authentication scenarios india
play

Authentication Scenarios India Ramachandran India 1.2 billion - PowerPoint PPT Presentation

Aug 27, 2022 •281 likes •639 views

Authentication Scenarios India Ramachandran India 1.2 billion residents -640,000 villages -~800 million mobile, ~200-300 mn migrant workers Authentication Scenarios Government e-praman authentication framework - PKI In

  1. Authentication Scenarios India Ramachandran

  2. India • 1.2 billion residents • -640,000 villages • -~800 million mobile, ~200-300 mn migrant workers

  3. Authentication Scenarios • Government – e-praman authentication framework - PKI In Authentication - Aadhaar based authentication • Banking scenarios • eSign Initiatives

  4. Government

  5. e-Pramaan – An e-Authentication Service • e-Pramaan is a National Electronic Authentication Service for the Govt. Agencies to Authenticate the citizens to a desired level of assurance and confidence. • It leverages on Aadhaar based Authentication of different levels to authenticate the citizens • e-Pramaan provides solution to all the issues of Basic Authentication

  6. e-Pramaan – An e-Authentication Framework • e-Pramaan maintains Two Repositories – Identity Repository: For user Identities – Credential Repository: For Authentication Credentials • Authentication can be done for Internet based or Mobile based e-Gov services • e-Pramaan will offer “ e- Authentication as a service” to the citizens and Govt. Agencies • e-Pramaan defines various Levels of Authentication for services with different sensitivity levels.

  7. e-Pramaan Authentication Levels Level 2 Level 1 One-Time Password Level 3 Level 4 Crypto Token containing DSC Finger Print Biometric 7

  8. Key Components of e-Pramaan • Significant e-Pramaan Offerings: – Single Sign-on will enable the users to login to a level and thereby access all the services under that level using e- Pramaan Authenticated Token till the session is active – Website Authentication (to counter Phishing attack) using Digital Certificates – User De-Registration (in case of duplication/fraudulent users) – Fraud Management

  9. Authentication As a Service (AAS) using SSO SP 1 SP 2 SP n SP 3 1 User 5 2 1. User request for login to a SP 2. SP redirects user’s request to e - e-Pramaan 4 Pramaan 3. e-Pramaan asks for user credentials 3 4. User Enter Credentials 5. After validation of credentials, e-Pramaan sends allow / deny message to SP in the form of authenticated token 9

  10. e-Pramaan Website Authentication • Authentication 1. SP identifies the level of request & forward a Signed SAML request to e-Pramaan. 2. e-Pramaan verifies the SP, Creates an Authenticated Website Seal and asks the user to enter his credentials. 3. Verify client credentials 4. Once the credentials are verified, e-Pramaan redirects the digitally signed authenticated token to SP containing user’s Aadhaar no. etc 5. If response is positive user is forwarded to respective service page.

  11. PKI BASED AUTHENTICATION

  12. Electronic Signatures in India • Digital Signatures created under the Information Technology (IT) Act, 2000 are legally valid • Credential verification is one of the most important aspects of issuance of Digital Signature Certificate • About 8 million Digital Signature Certificates issued.

  13. India PKI Model ROOT CA CA CA CA End User SUB CA SUB CA End End User User End User

  14. Electronic Signatures in India • Validity of Digital Signature Certificates is for 3 years • Three classes of Digital Signature Certificates • Class 1 - based on verification from widely used databases (software driven) • Class 2 - based on verification from widely used databases (hardware driven) • Class 3 - based on verification from widely used databases and physical presence of subscriber (hardware driven)

  15. LICENSED CAs • Sifi Technologies • National Informatics Centre (NIC ) • Institute for Development & Research in Banking Technology (IDRBT ) • Tata Consultancy services (TCS) • (n)Code Solutions (GNFC) • eMudhra Consumer Services (eMudhra) • Indian Airforce (IAF)

  16. Few PKI enabled Applications E-filing – MCA21 – Income Tax e-filing – DGFT Banking Applications – RBI Applications (RTGS/SFMS) e-Procurement – IFFCO – DGS&D – ONGC – GAIL – Air-India – Railways Others – IRCTC – eOffice

  17. Recognition of Foreign Certifying Authorities A foreign CA deemed as recognised if it has been authorised to issue DSCs by a recognised Regulatory Authority established under the laws of a country other than India 1. Recognition of Foreign Certifying Authorities operating under a Regulatory Authority. Such CAs can be recognised if the following and other conditions are met:-  The level of reliability of PKI environment of the country is at least equal that of India.  The Controller (CCA) enters into a MoU with the Regulatory Authority for Mutual Recognition of CAs.  Reliability assessment for equivalence 2 Recognition of Foreign Certifying Authorities not operating under any Regulatory Authority - Any Foreign CA may apply to Controller for recognition. The recognition process should pass through examination of documents submitted by that CA: The idea is to provide seamless authentication, message integrity, non- repudiation, & accessibility across jurisdictions facilitating e-commerce & e- Governance

  18. AADHAAR BASED AUTHENTICATION

  19. Aadhaar(Biometric) Create a Common"national identity" for every "resident‘ - Biometric backed identity to eliminate duplicates. -"Verifiable online identity" for portability. Application ecosystem using open APIs -Aadhar enabled bank account and payment platforms -Aadhar enabled electronic, paperless KYC

  20. Aadhaar(Biometric) • Enrolment -One time in a person's lifetime -Minimal demographics -Multi-model biometrics(Fingerprints,Iris) -12-digit unique Aadhar number assigned • Authentication -Verify "you are who claim to be" -Open API based -Multi-device, multi-factor

  21. Digital Signature using Aadhaar based Authentication Leveraging Aadhaar based authentication onto combined DSC issuance and signing of a document : • has high potential to scale up the usage of DSC in many applications like Income TAX returns. • May require some changes in the rules under the Information Technology Act.

  22. Authentication Matching of Aadhaar no. and biometrics with the data maintained in the UIDAI’s back -end system to enable residents to prove their identity electronically for availing services and benefits

  23. Aadhaar e-KYC • provides a convenient mechanism for agencies to offer an electronic, paper-less KYC experience to Aadhaar holders eliminating insecure and costly paper process

  24. Verification Requirements for DSCs Digital Signature Certificates are issued after identity and address verification of DSC applicant. For higher level assurance level like Class 3 certificate , physical verification is required. Addhaar e-KYC service can substitute both identity and address verification. With biometric authentication, Class 3 certificates can be issued to DSC applicant.

  25. Requirements for e-KYC service CAs should function as e-KYC agency • e-KYC agency is an organization or an entity using Aadhaar authentication as part of its applications to provide services to residents. • If CAs function as e-KYC agency, the verification requirements for DSC issuance can be substituted with Aadhaar based Authentication . • Three CAs are in the process of pilot run and e- KYC services will be adopted soon after examining feasibility

  26. Banking scenario

  27. Internet Banking authentication The following security mechanism is available currently on our Net Banking platform every time after login: – Secure financial site – „ All communication between customer and the site is encrypted with SSL encryption is in use. – „The address bar turns green after accessing the website indicating that the site is secured with an SSL Certificate that meets the Extended Validation Standard.(Supports all leading browsers e.g. Internet Explorer, Mozilla Firefox, Opera, Safari, Google chrome etc.)

  28. For Retail Customer 1. User Id and Password for Login 2. SMS alert after accessing profile Section. 3. Mandatory SMS based OTP for addition of beneficiary 4. SMS alert on random times during beneficiary approval process. 5. Mandatory SMS based OTP transactions above Rs 10,000 for third party and above Rs 5,000 for merchant transactions. 6. SMS alert for every debit transaction on the registered mobile number. Now all the banks should provide PKI based authentication to customers in addition to other mechanisms

  29. For corporate customer 1. User Id and Password for Login 2. SMS based OTP or OTP through Hardware Token for Login 3. SMS alert after accessing profile Section 4. Maker Checker Concept for addition of beneficiary and performing transaction 5. Transaction Password to Authorize the transaction 6. Optional SMS based OTP to Authorize the transaction 7. SMS alert for every INB originated debit transaction on the registered mobile number. 8. Digital Signature Certificate (DSC) in lieu of SMS based OTP or OTP through Hardware Token for Login in Recently RBI made the DSC mandatory for corporate customers

  30. eSign

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Authentication Scenarios 2. Users share a password with a trusted authority (authentication

Authentication Scenarios 2. Users share a password with a trusted authority (authentication

Authentication Scenarios 2. Users share a password with a trusted authority (authentication servers) Kerberos Challenge-response Symm.Key What do we learn from previous attacks? Timestamps: are valid only in a small time window

334 views • 22 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
The openais project Technomap Prepared by Steven Dake January 2005 Agenda 2004

The openais project Technomap Prepared by Steven Dake January 2005 Agenda 2004

The openais project Technomap Prepared by Steven Dake January 2005 Agenda 2004 Accomplishments Current & Future Technology Technomap CGL Cluster Spec Analysis July August September October November

399 views • 23 slides
Security Analysis of the W3C Web Cryptography API Kelsey Cairs 1 Harry Halpin 2 Graham Steel 3 1

Security Analysis of the W3C Web Cryptography API Kelsey Cairs 1 Harry Halpin 2 Graham Steel 3 1

Introduction WebCrypto API Overview Attacks Conclusions Security Analysis of the W3C Web Cryptography API Kelsey Cairs 1 Harry Halpin 2 Graham Steel 3 1 Washington State University, Seattle, USA 2 W3C/Inria, Paris, France 3 Cryptosense, Paris,

331 views • 21 slides
Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non-

Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non-

Public Key Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non- :: Authenticity, e-business transaction Repudiation requirements for electronic :: Confidentiality and Integrity requirements ::

252 views • 11 slides
HIERARCHICAL DETERMINISTIC WALLETS JOHN NEWBERY @jfnewbery github.com/jnewbery HIERARCHICAL

HIERARCHICAL DETERMINISTIC WALLETS JOHN NEWBERY @jfnewbery github.com/jnewbery HIERARCHICAL

HIERARCHICAL DETERMINISTIC WALLETS JOHN NEWBERY @jfnewbery github.com/jnewbery HIERARCHICAL DETERMINISTIC WALLETS The problems of address reuse BIP 32 - HD Wallets BIP 39 - Mnemonics for HD wallet seeds BIPs 43 and 44 -

480 views • 32 slides
Code With Purpose @tomprats github.com/tomprats www.tomify.me Tom Prats Developer

Code With Purpose @tomprats github.com/tomprats www.tomify.me Tom Prats Developer

Code With Purpose @tomprats github.com/tomprats www.tomify.me Tom Prats Developer Extraordinaire @tomprats github.com/tomprats www.tomify.me API @tomprats github.com/tomprats www.tomify.me @tomprats github.com/tomprats www.tomify.me

734 views • 60 slides
Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in

Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in

Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in modern cryptography and security In crypto, instantiates a Random Oracle In security, used in a variety of authentication and integrity

693 views • 20 slides
LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg

LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg

LUX Hash Function LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg LUX Hash Function Outline 1 Design 2 Security Analysis 3 Implementation 4 Advantages LUX Hash Function Design Design LUX Hash

539 views • 28 slides
Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap .

Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap .

. Hash Tables September 25th, 2012 Biostatistics 615/815 - Lecture 7 Hyun Min Kang September 25th, 2012 Hyun Min Kang Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap . . . . . . . . . . .

563 views • 45 slides

More recommend