1 / 7

2013. 7. 19.

WebCert - SOP. 2013. 7. 19. Sangrae Cho Authentication Research Team. Korean banking use case. 2. Issue certificate. Web Browser. 1. Public key pair is generated in the browser. 4. Verify certificate. 3. use certificate (digital signature). bank.com.

linnea
Download Presentation

2013. 7. 19.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WebCert - SOP 2013. 7. 19. Sangrae Cho Authentication Research Team

  2. Korean banking use case 2. Issue certificate Web Browser 1. Public key pair is generated in the browser. 4. Verify certificate 3. use certificate(digital signature) bank.com Origin for certificate issueOrigin for certificate use caserver.com

  3. Proposed solution Wire transfer request Wire transfer page for digital signature Trusted CA List web client • No trusted CA list – SOP governs • Private key belongs to the origin server • Trusted CA list – SOP exception • Display any certificate that is issued by trusted CAs • Private key belongs to a user • The user can prove its ownership by decrypting the encrypted private key bank.com

  4. Proposed solution Preconditions • Suppose we have javascript API to discover a certificate • Certificate [] = getCertificate(String trustedCAList) • Certificates belonging to Trusted CA will be returned if trustedCAList provided • Certificate belonging to the origin will be return if no trustedCAList provided • The following certificate are issued • cert1 = Certificate issued from bank.com • cert2 = Certificate issued from caserver.com web client

  5. Proposed solution • Case 1: No trusted CA list – SOP governs 1. Wire transfer request 2. Html page for digital signature with no Trusted CA List 3. page returned with digital signature for wire transfer web client • After receiving no. 2 • getCertificate(); is executed with no Trusted CA list • getCertificate(); returns cert1(issued from bank.com) according to SOP • The user signs the page digitally with cert1 related private key and send it to bank.com bank.com

  6. Proposed solution • Case 2: Trusted CA list – SOP exception 1. Wire transfer request 2. Html page for digital signature with Trusted CA List 3. page returned with digital signature for wire transfer web client • After receiving no. 2 • getCertificate(); is executed with trustedCAList = “caserver.com” • getCertificate(); returns cert2(issued from caserver.com) according to SOP exception • The user signs the page digitally with cert2 related private key and send it to bank.com bank.com

  7. Thank You

More Related