Eid Security Solution by Overlay SIM

MBANK 、 OTP、Mobile Signature、eID Security Solution by Overlay SIM

1 New Generation of 2 Way Authentication Hardware Devices - Mobile Phones

The mobile phone meets the requirement of new generation of two way authentication hardware devices:

1、A daily necessities for people work and live.

2、Three trends of mobile phones as tools:

A、 Calling function

B、Mobile bank service Mobile wallet Mobile phone transportation card Mobile payment

C、 Mobile phone network ID card STK Banking function

2018/10/19 3 SMS Preview & Send

2018/10/19 4 Overlay card OTP principle There are the following modes： ➢ Time synchronization

➢ Event synchronization (counter synchronization, etc.)

➢ Challenge response

Time or counter

Key Cryptographic operation Dynamic password Change once a minute, can't be reused The OTP algorithm generally does not use symmetric encryption and decryption algorithms, such as: 3DES, AES, etc. A one-way hash algorithm is used. The reason is this, with the time-type scepter, the key + time (dynamic factor) = OTP, the time is known, the dynamic password generated every minute can be known through hardware, the 3DES algorithm is also public, so there is the possibility of launching a counter. The one-way hash algorithm, even if it knows the result of the calculation of the algorithm, OTP, because the algorithm guarantees one-way, it fundamentally cuts off the way to reverse the key. What are OTP and mobile signature ?

Based on PKI technology, uses SIM card as a security carrier to achieve the industry- wide security technology for digitally signing business critical data.

Password

Digital certificate Cell phone in China Mobile hand, the Certificate Put the key in each network is USB-key into your worry-free! phone B bank Bank A USBKey WebBank

Overlay card preset security algorithm key C Bank D Bank K Key Mobile Certificate Core： ✓Based on the PKI/CA system, with legal basis, Compliance with the Electronic Signature Act ✓Store user digits in mobile devices such as mobile phones, Certificate and private key for signature operation Securities ✓With the help of the communication network, industry independent of the trading system certificate Certificate channel

Subcontractor Bank A ① Complete encryption, decryption, and CA certificate WebBank signature in a dedicated overlay card operation, can be used in any mobile terminal ②Assist CA to manage user certificates and B bank C Bank Dedicated keys, online application, loss reporting, update, K Key USBKey Overlay SIM card storage etc. certificate and ③Trigger the network when a user needs to private key sign. The network side sends the data to the user's mobile phone and signs the data using the private key in the mobile phone. Business Frame

Application

Operation terminal User Financial industry Government industry

Medical industry Online game industry E-commerce industry Media industry

Generate and Docking application manage private system, raw Random keys and digital code, number of Customer side unified Industry CA signatures checks accordingly authentication platform Certificate service Authentication Moving side

Dedicated overlay SIM card storage certificate & Manage mobile Mobile signature private key signature services: service platform User, application, CA management Core Advantage 1: Separation of Trading Channels & Certification Channels

Internet 1st channel Business System The information sees on 2nd phone is the same as the one sees on PC, which channel can confirm your signature.

User privat Mobile "Mobile Shield" mobile e key Overlay network signature Card Core Advantage 2：Overlay Card as a Security Carrier

⚫ The overlay card interacts with the mobile CA service platform through a baseband module

⚫ Secure closed system, no Subcontractor malware ⚫ Secure communication guarantee, all data entering and leaving the card must be verified by MAC to ensure that the card only accepts data from the mobile signature service platform. Safety COS ⚫ Only the key pair generation, decryption, and signing operations are provided, and the private key remittance instruction is not provided, the private key never comes out of the card.

⚫ Built-in password algorithm to generate public and private key pairs, encryption, decryption, signature, verification, etc. Safety Chip ⚫ Built-in secure storage area for storing multiple pairs of keys for multi-CA support ⚫ Anti-intrusion attack, anti-DPA/SPA design, secure private key Core Advantage 3： End-to-end Security

Terminal: Baseband Mobile signature Application: Interact module directly service platform: with the mobile supports STK realizes transaction signature service application, so all management and platform through Web terminal support security management Service, no special of signatures, and the requirements platform and card are Overlay Card： authenticated by pre- Support des, RSA shared key public key algorithm to achieve transaction data decryption and digital signature

Internet Mobile Network Overlay Terminal Card • Bank Two-way SSL between Mobile The transaction data is core the platform and the signature encrypted in the business system ， Implement business service system and sent to the • two-way authentication; overlay card in cipher system MAC authentication platform text. ， Only users and mechanism between applications can see the platform and overlay data for end-to-end card ， Implement two- security protection way authentication; Delivery Deployment & Demo (e.g. securities industry)

1 Login authentication request 2 Verify user password

您正在登錄民族證券系 Send an authentication 4 統，認證碼為025351， code to the user 請在您的手機上確認。 Securities business system 8 Unified cert. Generate 3 7 Establish a normal authenticati platform communication on code channel 025351 Verify cert. Mobile phone information shield platform 4

5 Clicks Mobile signature service Return authentication signature Accept to 6 platform sign the authenticati on request. One-time Public-Private Key Pair Solution Based on smart phone

8 Business system

7 Verify certification information Mobile phone Generate a one- shield platform time public- private key pair 2 6

3 4 5

User's mobile phone generates a 1 User access to system 4 5 public-private key pair. Then use 7 Mobile shield platform verification signature, return the verification System submits authentication the private key to sign the 2 results to the business system request signature data and return the signature result After system receives the Mobile signature service 8 Mobile signature service platform verification result, Passing or 6 platform forwards signature 3 Forward the information to be signed to user failing the user authentication results to mobile shield server 13 User Innovation Experience

Government Work Funds affairs Business Healthy

OA Pay bank File tax Online shop Online registration Numerous application ERP Accumulation Accumulation Online E- medical fund securities systems in fund inquiry record work & life CRM Mortgage Social security Travelling Medical inquiry report SCM Credit Card Traffic Group violation buying

Medical industry Securities industry certificate E-government certificate certificate

Online game CA certificate

Subcontractor CA certificate Dedicated overlay Web back SIM card storage USB KEY certificate & private key User operation, management simplification The user uses the mobile phone overlay SIM card to realize the mobile signature, reduce the cost of purchasing Ukey and token, no hardware requires, the investment in system construction and operation and maintenance is reduced, the process is simplified, and easily to maintain.

The comparison of current solutions for application service providers:

Overlay card USB-KEY token (mobile signature)

• Independent security • There are security vulnerabilities, easy authentication channel and process, •Hardware encryption, high to be phishing attacks, and the security hardware encryption, high security security level Security Level level is relatively weak. level •National policy support • No National policy support • National policy support • Cross-platform certification • Only for IE browser business • Cross-platform certification • The overlay card can store multiple Application applications • A dynamic password token to serve a user certificates, serve multiple • a USB-Key service for a business business business applications. • There is a certain demand in • Mobile signature can implement industries with low security product standardization, the market • Has a certain market in the use of requirements. Marketing is large banks and enterprises • •Customer demand is tight, it takes Standardization of certified products time to form a product cannot be achieved, Low security level, no promotion value.

• The lowest user opening cost • Low opening cost •higher cost of use, and need to replace Cost • Have a certain cost of use • Usage cost can be ignored the cost every 3 to 5 years.

• Need to carry dynamic mouth stick • Only one overlay card is required to • Need to carry USB-Key device. equipment Convenience achieve identity authentication for • •Need to enter a dynamic password multiple contracted services. Only windows systems allow. within the specified time http://www.chilitag.com.tw