SlideShare ist ein Scribd-Unternehmen logo

Protecting the Future of Mobile Payments

Jonathan LeBlanc
Jonathan LeBlanc

We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Protecting the Future of Mobile Payments! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!
Trust Zones & Account Security!
Building Shortcuts!
Browser Fingerprinting! https://panopticlick.eff.org/!
Using Location Data!
Phone Identification?!
Device Fingerprinting!
//-------------! //Build Info: http://developer.android.com/reference/android/os/Build.html! //-------------! ! System.getProperty("os.version"); //os version! android.os.Build.DEVICE //device! android.os.Build.MODEL //model! android.os.Build.VERSION.SDK_INT //sdk version of the framework! android.os.Build.SERIAL //hardware serial number, if available! Retrieving Build Information for Android Device !
Getting Paired Devices?!
//fetch all bonded bluetooth devices! Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices();! ! //if devices found, fetch name and MAC address for each! if (pairedDevices.size() > 0){! for (BluetoothDevice device : pairedDevices){! //Device Name - device.getName()! //Device MAC address - device.getAddress()! }! }! Get all Bluetooth Paired Devices: Android!
Hardware Prototyping!
Asynchronous Cryptography: Securing an Insecure Channel!
Multi-User Environment!
//create private key in private.key! openssl genrsa -out private.key 2048! ! //create public key in public.pem! openssl rsa -in private.key -outform PEM -pubout -out public.pem! Generating Public / Private Keys!
var fs = require('fs');! var path = require('path');! var ursa = require('ursa');! var mkdirp = require('mkdirp');! ! //make direction and generate private / public keys for sender / receiver! var rootpath = './keys';! makekeys(rootpath, 'sender');! makekeys(rootpath, 'receiver');! Package Instantiation and Directory Creation!
function makekeys(rootpath, subpath){! try {! mkdirp.sync(path.join(rootpath, subpath));! } catch (err) {! console.error(err);! }! ! var key = ursa.generatePrivateKey(); ! var privatepem = key.toPrivatePem();! var publicpem = key.toPublicPem()! ! try {! fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii');! fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii');! } catch (err) {! console.error(err);! }! }! Key and Directory Creation!
//generate required keys! var senderprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'sender', 'private.pem')));! var recipientpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));! ! //prepare JSON message to send! var msg = { 'user':'Nikola Tesla',! 'address':'W 40th St, New York, NY 10018',! 'state':'active' };! ! msg = JSON.stringify(msg);! ! //encrypt with recipient public key, and sign with sender private key! var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64');! var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64');! Preparing Message, Encrypting, and Signing!
//generate required keys! var senderpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'sender', 'public.pem')));! var recipientprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem')));! ! //verify message with sender private key! bufferedmsg = new Buffer(encrypted);! if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){! throw new Error("invalid signature");! } else {! //decrypt message with recipient private key! var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8');! ! //--------! //message verified and decrypted ! //--------! }! ! Decrypting, and Verifying Message!
Card Tokenization!
Credit Card Tokenization! Credit Card Information! Address Information! Card Holder Name! ...! 7e29c5c48f44755598dec3549155 ad66f1af4671091353be4c4d7694 d71dc866  
Mobile Payments Landscape!
Thank You!! ! Slides: http://slideshare.net/jcleblanc! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!

Empfohlen

Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境
Yuriko IKEDA
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby Robots
Daniel Cukier
 
Laporan setting dns
Laporan setting dnsLaporan setting dns
Laporan setting dns
Septian Adi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
Joel Lord
 

Empfohlen

Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境
Yuriko IKEDA
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby Robots
Daniel Cukier
 
Laporan setting dns
Laporan setting dnsLaporan setting dns
Laporan setting dns
Septian Adi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
Joel Lord
 
Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot Framework
Sarah Sexton
 
Word Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TraceryWord Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with Tracery
Sarah Sexton
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
Joel Lord
 
Redis
RedisRedis
Redis
Puneet Kumar
 
DEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allDEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them all
Felipe Prado
 
NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6
Thomas Haessle
 
MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!
Stennie Steneker
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
Oleg Zinchenko
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
Hüseyin BABAL
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AES
cgvwzq
 
Rails by example
Rails by exampleRails by example
Rails by example
Angelo van der Sijpt
 
Java & Script ─ 清羽
Java & Script ─ 清羽Java & Script ─ 清羽
Java & Script ─ 清羽
taobao.com
 
Cpsh sh
Cpsh shCpsh sh
Cpsh sh
Ben Pope
 
One Size Fits All
One Size Fits AllOne Size Fits All
One Size Fits All
Claudio Meinberg
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011
Angelo van der Sijpt
 
DevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenDevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screen
Yozo SATO
 
Forbes MongoNYC 2011
Forbes MongoNYC 2011Forbes MongoNYC 2011
Forbes MongoNYC 2011
djdunlop
 
Device deployment
Device deploymentDevice deployment
Device deployment
Angelo van der Sijpt
 
Pecha Kucha
Pecha KuchaPecha Kucha
Pecha Kucha
Jose Diaz-Gonzalez
 
Human Talks Riot.js
Human Talks Riot.jsHuman Talks Riot.js
Human Talks Riot.js
streamdata.io
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot Framework
 
Word Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TraceryWord Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with Tracery
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Redis
RedisRedis
Redis
 
DEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allDEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them all
 
NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6
 
MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AES
 
Rails by example
Rails by exampleRails by example
Rails by example
 
Java & Script ─ 清羽
Java & Script ─ 清羽Java & Script ─ 清羽
Java & Script ─ 清羽
 
Cpsh sh
Cpsh shCpsh sh
Cpsh sh
 
One Size Fits All
One Size Fits AllOne Size Fits All
One Size Fits All
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011
 
DevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenDevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screen
 
Forbes MongoNYC 2011
Forbes MongoNYC 2011Forbes MongoNYC 2011
Forbes MongoNYC 2011
 
Device deployment
Device deploymentDevice deployment
Device deployment
 
Pecha Kucha
Pecha KuchaPecha Kucha
Pecha Kucha
 
Human Talks Riot.js
Human Talks Riot.jsHuman Talks Riot.js
Human Talks Riot.js
 

Andere mochten auch

Andere mochten auch (17)

Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
 
High Performance API Mashups with Node.js and ql.io
High Performance API Mashups with Node.js and ql.ioHigh Performance API Mashups with Node.js and ql.io
High Performance API Mashups with Node.js and ql.io
 
2012 4D Summit: Payments Made Easy
2012 4D Summit: Payments Made Easy2012 4D Summit: Payments Made Easy
2012 4D Summit: Payments Made Easy
 
Payments Made Easy Infographic
Payments Made Easy InfographicPayments Made Easy Infographic
Payments Made Easy Infographic
 
Kwasan150926
Kwasan150926Kwasan150926
Kwasan150926
 
Coffee
CoffeeCoffee
Coffee
 
medicalbulkbuy India Pvt. Ltd. | SlideShare
medicalbulkbuy India Pvt. Ltd. | SlideShare medicalbulkbuy India Pvt. Ltd. | SlideShare
medicalbulkbuy India Pvt. Ltd. | SlideShare
 
Papa Francisco: Decálogo para ser feliz
Papa Francisco: Decálogo para ser felizPapa Francisco: Decálogo para ser feliz
Papa Francisco: Decálogo para ser feliz
 
к и ш
к и шк и ш
к и ш
 
宇宙科学入門
宇宙科学入門宇宙科学入門
宇宙科学入門
 
惑星物理学 2015
惑星物理学 2015惑星物理学 2015
惑星物理学 2015
 
Current and Future Fashion Trend Analysis
Current and Future Fashion Trend Analysis Current and Future Fashion Trend Analysis
Current and Future Fashion Trend Analysis
 
10 industries that will be disrupted by Virtual / Augmented Reality
10 industries that will be disrupted by Virtual / Augmented Reality10 industries that will be disrupted by Virtual / Augmented Reality
10 industries that will be disrupted by Virtual / Augmented Reality
 
Creating Real-Time Data Mashups with Node.JS and Adobe CQ
Creating Real-Time Data Mashups with Node.JS and Adobe CQCreating Real-Time Data Mashups with Node.JS and Adobe CQ
Creating Real-Time Data Mashups with Node.JS and Adobe CQ
 
Factors Affecting Tennis Racquet Selection
Factors Affecting Tennis Racquet SelectionFactors Affecting Tennis Racquet Selection
Factors Affecting Tennis Racquet Selection
 
RFID Application
RFID ApplicationRFID Application
RFID Application
 

Ähnlich wie Protecting the Future of Mobile Payments

Bullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-FrameworkBullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-Framework
Vance Lucas
 
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W... Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Robert Nyman
 
Getting Started With Play Framework
Getting Started With Play FrameworkGetting Started With Play Framework
Getting Started With Play Framework
Treasury user10
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
jerryorr
 
Firefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobileFirefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobile
Robert Nyman
 

Ähnlich wie Protecting the Future of Mobile Payments (20)

Transforming WebSockets
Transforming WebSocketsTransforming WebSockets
Transforming WebSockets
 
Es.next
Es.nextEs.next
Es.next
 
State of Web APIs 2017
State of Web APIs 2017State of Web APIs 2017
State of Web APIs 2017
 
Bullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-FrameworkBullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-Framework
 
Moving to modules
Moving to modulesMoving to modules
Moving to modules
 
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W... Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
 
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
 
Getting Started With Play Framework
Getting Started With Play FrameworkGetting Started With Play Framework
Getting Started With Play Framework
 
Mozilla Web Apps - Super-VanJS
Mozilla Web Apps - Super-VanJSMozilla Web Apps - Super-VanJS
Mozilla Web Apps - Super-VanJS
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
 
Html 5 boot camp
Html 5 boot campHtml 5 boot camp
Html 5 boot camp
 
Node.js
Node.jsNode.js
Node.js
 
Twas the night before Malware...
Twas the night before Malware...Twas the night before Malware...
Twas the night before Malware...
 
A.I. Exercise.
A.I. Exercise.A.I. Exercise.
A.I. Exercise.
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to Android
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.
 
Firefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobileFirefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobile
 
How Kris Writes Symfony Apps
How Kris Writes Symfony AppsHow Kris Writes Symfony Apps
How Kris Writes Symfony Apps
 

Mehr von Jonathan LeBlanc

Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Rebuilding Commerce
Rebuilding CommerceRebuilding Commerce
Rebuilding Commerce
Jonathan LeBlanc
 
Mobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesMobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & Wearables
Jonathan LeBlanc
 

Mehr von Jonathan LeBlanc (20)

JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
 
Box Platform Overview
Box Platform OverviewBox Platform Overview
Box Platform Overview
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
 
Kill All Passwords
Kill All PasswordsKill All Passwords
Kill All Passwords
 
BattleHack Los Angeles
BattleHack Los Angeles BattleHack Los Angeles
BattleHack Los Angeles
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with Beacons
 
Identity in the Future of Embeddables & Wearables
Identity in the Future of Embeddables & WearablesIdentity in the Future of Embeddables & Wearables
Identity in the Future of Embeddables & Wearables
 
Internet Security and Trends
Internet Security and TrendsInternet Security and Trends
Internet Security and Trends
 
Rebuilding Commerce
Rebuilding CommerceRebuilding Commerce
Rebuilding Commerce
 
Mobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesMobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & Wearables
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Protecting the Future of Mobile Payments

  • 1. Protecting the Future of Mobile Payments! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!
  • 2. Trust Zones & Account Security!
  • 5.
  • 9. //-------------! //Build Info: http://developer.android.com/reference/android/os/Build.html! //-------------! ! System.getProperty("os.version"); //os version! android.os.Build.DEVICE //device! android.os.Build.MODEL //model! android.os.Build.VERSION.SDK_INT //sdk version of the framework! android.os.Build.SERIAL //hardware serial number, if available! Retrieving Build Information for Android Device !
  • 11. //fetch all bonded bluetooth devices! Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices();! ! //if devices found, fetch name and MAC address for each! if (pairedDevices.size() > 0){! for (BluetoothDevice device : pairedDevices){! //Device Name - device.getName()! //Device MAC address - device.getAddress()! }! }! Get all Bluetooth Paired Devices: Android!
  • 13.
  • 15.
  • 17. //create private key in private.key! openssl genrsa -out private.key 2048! ! //create public key in public.pem! openssl rsa -in private.key -outform PEM -pubout -out public.pem! Generating Public / Private Keys!
  • 18. var fs = require('fs');! var path = require('path');! var ursa = require('ursa');! var mkdirp = require('mkdirp');! ! //make direction and generate private / public keys for sender / receiver! var rootpath = './keys';! makekeys(rootpath, 'sender');! makekeys(rootpath, 'receiver');! Package Instantiation and Directory Creation!
  • 19. function makekeys(rootpath, subpath){! try {! mkdirp.sync(path.join(rootpath, subpath));! } catch (err) {! console.error(err);! }! ! var key = ursa.generatePrivateKey(); ! var privatepem = key.toPrivatePem();! var publicpem = key.toPublicPem()! ! try {! fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii');! fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii');! } catch (err) {! console.error(err);! }! }! Key and Directory Creation!
  • 20. //generate required keys! var senderprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'sender', 'private.pem')));! var recipientpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));! ! //prepare JSON message to send! var msg = { 'user':'Nikola Tesla',! 'address':'W 40th St, New York, NY 10018',! 'state':'active' };! ! msg = JSON.stringify(msg);! ! //encrypt with recipient public key, and sign with sender private key! var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64');! var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64');! Preparing Message, Encrypting, and Signing!
  • 21. //generate required keys! var senderpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'sender', 'public.pem')));! var recipientprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem')));! ! //verify message with sender private key! bufferedmsg = new Buffer(encrypted);! if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){! throw new Error("invalid signature");! } else {! //decrypt message with recipient private key! var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8');! ! //--------! //message verified and decrypted ! //--------! }! ! Decrypting, and Verifying Message!
  • 23. Credit Card Tokenization! Credit Card Information! Address Information! Card Holder Name! ...! 7e29c5c48f44755598dec3549155 ad66f1af4671091353be4c4d7694 d71dc866  
  • 25. Thank You!! ! Slides: http://slideshare.net/jcleblanc! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!