bio Sensor on POSfor buy food etc.

Bio Sensor on Centralized Controllerfor control IoT Devices etc.

Bio Sensor on Smart Card/Phonefor control Smart Car etc.

Off-line application support for each service etc. by Government & Financial Authority

On-line & Off-line

1st Public Key for on-line

at Authentication Server

2nd Public Key for off-line for ATM, POS, Centralized Controller, Phone/Card

Store with Private Key at Secure Domain (IC Chip)

Copyright © Unho Choi May 2015

United NationsUnited Nations

Bank

Private Key

Public Key

“B9E2995B2B7602AE825CE7DE819F10F

UN CA(Certificate Authority)

Public KeyWFP

Public Key

Global Fund

Public KeyUNDP

Public Key

ATM, POS (Off-line)

Public Key Private Key

Key Distribution

Copyright © Unho Choi May 2015

Biometrics data acquisition module

Biometrics data management module

Biometric authentication module

VPN management module

Device data acquisition module

OTP generation module

Key management module

Authentication execution module

Operation Process

Copyright © Unho Choi May 2015

“ Take chain of Mountain view ”

Unho Choi Ph.D., CGEIT, CRISC, ISO 27001, CISSP, PMP choi@unhcr.org