ttat echnical r eport

Download TTAT echnical R eport

Post on 29-Jan-2017

225 views

Category:

Documents

3 download

Embed Size (px)

TRANSCRIPT

  • T T

    A T e c h n i c a l R

    e p o r t

    TTAR-xx.xxxx (): 2016 xx xx

    ()Non Face-to-Face Authentication Application

    and Technology using Telebiometric in Fintech

    Environments(Technical Report)

  • (PG505)

    (TC5)

    () PG505

    KISA PG505

    PG505

    PG505

    KISA PG505

    KISA PG505

    PG505

    PG505

    PG505

    PG505

    PG505

    PG505

    PG505

    PG505

    TTA PG505

    PG505

    ETRI

    TTA

    TTA

    TTA

    TTA , TTA

    .

    ( ) ,

    TTA .

    .

    :

    :

    13591, 47

    Tel : 031-724-0114, Fax : 031-724-0109

    : 20xx.xx

  • TTAR-xx.xxxxi

    1

    .

    .

    , ,

    .

    2

    .

    .

    ,

    .

    .

    3

    3.1

    -

    3.2

    -

  • TTAR-xx.xxxxii

    Preface

    1 Purpose

    The development of Fintech environment requires the reinforcement of security.

    The non face-to-face authentication to authenticate locally, between the objects

    away from face-to-face authentication using the traditional method using the

    biometrics has attracted attention as a new technology. This technical report

    utilizes Telebiometric technology in Fintech environment for non face-to-face

    authentication using the biometric information, including biometric signals. It also

    describes a requirements, and related practices and standards required.

    2 Summary

    For the efficient use of the services in Fintech environments, Certification is

    changing from a non face-to-face to a face-to-face authentication certificates.

    From the face-to-face authentication using the biometric data from the existing

    Fintech environment it is required to a non face-to-face authentication to

    authenticate to send various bio-information remotely. This technical report

    describes the need for non face-to-face authentication and the case of threats in

    a Fintech environment. We describe a non face-to-face authentication using the

    Telebiometric capable of removing the threat. It also describes a related

    standardized future prospects.

    3 Relationship to Reference Standards

    - N/A

  • TTAR-xx.xxxxiii

    1 1

    2 1

    3 1

    4 2

    5 4

    6 6

    6.1 6

    6.2 9

    6.3 9

    7 17

    7.1 (X.bhsm) 18

    7.2 (X.tam) 19

    7.3 FIDO(Fast IDentity Online) 23

    8 26

    -1 29

    -2 30

    -3 (family) 31

    -4 32

    -5 34

    -6 35

  • TTAR-xx.xxxx1

    (Non Face-to-Face Authentication Application and Technology

    using Telebiometric in FinTech Environments)

    1

    .

    .

    2

    -

    3

    3.1 (Biometrics Information)

    , .

    3.2 (Biometrics)

    .

    3.3 (Biometrics System)

    ,

    .

    3.4 (Biosignal Information)

    , , .

    , ,

    .

    3.5 (EEG, Electroencephalogram)

    ,

    . , , , ,

    .

  • TTAR-xx.xxxx2

    3.6 (ECG, Electrocardiogram)

    .

    ,

    .

    3.7 PCI-DSS(Payment Card Industry-Data Security Standard)

    .

    .

    . ,

    .

    3.8 (FDS, Fraud Detection System)

    .

    4

    EEG Electroencephalogram

    ECR Electrocardiogram

    PCI-DSS Payment Card Industry-Data Security Standard

    FDS Fraud Detection System

    5

    ,

    ,

    , , , , IC

    .

    ID , ,

    .

    , S/W

    . S/W

    , , ,

    .

    , IT

    H/W , (Normal), (Secure)

  • TTAR-xx.xxxx3

    H/W .

    ( 5-1) ( )

    ( 5-1)

    5-1

    .

    ( 5-2)

    (,)

    (PCI-DSS )

    ,

    ,

    , IT,

    , ,

  • TTAR-xx.xxxx4

    5-2 S/W

    (A~C) .

    IT , ID, PW

    PIN(Personal Identification Number)

    . (ATM, ,

    ) 90%

    . 4 .

    , , , . [

    1] 4

    .

    .

    .

    . ISO

    SC37 19794-2 ,

    . ,

    .

    ( 5-3)

    ATM(Automatic Teller Machine)

    .

    , ATM

    . ATM PIN

    . ATM

    ,

  • TTAR-xx.xxxx5

    .

    ,

    .

    5-2

    .

    (De-facto) FIDO(Fast Identity Online)

    .

    . NIST(National Institute of Standards and Technology)

    (Level) 3

    , OTP ,

    .

    ( 5-2)

    , FIDO

    .

    1)

    , ATM ,

    .

    2) FIDO

    2

    (: + )

    (: + ,

    + )

    S/W

    H/W

  • TTAR-xx.xxxx6

    , NH ,

    .

    ( 5-3) FIDO

    6

    6.1

    ,

    , /

    .

    ( 6-1)

    6.1.1

    , ,

    ,

    < > < FIDO >

    ATM NH

    2015.12.2 2015.12.14 2015.8.20 2015.12.19

    FIDO FIDO

    ATM

    ATM

    , ,

    ATM

    ATM ,

    ATM ,

  • TTAR-xx.xxxx7

    .

    , 90%

    .

    ( 6-1)

    6.1.2 ATM

    ATM ATM (, ,

    ) ,

    . IBK .

    ( 6-2) IBK ATM

    6.1.3

    ATM (Taging)

    ,

    ATM( ATM)

    .

    ( 6-3) ATM

  • TTAR-xx.xxxx8

    ( 6-4)

    6.1.4 KEB

    KEB

    .

    .

    ( 6-5) KEB

    6.1.5 BC

    ,

    BC (FIDO)

    .

    ( 6-6) BC

  • TTAR-xx.xxxx9

    6.2

    6.2.1 US Bank

    US Bank Nuance

    , .

    ( 6-7) US Bank

    6.2.2 USAA

    USAA

    .

    ( 6-8) USAA

    6.2.3 Bank of America

    Bank of America

    . US Bank, USAA

    ,

    . PIN, , ,

    .

  • TTAR-xx.xxxx10

    ( 6-9) Bank of America

    6.2.4 CB

    (Groupement dInteret Economique des Cartes Bancaires;

    CB) ATM . ATM

    , ATM

    .

    ( 6-10) CB

    6.2.5 St George Bank

    St George Bank

    , .

    ( 6-11) St George Bank

  • TTAR-xx.xxxx11

    6.2.6 Barclays

    Barclays , , PIN

    Finger Vein Authentication Technology(VeinID)

    .

    SIM .

    ( 6-12) Barclays

    6.2.7 Japan Post Bank

    Japan Post Bank 2011

    (2012 9) .

    80% ATM 80,000 .

    ( 6-13) Japan Post Bank

    6.2.8 MobiCash & KCB Bank

    2013 1, MobiCash KCB Bank

    .

    ID ,

    -ID 16

    .

  • TTAR-xx.xxxx12

    ( 6-14) MobiCash & KCB Bank

    6.2.9 CAIXA Bank

    CAIXA Bank

    . (Lumidigm) ATM

    PIN .

    ( 6-15) CAIXA Bank ATM

    6.2.10 Deniz Bank

    Deniz Bank Fastpay ATM ,

    , POS , 81 ATM

    .

    ( 6-16) Deniz Bank ATM

  • TTAR-xx.xxxx13

    6.2.11 Aadhaar

    Aadhaar

    , (ATM) .

    , 12

    . 2010 11 , 2014 2

    7 5 .

    ( 6-17)

    6.2.12 BPH

    BPH, , ,

    . BPH

    ATM 2000 ,

    .

    ( 6-18) BPH ATM

    6.2.13

    Behaviosec

    .

  • TTAR-xx.xxxx14

    ( 6-19)

    6.2.14 Halifax

    (Halifax) (Bionym)

    (Nymi)

    . ,

    .

    . ,

    .

    .

    (Nymi Band)

    . ,

    . ,

    .

    ( 6-20)

  • TTAR-xx.xxxx15

    ( 6-2) (12~14)

    6.3

    2013 UC (UC Berkeley)

    . 1%

    .

    .

    (EEG) .

    . $100

    US-Bank

    -

    -

    J P M o r g a n

    Chase

    Wells Fargo

    Barclays (PKI)

    Biyokimlik 3,400 ATM

    N a t i o n a l

    A u s t r a l i a

    Bank

    BBVA

    BPH S.A PIN ATM

    Sberbank

    ATM

    Leto-Bank ATM

    C a i r o

    A m m a n

    Bank

    - 100,000

    - , , ATM

    500

    CAIXA ATM

    Itautec 12,000 ATM

    Japan Post

    Bank 20,239 ATM (100%)

    Mega Bank,

    2,408 ATM

    Trust Bank 295 ATM (63%)R e g i o n a l

    Bank

    ,

    7,487 ATM

    Local Bank,

    3,283 ATM

  • TTAR-xx.xxxx16

    .

    ( 6-21) UC John Chuang

    (Binghamton University)

    .

    ()

    .

    ( 6-22) ( )

    ,

    500 .

    0.5

    () .

  • TTAR-xx.xxxx17

    .