Key2 share moosecon

•

2 likes•1,538 views

Key2Share is a system that allows smartphones to be used for access control via Near Field Communication (NFC). It issues digital keys that are represented as QR codes and can be shared remotely. This provides flexible access control with options for easy key delegation, remote revocation of access, and management of access rights. A proof of concept has been developed with Bosch Security Systems to integrate Key2Share into their existing access control infrastructure. The system aims to provide secure access control via smartphones while balancing security and compatibility with mobile devices.

Technology

Key2Share: NFC-enabled
Smartphone-based Access Control
Alexandra Dmitrienko
Cyberphysical Mobile Systems Security Group
Fraunhofer SIT, Darmstadt

In collaboration with TU Darmstadt, Center for Advanced Security
Research in Darmstadt (CASED), Intel Collaborative Research Institute for
Secure Computing (ICRI-SC) at TU-Darmstadt, Bosch Security Systems

Near Field Communication (NFC)
Applications

+ NFC =
services in one touch

mPayments mTicketing

Why not Using a Smartphone as a Key?

+ NFC =

Smartphone as a Door Key
 Access control by enterprises to their facilities
 Access control in private sector (houses, garages)

4

Smartphone as a Door Key
 Access to hotel rooms

5

Smartphone as a Car Key/Immobilizer
 Fleet management by enterprises
 Car sharing with family members or friends

6

Smartphone as a Car Key/Immobilizer
 Car sharing by rental/car sharing companies

7

Smartphone for Access to Storage
Facilities
 Access to safes in hotel rooms
 Lockers in luggage storage at train stations/airports

DHL packing stations

8

Smartphone for Access to Storage
Facilities
 DHL packstations

9

Smartphone for Access to Facilities
 E.g., parking houses

10

Usual Keys vs. SmartCards vs. Key2Share
Usual Keys SmartCards Key2Share

Distribution Requires physical Requires physical Remote
access access
Revocation Requires physical Remote Remote
access or replacement
of the lock
Delegation Not possible Not possible Possible

Context-aware Not possible Possible Possible
access (e.g.,
time frame)

11

Key2Share: System Architecture
Issuer 1. Employ the employee/sell the car
Users

Key2Share 2. One-time registration
web-service
3. Electronic key issued

5. Share key
4. User Authentication
with the issued key

6. User Authentication
with the shared key
Resources

Delegated users
12

Key Sharing
 The key to be shared is represented as a QR-code
 Can be sent to the recipient per e-mail, MMS
or scanned by a camera of another device

QR Code: What’s Inside?
 Electronic keys of Key2Share are similar to passports

Issued by a central authority Government Enterprise
Issued for a particular entity Citizen Employee
Public (not a secret) Yes Yes (encrypted)
Has binding to an identity of Cryptographic key
Photo
an entity it is issued for bound to the platform

14

Key2Share Security
Platform Security Secure communication
protocols

15

Protocol Security

Well-established cryptographic
primitives (AES, SHA-1, RSA)

Formal security proof of the
protocols

Formal tool-aided verification of
protocols

16

Platform Security
 Different trade-offs between security and requirements
to a mobile device

Less secure More secure

Built-in Security System level software-based Hardware-based
Mechanisms of Mobile OS security extensions security extensions

No extra requirements to Requires update of system Requires support in
mobile hardware and software (e.g., OS) hardware. Available
system software (e.g., only on some
operating system) mobile platforms

17

Platform Security
Software-based security Hardware-based security
extensions extensions

 provided by BizzTrust  Require support in hardware
architecture  e.g., Giesecke & Devrient Mobile
Security Card http://www.gd-
 http://www.bizztrust.de/ sfs.com/the-mobile-security-
card/
 Can be attached to the device
via microSD card slot 18

Supported Platforms
 Android NFC-enabled platforms
(e.g., Samsung Nexus S, Galaxy S3)

19

Summary

Flexible access rights:
 policy-based
 easy delegation
 remote revocation
 managable

Current Work

Proof of Concept with Bosch Security Systems:
 Key2Share as Access Pass
 Key2Share as Building Block in Bosch‘s
„Access-Control-as-a-Service“
 Compatibility with already deployed
infrastructure (wireless readers, management
software)

Thank you
alexandra.dmitrienko@sit.fraunhofer.de

22

Similar to Key2 share moosecon

Key2Share is a new solution for NFC-enabled Android smartphones that allows enterprise employees to access offices and other enterprise premises using digital access control tokens stored on their mobile phones. The Key2Share app utilizes Near Field Communication (NFC) technology, which enables the phone to emulate a contactless smartcard that can be used with standard contactless smartcard readers.

Access Control in Enterprises with Key2Share

Faheem Nadeem

Smart Cards & Devices Forum 2012 - Securing Cloud Computing

OKsystem

SmartCard Forum 2011 - Evolution of authentication market

OKsystem

Simplify secure mobile app access to enterprise resources When mobile apps access enterprise data and services, the risk of security being compromised is increased. Layer 7’s solution for mobile Single Sign-On simplifies the process through which apps require users to sign in to the enterprise in order to secure this access. The solution leverages the underlying security in a device’s operating system to effectively create a secure sign-on container for apps. Layer 7 offers a complete end-to-end, standards-based and proven security solution for mobile SSO. This solution uses OAuth 2.0, OpenID Connect and JWT standards. Communication is secured through Layer 7’s SecureSpan Mobile Access Gateway and SSO libraries that abstract out all the complex OAuth and OpenID Connect protocol handshakes between mobile device and Gateway.

Single Sign-On for Mobile

CA API Management

Mobile phone as Trusted identity assistant

Vladimir Jirasek

Securing online services by combining smart cards and web-based applications

Olivier Potonniée

Droidcon2013 key2 share_dmitrienko_fraunhofer

Droidcon Berlin

ASFWS 2011 - Secure software development for mobile devices

Cyber Security Alliance

This webinar by Endeavour's Technology Consulting group provides insights on Enterprise Security & android platform. Data and transaction security has become of paramount importance with increase in mobile application usage in enterprises. The challenges of the security issues faced have become a top priority in every enterprise. Businesses and IT departments are experiencing employees opting for Android phones as corporate communication tools over other Smartphone as they offer powerful apps and innovative hardware specs.

Webinar on Enterprise Security & android

Endeavour Software Technologies

Bitzer Enterprise Application Mobility (BEAM) Organizations have restricted employee’s access to corporate network and data from mobile devices due to concerns of authentication, usability, policy control and data leakage. This problem is exacerbated by the avalanche of new mobile-device types and BYOD (Bring YourOwn Device) programs. BEAM overcomes the mobile security risk by isolating corporate access and data from employee’s personal apps on mobile devices and by extending the trust gained within an internal network out to an employee’s mobile device while ensuring a rich, seamless user experience.

Beam datasheet final 7 28-12

Bitzer Mobile, now part of Oracle

A wearable token system

Ganesh ReddyCse

Session presented at the 2nd IndicThreads.com Conference on Cloud Computing held in Pune, India on 3-4 June 2011. http://CloudComputing.IndicThreads.com Abstract:As part of this session I intend to provide a technical overview of how cloud computing can be made secure across various networks architectures and deployments such as (a) Security in public cloud deployments – data and application security. This will cover methods such as data encryption, multi tenancy, data wipeout, what type of data to place in public clouds, autentication methods. (b) Security by using public/private mix hybrid cloud deployments. This will cover using hybrid clouds effectively to segregate some portions of data in the public and some in hybrid and how a request can be moved across these. It would also cover options for enterprises to make their solutions secure. (c) Security features provided by current cloud vendors. (d) How a cloud deployer can ensure the solution they are providing is secure. Key Takeaway after this session: An understanding of various security solutions that developers, deployers, architects can use when using cloud computing solutions Speaker: Debashis Banerjee is a technology professional with 12+ years of expertise in development and leading global teams in development of Cloud, Security, Internet based and Telecom products. He is currently a Senior Engineering Manager with Yahoo! India.

Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads ...

IndicThreads

Samsung knox security_solution_v1_10_0

Javier Gonzalez

Securing the Smart Grid with SafeNet HSMs

SafeNet

Security and Mobile Application Management with Worklight

IBM WebSphereIndia

Software Defined Perimeter (SDP) is a cutting-edge security framework that revolutionizes network security. By combining SDP with the power of blockchain technology, Block Armour’s Blockchain Defined Perimeter (BDP) solution delivers an unparalleled level of security and trust for any organization. BDP enables fine-grained access policies based on user + device digital identity, device posture, and other contextual factors. It enables the enforcement of least privilege access, granting users access only to the resources they need, enhancing security and minimizing risks.

Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...

Block Armour

By combining SDP with the power of blockchain technology, Block Armour’s Blockchain Defined Perimeter (BDP) solution delivers an unparalleled level of security and trust for any organization. BDP enables fine-grained access policies based on user + device digital identity, device posture, and other contextual factors. It enables the enforcement of least privilege access, granting users access only to the resources they need, enhancing security and minimizing risks.

Block Armour Blockchain Defined Perimeter Brochure

Block Armour

Make the Smartcard great again

Eric Larcheveque

Rebooting the smartcard

Eric Larcheveque

Public key authentication is the most secure colution and utilizes a public key cryptography(PKI) system, using both public and private keys.A PKI is certainly the easiest solution from the users prespective.It mainly supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the internet and verify the identity of the other party. Without PKI , sensitive information can still be encrypted ( ensuring confidentiality) and exchanged but there would be no assurance of the identity(authentication) of the other party. Any form of sensitive data exchanged over the internet is relianton PKI for security. Elements of PKI A typical PKI consists of hardware, software , policies and standards to manage the creation,admisinstration , distribution and revocation of keys and digital certificates. Digital certificates are at the heart of PKI as they affrim the identity of the certificate subject that bind the identity to the public key contained in the certificate. Following are the elements of the PKI: Certificate Authority (CA) Registration authority A certificate database , it mainly stores the certificate requests and issues and revokes certificates. A certificate store , which resides on a local computer as a place to store issues certificates and private keys. --------------------------************************----------------------------- To connect many distant employees at once, all office locations must be able to access the same network resource. Most time iof we will would house the core infrastucture needed to establish the network, such as the servers and databases. Generally Wide area network (WAN) to connect the remote offices. WAN are used to connect Local area network(LAN) for disparate offices together. However installation and overhead of LNS and WANS is expensive. To over come this Virtual private networks that run over the internet. VPN it mainly provides secure connections between individual users and their organizations network over and their organizations network over the internet, have several upsides. They provide more secure site to site connections. They provide information transfer much faster that WAN\'s and most importantly to small and medimum sized business, VPN\'s are much lessexpensive since you can use a single leased line to the internet for each ofice, cutting down on broadband cost. While VPN\'s are highly recommended and trusted a new technology gaining traction with compaines is the remote desktop. Remote dsktops requires software or an operating system that allows aplications to run remotely on a server, but to be displayed locally simultaneously. This network server hosts remote files and application in a secure location , ensuring your data is never lost , even when something happens to device you are working on. Solution Public key authentication is the most secure colution and utilizes a public key cryptography(PKI) sy.

Public key authentication is the most secure colution and utilizes a.pdf

mohammadirfan136964

Similar to Key2 share moosecon (20)

Access Control in Enterprises with Key2Share

Smart Cards & Devices Forum 2012 - Securing Cloud Computing

SmartCard Forum 2011 - Evolution of authentication market

Single Sign-On for Mobile

Mobile phone as Trusted identity assistant

Securing online services by combining smart cards and web-based applications

Droidcon2013 key2 share_dmitrienko_fraunhofer

ASFWS 2011 - Secure software development for mobile devices

Webinar on Enterprise Security & android

Beam datasheet final 7 28-12

A wearable token system

Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads ...

Samsung knox security_solution_v1_10_0

Securing the Smart Grid with SafeNet HSMs

Security and Mobile Application Management with Worklight

Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...

Block Armour Blockchain Defined Perimeter Brochure

Make the Smartcard great again

Rebooting the smartcard

Public key authentication is the most secure colution and utilizes a.pdf

Recently uploaded

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Scaling API-first – The story of a global engineering organization

Driving Behavioral Change for Information Management through Data-Driven Gree...

Boost PC performance: How more available memory can improve productivity

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Handwritten Text Recognition for manuscripts and early printed texts

GenCyber Cyber Security Day Presentation

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Powerful Google developer tools for immediate impact! (2023-24 C)

Boost Fertility New Invention Ups Success Rates.pdf

Presentation on how to chat with PDF using ChatGPT code interpreter

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

The 7 Things I Know About Cyber Security After 25 Years | April 2024

GenAI Risks & Security Meetup 01052024.pdf

A Domino Admins Adventures (Engage 2024)

Key2 share moosecon

1. Key2Share: NFC-enabled Smartphone-based Access Control Alexandra Dmitrienko Cyberphysical Mobile Systems Security Group Fraunhofer SIT, Darmstadt In collaboration with TU Darmstadt, Center for Advanced Security Research in Darmstadt (CASED), Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt, Bosch Security Systems

2. Near Field Communication (NFC) Applications + NFC = services in one touch mPayments mTicketing

3. Why not Using a Smartphone as a Key? + NFC =

4. Smartphone as a Door Key  Access control by enterprises to their facilities  Access control in private sector (houses, garages) 4

5. Smartphone as a Door Key  Access to hotel rooms 5

6. Smartphone as a Car Key/Immobilizer  Fleet management by enterprises  Car sharing with family members or friends 6

7. Smartphone as a Car Key/Immobilizer  Car sharing by rental/car sharing companies 7

8. Smartphone for Access to Storage Facilities  Access to safes in hotel rooms  Lockers in luggage storage at train stations/airports DHL packing stations 8

9. Smartphone for Access to Storage Facilities  DHL packstations 9

10. Smartphone for Access to Facilities  E.g., parking houses 10

11. Usual Keys vs. SmartCards vs. Key2Share Usual Keys SmartCards Key2Share Distribution Requires physical Requires physical Remote access access Revocation Requires physical Remote Remote access or replacement of the lock Delegation Not possible Not possible Possible Context-aware Not possible Possible Possible access (e.g., time frame) 11

12. Key2Share: System Architecture Issuer 1. Employ the employee/sell the car Users Key2Share 2. One-time registration web-service 3. Electronic key issued 5. Share key 4. User Authentication with the issued key 6. User Authentication with the shared key Resources Delegated users 12

13. Key Sharing  The key to be shared is represented as a QR-code  Can be sent to the recipient per e-mail, MMS or scanned by a camera of another device

14. QR Code: What’s Inside?  Electronic keys of Key2Share are similar to passports Issued by a central authority Government Enterprise Issued for a particular entity Citizen Employee Public (not a secret) Yes Yes (encrypted) Has binding to an identity of Cryptographic key Photo an entity it is issued for bound to the platform 14

15. Key2Share Security Platform Security Secure communication protocols 15

16. Protocol Security Well-established cryptographic primitives (AES, SHA-1, RSA) Formal security proof of the protocols Formal tool-aided verification of protocols 16

17. Platform Security  Different trade-offs between security and requirements to a mobile device Less secure More secure Built-in Security System level software-based Hardware-based Mechanisms of Mobile OS security extensions security extensions No extra requirements to Requires update of system Requires support in mobile hardware and software (e.g., OS) hardware. Available system software (e.g., only on some operating system) mobile platforms 17

18. Platform Security Software-based security Hardware-based security extensions extensions  provided by BizzTrust  Require support in hardware architecture  e.g., Giesecke & Devrient Mobile Security Card http://www.gd-  http://www.bizztrust.de/ sfs.com/the-mobile-security- card/  Can be attached to the device via microSD card slot 18

19. Supported Platforms  Android NFC-enabled platforms (e.g., Samsung Nexus S, Galaxy S3) 19

20. Summary Flexible access rights:  policy-based  easy delegation  remote revocation  managable

21. Current Work Proof of Concept with Bosch Security Systems:  Key2Share as Access Pass  Key2Share as Building Block in Bosch‘s „Access-Control-as-a-Service“  Compatibility with already deployed infrastructure (wireless readers, management software)

22. Thank you alexandra.dmitrienko@sit.fraunhofer.de 22

Key2 share moosecon

Recommended

Recommended

More Related Content

Similar to Key2 share moosecon

Similar to Key2 share moosecon (20)

More from Heinrich Seeger

More from Heinrich Seeger (11)

Recently uploaded

Recently uploaded (20)

Key2 share moosecon