1 / 23

Secure Payments Over Mixed Communication Media

As web enabled systems become an integral part of everything we interact with, how do we secure data in potential unsecure environments? In this session you'll learn how to apply fundamental security precepts in potentially insecure environments. Topics include: Securing identity and payment data through voice commands or text Tokenization and encryption security Triggering secure transactions from communications media

jcleblanc
Download Presentation

Secure Payments Over Mixed Communication Media

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Payments over Mixed Communication Media? Jonathan LeBlanc ? Twitter: @jcleblanc ? Book: http://bit.ly/iddatasecurity?

  2. •  Building an identification backbone? ? •  Creating middle-tier transmission security? ? •  Privileged information security?

  3. Identification Backbone?

  4. Browser Fingerprinting? https://panopticlick.eff.org/?

  5. Device Fingerprinting?

  6. Retrieving Build Information for Android Device ? //-------------? //Build Info: http://developer.android.com/reference/android/os/Build.html? //-------------? ? System.getProperty("os.version"); //os version? android.os.Build.DEVICE //device? android.os.Build.MODEL //model? android.os.Build.VERSION.SDK_INT //sdk version of the framework? android.os.Build.SERIAL //hardware serial number, if available?

  7. Getting Paired Devices?

  8. Get all Bluetooth Paired Devices: Android? //fetch all bonded bluetooth devices? Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices();? ? //if devices found, fetch name and MAC address for each? if (pairedDevices.size() > 0){? for (BluetoothDevice device : pairedDevices){? //Device Name - device.getName()? //Device MAC address - device.getAddress()? }? }?

  9. Middle-Tier Data Security?

  10. Asynchronous Cryptography: Securing Data Through Transmission?

  11. Multi-User Environment?

  12. Package Instantiation and Directory Creation? var fs = require('fs');? var path = require('path');? var ursa = require('ursa');? var mkdirp = require('mkdirp');? ? //make direction and generate private / public keys for sender / receiver? var rootpath = './keys';? makekeys(rootpath, 'sender');? makekeys(rootpath, 'receiver');?

  13. Key and Directory Creation? function makekeys(rootpath, subpath){? try {? mkdirp.sync(path.join(rootpath, subpath));? } catch (err) {? console.error(err);? }? ? var key = ursa.generatePrivateKey(); ? var privatepem = key.toPrivatePem();? var publicpem = key.toPublicPem()? ? try {? fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii');? fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii');? } catch (err) {? console.error(err);? }? }?

  14. Preparing Message, Encrypting, and Signing? //generate required keys? var senderprivkey = ursa.createPrivateKey(? fs.readFileSync(path.join(rootpath, 'sender', 'private.pem')));? var recipientpubkey = ursa.createPublicKey(? fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));? ? //prepare JSON message to send? var msg = { 'user':'Nikola Tesla',? 'address':'W 40th St, New York, NY 10018',? 'state':'active' };? ? msg = JSON.stringify(msg);? ? //encrypt with recipient public key, and sign with sender private key? var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64');? var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64');?

  15. Decrypting, and Verifying Message? //generate required keys? var senderpubkey = ursa.createPublicKey(? fs.readFileSync(path.join(rootpath, 'sender', 'public.pem')));? var recipientprivkey = ursa.createPrivateKey(? fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem')));? ? //verify message with sender private key? bufferedmsg = new Buffer(encrypted);? if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){? throw new Error("invalid signature");? } else {? //decrypt message with recipient private key? var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8');? ? //--------? //message verified and decrypted ? //--------? }? ?

  16. Secure Data Triggers?

  17. Tokenization?

  18. Credit Card Tokenization? Credit Card Information? 7e29c5c48f44755598dec3549155 ad66f1af4671091353be4c4d7694 d71dc866 Address Information? Card Holder Name? ...?

  19. Triggering from Secure Source?

  20. Thank You!? ? Slides: http://slideshare.net/jcleblanc? Jonathan LeBlanc ? Twitter: @jcleblanc ? Book: http://bit.ly/iddatasecurity?

More Related