KICA Case Study: Bio-Authentication and PKI Trends in Korea presented by Dr. Jaejung Kim

1. v3.0
Dr. JJ Kim(jjkim@signgate.com)
December 8th, 2016
FIDO Tokyo Seminar 2016

2. K-FIDO (/w Accredited Certificate)
Bio-Authentication Case Study
NID and Identification Method

3. PART
I.
National ID and
Identification Method

4. - 4 -Copyright © 2016 KICA. All Rights Reserved.
Identification Method
Birthday
Gender Birth Area Code
Error Verification Code
Resident Registration Number
NID Card
Accredited
Certificate
Mobile
Authentication
internet-Personal Identification Number
• Randomly Generated 13 digit numbers
 17 M users(2015)
1. National ID and i-PIN

5. - 5 -Copyright © 2016 KICA. All Rights Reserved.
2. Type of Offline Identification Methods
• The citizen can use a lot of identification methods such as accredited certificate, mobile, bank
account, credit card for internet services that needs non face-to-face identification service .
Citizen
Internet
Services
Credit Card IssuerBankTelco Company
Non Face-to-Face
Identification Service
Accredited
Certificate Mobile phone
Credit
Card
Online
Identification
PassportNID Card Driver License
Face-to-Face
Identification
Accredited CA
Bank Account,
Check Card
Face-to-Face
Identification

6. - 6 -Copyright © 2016 KICA. All Rights Reserved.
3. Type of Online Identification Methods
Credit Card
Authentication
i-PIN
Accredited
Certificate
Mobile
Authentication
• Name
• Phone number
• Telco name
• Birthday
• Gender
• Citizen or Foreigner
• i-Pin ID
• Password1
• Password2
(image letters)
• Credit card
number
• Validity period
(Month/Year)
• Password
(2digits)
Certificate
Password
Identification MethodAccredited CA
i-PIN Service ProviderCredit Card Issuer
Telco Company

7. - 7 -Copyright © 2016 KICA. All Rights Reserved.
4. Statistic of Identification Method
• The Use Rate of Identification Method in Korea
81% 84%
49%
27%
0%
95%
88%
56%
36%
7%
96%
84%
51%
35%
6%
0%
20%
40%
60%
80%
100%
120%
Accredited
Certificate
Mobile
Authentication
i-PIN OTP ETC
2013 2014 2015
(Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015)

8. - 8 -Copyright © 2016 KICA. All Rights Reserved.
5. User authentication method for various services
Service Function Identification Method
Web portal
Log-in (optional)
• ID/Password
• OTP (software)
Registration • Mobile authentication
ID/password retrieval
(one selected)
• Registered mobile phone
• E-mail notification
• i-PIN
E-transaction
Log-in
• Accredited certificate
• ID/Password (Inquiry only)
Electronic
payment
Account transfer • Account information + Accredited certificate
Credit card
payment
• PIN (6-digits) + Mobile authentication : Easy Payment
• Credit card information + Accredited certificate
- VISA Anshim Click, Internet Secure Payment (ISP)
Mobile phone Payment • Mobile phone information + resident registration number
Financial
institution
(Internet banking)
Log-in • Accredited certificate, ID/PW(Inquiry only)
Account
transfer
Type 1
• Accredited certificate + OTP generator
• PKI token(Accredited certificate) + security card
Type 2 • Accredited certificate + security card (2-channel authentication)
Public Procurement
Service
Electronic bidding • Accredited certificate + fingerprint security token(Bio-HSM)
• Various user authentication methods used for user authentication for web portals, e-transactions,
financial institutions and e-government services are shown.

9. PART
II.
K-FIDO
: Accredited Certificate + FIDO
+
FIDOAccredited
Certificate

10. - 10 -Copyright © 2016 KICA. All Rights Reserved.
 5 Accredited CAs issued accredited certificates to subscriber around 33 millions
in total.
 Major PKI Applications
* Internet Banking, Online Stock, Internet Shopping, e-Procurement, e-Government Services, etc.
-
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
30,000,000
35,000,000
40,000,000
The annual number of valid accredited certificates (as of December 2015, published by KISA)
1. Statistic of Accredited Certificate in Korea
33M

11. - 11 -Copyright © 2016 KICA. All Rights Reserved.
 Accredited Certificate Applications- Top5
96%
83%
65%
36% 32%
95%
65% 70%
32% 34%
97%
74% 71%
39% 37%
0%
20%
40%
60%
80%
100%
120%
Internet Banking Payment of
Shopping Mall
E-government
Services
Online Stock
trading
Internet Insurance
2013 2014 2015
63%
42% 43%
1% 1%
62%
42% 40%
3% 2%
60%
42% 43%
4% 4%
0%
10%
20%
30%
40%
50%
60%
70%
Removable
Disk(USB etc.)
Hard Disk Smart Phone PKI Token Smart Card
2013 2014 2015
 Accredited certificate storage utilization rate by media
(Source: Research on the Actual Condition of Electronic Signature System Usage(in Electronic Signature User)-KISA, December 2015)
1. Statistic of Accredited Certificate Usage

12. - 12 -Copyright © 2016 KICA. All Rights Reserved.
 Statistics on Accredited CA’s
No
Accredited CA/
Web site
Accredited
Date
Characteristics
Main Business
Area
1
KICA (CA: SignGATE)
http://www.signgate.com
2000. 02. 10 Corporation
All industry,
Government
2
KOSCOM (CA: SignKorea)
http://www.signkorea.com
2000. 02. 10
Special purpose
Corporation
Cyber trading
3
KFTC (CA: yessign)
http://www.yessign.com
2000. 04. 12
Non-commercial
Organization
Internet banking
4
CrossCert (CA: CrossCert)
http://gca.crosscert.com
2001. 11. 24 Corporation -
5
KTNET (CA: TradeSign)
http://www.tradesign.net
2002. 03. 11
State-run
Corporation with
special mission
Trading
(As of 2016; published by MSIP)
1. Status of Accredited CAs in Korea

13. - 13 -Copyright © 2016 KICA. All Rights Reserved.
Status and Problems
SD Card
Internal
Memory
(Android)
Storage
Improvements
Accredited certificates stored in Hard Disk(SD
Card) are easy to hacking by malicious code.
NPKI Folder Stored in APP
Certificate Password:
10 digits(arphanumeric+1 special character)
Accredited certificates should be stored more
secure storages such as HSM, USIM, etc.
User’s Biometric Authentication
 fingerprint, Face, Voice, Iris, etc.
Smart
Authentication
(USIM)
Smart OTP HSM
Too many to remember,
difficult to type, and not secure
Better Privacy, Better Experience,
Better Security
User
Authentication
Secure Storage
2. Problem statements

14. - 14 -Copyright © 2016 KICA. All Rights Reserved.
3. What is K-FIDO?
 K-FIDO : Accredited Certificate + FIDO
– K-FIDO stands for biometric accredited certification service that uses accredited certificate
without password using FIDO.
– K-FIDO uses biometric authentication such as fingerprint in smartphone instead of password.
– K-FIDO specification will be published by KISA(Korea Internet Security Agency) in 2016.
Password
Accredited
Certificate
Fingerprint Iris
(Source: Wooribank APP)

15. - 15 -Copyright © 2016 KICA. All Rights Reserved.
FIDO Authenticator
4. Service Architecture
RP APP
Smartphone
(Samsung, LG, APPLE)
FIDO Client
Fingerprint
Sensor
CA
Biometric
API
PKI Module
FIDO
Server
RP Server
OCSP
PC
Certificate
Issuance/
Reissuance/
Renewal
Certificate Paste/Move
FIDO UAF
Protocol
• Developed by the extension
of FIDO UAF Protocol.
• Distribute RP APP with
FIDO Client and K-FIDO
Authenticator.
• Recommend to use
KeyStore, TrustZone,
KeyChain as a storage of
accredited certificate and
private key.
• Any types of authentication
method can be added.
K-FIDO
(Source: KISA Technical Specification)
 K-FIDO Service Architecture
Iris
Sensor
Certificate
Verification

16. - 16 -Copyright © 2016 KICA. All Rights Reserved.
4.1 Secure Storage for smartphone(1/2)
<Android 6.0 above (use AES Key)>
1) Android KeyStore
Encryption
(AES)
Decryption
(AES)
AES key
KeyStore
Encrypted
private key1
RSA key pair
KeyStore
Encrypted
private key1
Encryption
(AES)
Decryption
(AES)
Session key
Encryption
(RSA)
Decryption
(RSA)
Session key
Encrypted
private key2
Encrypted
Session key
Encrypted
private key2
Encrypted
private key1
Encrypted
private key1
<Android 4.3 above and 5.x below(Use RSA Key)>
(Source: KISA Technical Specification)

17. - 17 -Copyright © 2016 KICA. All Rights Reserved.
4.1 Secure Storage for smartphone(2/2)
Encryption
(AES)
Decryption
(AES)
AES key
KeyChain
Encrypted
private key1
Encrypted
private key2
Encrypted
private key1
2) Android TrustZone (Source: www.arm.com)
<iOS 2.0 above (use AES Key)>
3) iOS KeyChain
(Source: KISA Technical Specification)

18. - 18 -Copyright © 2016 KICA. All Rights Reserved.
5. Logical Architecture
RP Application
FIDO Client
ASM
Authenticator
(Iris, Fingerprint)
REE (Normal World)
TEE (Secure World)
Crypto Module
PKI Module
Certificate Management
Module(CA)
User (Smartphone)
Service Server
FIDO Server
RP Server
Service Provider(SP)
CA Server
OCSP Server
(OCSP)
Accredited CA
Certificate
Management
(Issuance,
Reissuance,
Renewal,
Revocation)
Electronic
Signature
Electronic
Signature
Biometric Sensors
FIDO Service Provider
FIDO AuthCode
FIDO UAF
Protocol
Certificate
Verification
Electronic
Signature
 The K-FIDO system consists of a smartphone, an accredited CA, a FIDO service
provider, and a service provider.

19. - 19 -Copyright © 2016 KICA. All Rights Reserved.
5.1 Registration Process
FIDO Client
Authenticator
Biometric Sensor
Certificate Management
Module(CA)
FIDO Server
CA Server
① Request Certificate Issuance
② UAF Registration Request
③ Bio-authentication
④ FIDO signature
⑤ UAF Registration Response
⑥ Request Certificate Issuance
Crypto Module
Secure Element
RP Application
⑦ Generate key pairs
⑧ Request Certificate Issuance
FIDO Registration
⑪ Save the accredited certificate
and encrypted private key
 The K-FIDO registration process uses FIDO registration protocol and issues the
accredited certificate for CA after checked a bio-authentication of user.
⑨ Issue a certificate
⑩ accredited certificate

20. - 20 -Copyright © 2016 KICA. All Rights Reserved.
5.2 Authentication Process
FIDO Client
Authenticator
Biometric Sensor
PKI Module
FIDO Server
① Request electronic signature
② UAF Authentication Request
③ Bio-authentication
④ FIDO signature
⑤ UAF Authentication Response
⑥ Request electronic
signature
Crypto Module
Secure Element
RP Application
⑦ Request electronic
signature
⑧ Generate electronic signature
Service Server
⑨ Send Signed Data
OCSP Server
FIDO Authentication
⑪ Certificate
Verification
RP Server
⑩ Verify Signed Data
⑫ Verify AuthCode
 The K-FIDO authentication process uses FIDO authentication protocol and generates
an electronic signature by user’s private key. Service provider verifies the signed data
from OCSP server.

21. - 21 -Copyright © 2016 KICA. All Rights Reserved.
6. K-FIDO Service Demo
Settings
 Lock screen and security
 Fingerprints
 Demo Scenario of K-FIDO Service
PC
Push
Mobile
Mobile
(Source: KICA K-FIDO Demo APP)

22. - 22 -Copyright © 2016 KICA. All Rights Reserved.
6. Service Demo: ① Registration
 The Registration of Accredited Certificate
– Fingerprint match policy is single matching with each accredited certificate and fingerprint.
– User can choose the different biometric authentications if a site provides multiple authenticators.
Execute KICA App Register Fingerprint Verify Password Registration Result
1. Client “Bio-Authentication
Center” icon
3. If matched, perform
fingerprint authentication
2. Input the password for
the selected an accredited
certificate.
4. If succeeded, fingerprint
registration for the accredited
certificate will be completed.
(Source: KICA K-FIDO Demo APP)

23. - 23 -Copyright © 2016 KICA. All Rights Reserved.
6. Service Demo: ② APP Login
 Example of Smartphone Login
– The accredited certificates store in user’s smartphone.
– K-FIDO authenticator can connect any FIDO clients and any Service Provide APPs with SDK.
App Execution Select Certificate Complete Login
1. Click “login” icon based on
accredited certificate.
2. Select an accredited certificate to
use and authenticate with a
registered fingerprint.
3. It matched, login
process will be succeed.
(Source: KICA K-FIDO Demo APP)

24. - 24 -Copyright © 2016 KICA. All Rights Reserved.
6. Service Demo : ③ Web Login
 Example of Web page Login
– Web Brower in PC doesn’t install any ActiveX software. (HTML5)
– The User signed up for the web site and registered his/her mobile phone number.
1. Select login based on fingerprint.
2. Input an ID and click “Login”
KICA AppPush
Service to the
registered
user’s
smartphone
Select Certificate
5. Complete Web page Login
3. Select an accredited certificate to use, touch the fingerprint,
and authenticated with a registered fingerprint.
4. Send authentication result to the service provider server.
(Source: KICA K-FIDO Demo APP)

25. PART
III.
Bio-Authentication
Case Study

26. - 26 -Copyright © 2016 KICA. All Rights Reserved.
1. Bio-Authentication Service Model
• Samsung’s payment
platform
• Support credit
card/account payment,
ATM saving
/withdrawal, etc.
• Alternative to certificate
passwords (KISA)
• Firmware-level support
from Samsung Galaxy Note7
(Samsung PASS)
• Cloud-based service
(SECaaS)
• Target for small &
medium business
• Alternative to
Passwords (FIDO
Alliance)
• User authentication
method with
fingerprint, Iris, etc.
CASE
Study
On-Premises
Type
Cloud TypeASP Type
?

27. - 27 -Copyright © 2016 KICA. All Rights Reserved.
2. Bio-authentication Case Study
Name Purpose
Authentication
Type
Authenticator Service Type FIDO Service Phone Brand Open Date
Samsung
Pay
Payment,
ATM Saving/
Withdrawal, etc
FIDO
(Samsung)
Fingerprint,
Iris
ASP Type KICA Samsung 2015.08.20
Samsung
Card
Login,
Payment
FIDO
(KICA)
Fingerprint ASP Type KICA
Samsung,
APPLE
2016.08
IBK Bank Money Transfer
K-FIDO
(KICA)
Fingerprint ASP Type KICA Samsung 2016.08.12
KEB Hana
bank
Money Transfer FIDO
(Samsung PASS)
Iris On-Premise Samsung Samsung 2016.08.19
Wooribank
Login,
Money Transfer
K-FIDO
(Samsung PASS)
Iris ASP Type
Samsung +
KICA
Samsung
2016.08.19
(Source: Samsung Pay APP, Samsung Card APP, IBK APP, Wooribank APP, KEB Hana bank APP)

28. - 28 -Copyright © 2016 KICA. All Rights Reserved.
Samsung(FIDO)
FIDO Client
ASM
Authenticator
KICA Library SAMSUNG
(Samsung PASS)
Authentication
Framework
RP Client SDK
FIDO Client
ASM
Authenticator
FIDO
Module
K-FIDO
Module
K-FIDO
Module
FIDO
Module
Crypto Module
Certificate
Management
Module
PKI Module
SAMSUNG
(Samsung PAY)
Pay Framework
FIDO Module
Pay Module
Sensor
2. Case Study: Device Configuration
FIDO
FIDO Client
ASM
Authenticator
KICA Library
RP Client SDK
FIDO Client
ASM
Authenticator
FIDO
Module
K-FIDO
Module
Sensor

29. - 29 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Credit Card
Payments
Internet
Banking
Money Transfer
Account Payment
ATM Saving
ATM Withdraw
Authentication
Login
Android
Samsung
LG
Others
Windows
PCs
Mobile App
Stores
Google Play
iOS AppStore
3. CASE1: Samsung Pay
General
Purpose Protocols
FIDO(UAF)
K-FIDO(UAF)
Hardware
ARM TrustZone
Secure Element
USIM
IC Card
Software
In Apps
Security
Foundations
On Device
PIN
Fingerprint
Iris
Voice
Face
Platforms Distribution
On Premise Type
ASP Type
Samsung Pay
KICA
Samsung PASS
Cloud Type
Security as a Service
Authenticator Use CasesServices Model
 Samsung Pay is the new, simple and secure way to pay with your Samsung Galaxy
device. Accepted almost anywhere you can swipe or tap your card.
CASE 1

30. - 30 -Copyright © 2016 KICA. All Rights Reserved.
3.1 Samsung Pay: Overview
Safe and secure mobile payments virtually anywhere you can swipe your card
Everywhere Secure
MST, NFC payment
Offline & online Payment
One hand operation
Easy to setup
Consistent User Experience
Value Added Service
Fingerprint Authentication
(FIDO support)
Samsung KNOX
Tokenization
Simple
CASE 1
(Source: Samsung Pay)

31. - 31 -Copyright © 2016 KICA. All Rights Reserved.
3.2 Samsung Pay: Security
 Security & Protection: Designed with our highest level of security available
Fingerprint
Authentication Samsung Knox
Each transaction uses a random token
instead of your card number, which means
your actual information isn’t shared when you
shop and your details stay safe.
TokenizationTransaction are authorized
with your fingerprint, so
you’re in control of when
each payment is made.
With Samsung KNOX, your
phone is constantly monitored
for vulnerabilities.
Even if your phone is ever
compromised, your card
information is still safely
encrypted within a separate
and secure data vault.
CASE 1
(Source: Samsung Pay)

32. - 32 -Copyright © 2016 KICA. All Rights Reserved.
3.3 Samsung Pay: Credit Card Payment
Settings
 Lock screen and security
 Fingerprints
• NFC : Near Field Communication
• MST: Magnetic Secure Transmission
NFC MST+
 Payment process of Samsung Pay
CASE 1
(Source: Samsung Pay)

33. - 33 -Copyright © 2016 KICA. All Rights Reserved.
3.4 Samsung Pay: Add Card Process
Select ‘Add Card’Add Card Enter card info Agree Term Mobile Authentication
Fingerprint VerificationType Payment Password Enter Signature Complete
1 2 3 4 5
6 7 8 9 10
CASE 1
(Source: Samsung Pay)

34. - 34 -Copyright © 2016 KICA. All Rights Reserved.
3.5 Samsung Pay: Payment Process
Fingerprint or Iris AuthenticationSelect Card or Bank Account Touch POS Device
1 2 3
Number 1: Samsung Pay
(Easy and Secure)
Customer Satisfaction Survey of
Easy Payment Service
(August 30, 2016, Korea Consumer Agency)
CASE 1
(Source: Samsung Pay)

35. - 35 -Copyright © 2016 KICA. All Rights Reserved.
3.6 Samsung Pay: ATM Saving/Withdrawal
Smart Phone
(Samsung)
 This is a working scenario of FIDO based ATM in Wooribank.
ATM
(NFC Reader)
① Select Withdraw from bank account
② Enter your bank account PIN
③ Type in the withdrawal amount
④ Scan your fingerprint
to withdraw your cash
④ Hold your device near
the ATM card reader
⑤ Withdraw the money
from ATM machine
CASE 1
(Source: Wooribank ATM)

36. - 36 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
Authentication
Login
Android
Samsung
LG
Others
Windows
PCs
Mobile App
Stores
Google Play
iOS AppStore
4. CASE2: Samsung Card
General
Purpose Protocols
FIDO(UAF)
K-FIDO(UAF)
Hardware
ARM TrustZone
Secure Element
USIM
IC Card
Software
In Apps
Security
Foundations
On Device
PIN
Fingerprint
Iris
Voice
Face
Platforms Distribution
On Premise Type
ASP Type
Samsung Pay
KICA
Samsung PASS
Cloud Type
Security as a Service
Authenticator Use CasesServices Model
 Fingerprint based FIDO Service
 Samsung Card: This model provides a fingerprint authentication for login, easy payment
using Samsung, APPLE smartphone.
CASE 2

37. - 37 -Copyright © 2016 KICA. All Rights Reserved.
4. Samsung Card: Fingerprint Login
Agree Term Mobile Authentication Fingerprint Authentication Registration End
Login Start Fingerprint Authentication Login Success
 Step1 : The User registers fingerprint logins
 Step2: The user logs in with the fingerprint.
CASE 2
(Source: Samsung Card APP)

38. - 38 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
Authentication
Login
Android
Samsung
LG
Others
Windows
PCs
Mobile App
Stores
Google Play
iOS AppStore
5. CASE3: IBK Bank
General
Purpose Protocols
FIDO(UAF)
K-FIDO(UAF)
Hardware
ARM TrustZone
Secure Element
USIM
IC Card
Software
In Apps
Security
Foundations
On Device
PIN
Fingerprint
Iris
Voice
Face
Platforms Distribution
On Premise Type
ASP Type
Samsung Pay
KICA
Samsung PASS
Cloud Type
Security as a Service
Authenticator Use CasesServices Model
 Fingerprint based K-FIDO Service
 IBK Bank: This model provides a fingerprint authentication instead of accredited certificate
password for site login, money transfer and so on using Samsung smartphone.
CASE 3

39. - 39 -Copyright © 2016 KICA. All Rights Reserved.
5. IBK Bank: Registration(1/2)
 The i-ONE Bank service in IBK Bank provides K-FIDO based smart banking service.
① Click
“Authentication
Center” menu
② Click “Fingerprint
Registration” menu
③ Select Accredited
Certificate
④ Type the password
of selected
accredited certificate
Certification Center
Certification List
Certificate Password
Register Fingerprint
CASE 3
(Source: IBK bank APP)

40. - 40 -Copyright © 2016 KICA. All Rights Reserved.
5. IBK Bank: Registration(1/2)
 This is an accredited certificate registration process with fingerprint.
Complete
Registration
⑥ Click
“User Agreement”
⑦ Mobile Authentication
⑧ OTP Authentication
⑨ Perform Fingerprint
authentication
⑩ Complete
Registration
⑤ Start Fingerprint
Registration
OTP Numbers
OTP Numbers
Mobile authentication
Term and Conditions
Next
Fingerprint
CASE 3
(Source: IBK bank APP)

41. - 41 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
Authentication
Login
Android
Samsung
LG
Others
Windows
PCs
Mobile App
Stores
Google Play
iOS AppStore
6. CASE4: KEB Hana Bank
General
Purpose Protocols
FIDO(UAF)
K-FIDO(UAF)
Hardware
ARM TrustZone
Secure Element
USIM
IC Card
Software
In Apps
Security
Foundations
On Device
PIN
Fingerprint
Iris
Voice
Face
Platforms Distribution
On Premise Type
ASP Type
Samsung Pay
KICA
Samsung PASS
Cloud Type
Security as a Service
Authenticator Use CasesServices Model
 Iris based FIDO service
 KEB Hana Bank: This model provides a iris authentication of Samsung Pass for money transfer
and so on using Samsung smartphone.
(Alternative of Accredited certificate but ARS authentication and OTP are still used)
CASE 4

42. - 42 -Copyright © 2016 KICA. All Rights Reserved.
6. KEB Hana Bank: Iris Registration(1/2)
Iris-login Information Agree Term Create Samsung Account
Iris Registration Start Login Select Iris-Login
1 2 3
4 5 6
CASE 4
(Source: KEB Hana Bank APP)

43. - 43 -Copyright © 2016 KICA. All Rights Reserved.
6. KEB Hana Bank: Iris Registration(2/2)
Check User Info SMS / Security Card
Authentication
Show Iris Info Samsung PASS info Agree S-PASS Term Set S-PASS PIN
Iris Authentication Registration End
7 8 9 10 11 12
13 14
CASE 4
(Source: www.etnews.com)

44. - 44 -Copyright © 2016 KICA. All Rights Reserved.
6. KEB Hana Bank: Money Transfer
ARS AuthenticationStart Money Transfer Iris Authentication End Money Transfer
1 2 3 4
ARS: 2-channeal authentication
(phone, internet)
Withdrawal account information
Deposit account information
CASE 4
(Source: www.etnews.com)

45. - 45 -Copyright © 2016 KICA. All Rights Reserved.
Android
iOS
Windows
Easy Payments
Credit Card
Payments
Internet
Banking
Authentication
Login
Android
Samsung
LG
Others
Windows
PCs
Mobile App
Stores
Google Play
iOS AppStore
7. CASE5: Wooribank
General
Purpose Protocols
FIDO(UAF)
K-FIDO(UAF)
Hardware
ARM TrustZone
Secure Element
USIM
IC Card
Software
In Apps
Security
Foundations
On Device
Fingerprint
Iris
PIN
Voice
Face
Platforms Distribution
On Premise Type
ASP Type
Samsung Pay
KICA
Samsung PASS
Cloud Type
Security as a Service
Authenticator Use CasesServices Model
 Iris based K-FIDO Service
 Wooribank: This model provides a iris authentication of Samsung Pass instead of accredited
certificate password for site login, money transfer and so on using Samsung smartphone.
(No use ARS authentication and security card)
CASE 5

46. - 46 -Copyright © 2016 KICA. All Rights Reserved.
7. Wooribank: Certificate Registration
Bio-Auth CenterLogin Start Registration User Notification Agree Term
Mobile Authentication Iris Authentication Certificate Issuance Complete Registration
1 2 3 4 5
6 7 8 9
CASE 5
(Source: www.etnews.com)

47. - 47 -Copyright © 2016 KICA. All Rights Reserved.
7. Wooribank: Login / Money Transfer
Select Money TransferWooribank APP Iris Authentication Iris Verification
Input account info Confirm info Iris Verification Complete Transfer
1 2 3 4
Login
1 2 3 4
Money
Transfer
CASE 5
(Source: wooribank APP)

48. Dr. JJ Kim
(jjkim@signgate.com)

49. - 49 -Copyright © 2016 KICA. All Rights Reserved.
About KICA
No.1 Certification Service and Bio-authentication Service in Korea
PKI Solutions
FIDOCertifiedProducts
Over20Countries