Using ISO/IEC 24727 for mobile devices

Similar documents

ISO/IEC for secure mobile web applications

Technical Guideline TR ecard-api-framework Overview. Version draft

How to Use ISO/IEC with Arbitrary Smart Cards

Java ME & NetBeans Mobility. Petr Suchomel Architect, NetBeans Mobility Sun Microsystems

Technical Guideline TR ecard-api-framework Protocols. Version 1.1.5

Technical Guideline TR ecard-api-framework ecard-interface. Version 1.1.5

Smartcards with Webservice Interface

Server based signature service. Overview

An Open ecard Plug-in for accessing the German national Personal Health Record

Using mobile phones to access Web Services in a secure way. Dan Marinescu

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013

A Survey of Electronic Signature Development in Mobile Devices

Biometrics for Public Sector Applications

Quality Management in Open Source Projects

Conformance test specification for BSI-TR Biometrics for public sector applications

Java Card TM Open Platform for Smart Cards

Caught in the Maze of Security Standards

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

Touch & Travel a SIM-based eticketing System

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Key & Data Storage on Mobile Devices

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue

The German eid-card. Jens Bender. Federal Office for Information Security Bundesamt für Sicherheit in der Informationstechnik

NFC Mobile Handset High Level Requirements V2

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Biometrics for public sector applications

Development of Java ME

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Mobility Solutions in IBM

VoIP Security. Seminar: Cryptography and Security Michael Muncan

On the design and implementation of the Open ecard App

e- Estonia - 10 years of experience

A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Strong Authentication in details

Web Services Standards: obix in the wider XML Web Services context

Making Digital Signatures Work across National Borders

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Biometrics for public sector applications

Embedding digital signature technology to other systems - Estonian practice. Urmo Keskel SK, DigiDoc Product Manager

OOo Digital Signatures. Malte Timmermann Technical Architect Sun Microsystems GmbH

Electronic Identity Cards for User Authentication Promise and Practice

Mobile-PC Suite: Using Mobile Phone as Remote to Control PC Operations

Overview of the key figures for the first half of the year

PKI - current and future

Overview of the key figures for the first nine months

Introduction to Oracle WebLogic. Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson

Electronic Citizen Identities and Strong Authentication

Smart Card Technology Capabilities

Transaction Security. Training Academy

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Oracle Java Micro Edition Software Development Kit

Datasheet FUJITSU Security Solution Compliant Archiving SecDocs V2.3

Chytré karty opět o rok dál...

Exploring ADSS Server Signing Services

Extreme Java G Session 3 Main Theme Java Core Technologies (Part I) Dr. Jean-Claude Franchitti

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Mobile ID: Realization of Mobile Identity Solutions by GlobalPlatform Technologies. White Paper November 2015

European Electronic Identity Practices Country Update of Portugal

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

Digital Signature Service. e-contract.be BVBA 2 september 2015

A Comparison of Mobile Peer-to-peer File-sharing Clients

Security Evaluation of J2ME CLDC Embedded Java Platform

FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

This Working Paper provides an introduction to the web services security standards.

Digital Signing without the Headaches

Smart Card Application Development Using Java

Practical Challenges in Adopting PIV/PIV-I

Secure web transactions system

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

GUI/Custom GUI, SIP Stack, Telephony, DB, Sockets, Bluetooth, QT.

Cloud up to business processes

Nokia 9210i/9290 Communicators and PersonalJava TM Application Development

The Study on Mobile Phone-oriented Application Integration Technology of Web Services 1

Location-Based Information Systems

Spoof Detection and the Common Criteria

Cartão de Cidadão: Autenticação de Papéis do Cidadão

Test plan for eid and esign compliant terminal software with EACv2

Java Card. Smartcards. Demos. . p.1/30

Mobile Operating Systems. Week I

Loyalty Systems over Near Field Communication (NFC)

User s Guide. Sun Java TM Wireless Toolkit for CLDC Version Sun Microsystems, Inc.

Device Implementation Guidelines

Digital Signature Verification using Historic Data

Transcription:

Using ISO/IEC 24727 for mobile devices Jan Eichholz, Giesecke & Devrient GmbH Dr. Detlef Hühnlein, secunet Security Networks AG Manuel Bach, Bundesamt für Sicherheit in der Informationstechnik Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 1

ISO/IEC 24727 for mobile devices Agenda ISO/IEC 24727 Using ISO/IEC 24727 for mobile devices with Mobile Signature Service in a Java Micro Edition environment Summary Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 2

ISO/IEC 24727 for mobile devices Agenda ISO/IEC 24727 Using ISO/IEC 24727 for mobile devices with Mobile Signature Service in a Java Micro Edition environment Summary Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 3

ISO/IEC 24727 architecture Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 4

Functions of the ISO24727-3- Interface Card-application-service Access Initialize Terminate CardApplicationPath Connection-service CardApplicationConnect CardApplicationDisconnect CardApplicationStartSession CardApplicationEndSession Card-application service CardApplicationList CardApplicationCreate CardAppicationDelete CardApplicationServiceList CardApplicationServiceCreate CardApplicationServiceLoad CardApplicationServiceDelete CardApplicationServiceDescribe ExecuteAction Named data service DataSetList DataSetCreate DataSetSelect DataSetDelete DSIList DSICreate DSIDelete DSIRead DSIWrite Cryptographic service Encipher Decipher GetRandom Hash Sign VerifySignature VerifyCertificate Differential-identity service DIDList DIDCreate DIDGet DIDUpdate DIDDelete DIDAuthenticate Authorization service ACLList ACLModify Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 5

First ISO/IEC 24727 deployments e.g. Personal Identity Verification (PIV) e.g. European Citizen Card (ECC) e.g. Australian Drivers License Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 6

ecard-api-framework (BSI TR 03112, http://www.bsi.de/literat/tr/tr03112/index.htm) eid Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 7

ISO/IEC 24727 + OASIS DSS (-X) eid OASIS OASIS DSS DSS (-X) (-X) ISO/IEC 24727 24727 (CEN (CEN 15480) 15480) Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 8

Loyal Stack HBA egk HBA Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 9

Remote Loyal Stack (Internet Pharmacy) egk egk Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 10

Remote Loyal & ICC Stack (Citizen Services with meac) Browser Citizen Service Service-Access-Layer Service-Access-Layer Terminal-Layer Terminal-Layer meac Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 11

ISO/IEC 24727 for mobile devices Agenda ISO/IEC 24727 Using ISO/IEC 24727 for mobile devices with Mobile Signature Service in a Java Micro Edition environment Summary Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 12

Mobile Signature Service MSSP Specifies Web Service Interfaces between Application Providers (AP) and Mobile Signature Service Providers (MSSP) which allow to create digital signatures with mobile devices Standardized by ETSI TR 102 203 (Business & Functional Requirements) TS 102 204 (Web Service Interface) TR 102 206 (Security Framework) TS 102 207 (Specifications for Roaming in M-signature Services) Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 13

Mobile Signature Services Integration Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 14

Mapping ISO/IEC 24727-3 to ETSI 102204 [ISO24727] Part 3 CardApplication Path CardApplication StartSession DIDCreate / DIDUpdate DIDGet / [ETSI-102204] MSS_HandshakeReq MSS_RegistrationReq MSS_ProfileReq / MSS_StatusReq Note Besides path-information of regular cardapplications, CardApplication Path will also return a path to the virtual card-application for [ETSI-102204]. Using this function the AP and the MSSP agree on security mechanisms for further requests and responses. The keys of the mobile users are represented as Differential-Identites (DID). Consequently the creation of a DID corresponds to the registration of a user. DIDGet will be used to obtain information about a user profile and the status of a current transaction. DIDAuthenticate Sign MSS_SignatureReq MSS_SignatureReq Using the signing capability of the mobile device it is possible to design a challenge-response protocol for authentication. The signing capability of the mobile device may be also be used via the Sign function. As in [BSI-TR03112] the low level Sign function may be wrapped by a SignatureRequest according to [OASIS-DSS]. Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 15

ISO/IEC 24727 for mobile devices Agenda ISO/IEC 24727 Using ISO/IEC 24727 for mobile devices with Mobile Signature Services in a Java Micro Edition environment Summary Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 16

Java TM Micro Edition (JME) Started in Japan in 1999 Basic Standards (MIDP 1.0 and CLDC 1.0) available since 2000 First MIDP cell phones available since 2000 (e.g. Siemens SL45i) The Mobile Service Architecture defines a powerful platform Lot s of additional API s (SVG, M3G, MMAPI, BT, PIM, CHAPI, SIP, LOCATION, ) Deployed in over 2.1 billion mobile devices Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 17

JME Architecture Mobile Service Architecture (MSA) Umbrella JSR SIM access, Crypto, PKI XML, WebServices UI, pers. data, network, permissions, VM and basic APIs Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 18

Additional JSR s JSR 257 Contacless NFC, ISO/IEC Communication Service Connection 14443 communication SIP AMS I18N Paymnt. JSR 279 MSA Subset MSA WS SATSA CHAPI LBS PIM/FC 3D BT/ Obex SVG WMA MMAPI enhanced Web Services, SOAP, REST, Atom Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 19

The complete picture Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 20

MIDlet Integration of ISO/IEC 24727 Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 21

ISO/IEC 24727 for mobile devices Agenda ISO/IEC 24727 Using ISO/IEC 24727 for mobile devices with Mobile Signature Service in a Java Micro Edition environment Summary Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 22

Summary ISO/IEC 24727 about to become the global eid-standard MSS-based integration possible with arbitrary mobile devices, but requires additional infrastructure services (MSSP) JME offers the necessary functionality to integrate mobile devices into the ISO/IEC 24727 infrastructure NFC will push forward to integrate contactless communications into mobile devices In the mid-term, a JSR for a standardised JME interface to ISO/IEC 24727 would be beneficial Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 23

Deadline: 15.05.2008 Call for Papers - BIOSIG 2008 Biometric Border Control & Federated Identity Management September 11/12, 2008, Darmstadt http://www.biosig.org Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 24

Thank you very much for your kind attention! Contact: Dr. Detlef Hühnlein secunet Security Networks AG detlef.huehnlein@secunet.com Eichholz/Hühnlein/Bach Sicherheit 2008 Slide 25