the future of online money: creating secure payments globally
TRANSCRIPT
The Future of Online Money
Creating Secure Payments Globally
Jonathan LeBlanc
Twitter: @jcleblanc
Book: http://bit.ly/iddatasecurity
10 Years ago, the iPhone
launched
2013: More cell phones than toilets (time.com)
7 billion people, 6.5 billion with cell phones, 4.5 billion
with access to toilets.
2014: More cell phones than people (independent.co.uk)
7.22 billion cell phones, 7.19-7.2 billion people.
2015: More people own a cell phone than a toothbrush (CTA)
3.7 billion people own a cell phone, 3.5 billion own a
toothbrush.
2020: More people with a phone than electricity (cnet.com)
5.4 billion people will own a cell, 5.3 billion will have
electricity, 3.5 billion with running water, 2.8 billion cars
on the road.
Mobile, by the Numbers...
3 Years: IoT vendor revenue could top $470 billion
for hardware, software, and solutions. - Bain
5 Years: Nearly $6 trillion will be spent on IoT
solutions. - BI Intelligence
10 Years: IoT market will grow from 15.4 billion
devices (2015) to 30.7 billion devices (2020), and
75.4 billion (2025). – IHS
15 Years: Investment is expected to top $60
trillion. - GE
The IoT Market by 2020 and beyond
We’ve Built a New
Generation of Inventors
Prototyping and Mainstreaming
Contextual Commerce
Removing Interaction Hurdles
Applications need to know
about you & what you want
How do we Secure Payments?
Securing Payments within
unsecure channels
Securing Channels: Asynchronous
& Synchronous Cryptography
Credit Card Tokenization
Credit Card Information
Address Information
Card Holder Name
...
7e29c5c48f44755598dec3549155
ad66f1af4671091353be4c4d7694
d71dc866
Apple / Android
pay tokenization
system
EMV payment
tokenisation
specification
Merchant register is
changed to hardware
transfer bridge
Network handles direct merchant
requests. Vault stores surrogate
to token lookup.
Secure ElementHost-based
Card Emulation
Context and Verification
What do we Need to Identify Someone?
33 bits of entropy to identify approximately
8 billion people uniquely.
What do we Need to Identify Someone?
ΔS = -log2 Pr(X=x)
ΔS: Reduction in entropy, measured in bits
Pr(X=x): Probability that the fact would be true
of a random person
Building up Bits of Entropy
Date of Birth
Birth Month: ΔS = -log2 Pr(MOB=December) = -log2 (1/12) = 3.58 bits
Birthday: ΔS = -log2 Pr(DOB=Dec 6th) = -log2 (1/365) = 8.51 bits
Location
ZIP code is 95123: ΔS = -log2 (65,276/7,503,205,943) = 16.81 bits
City is Santa Clara: ΔS = -log2 (122,192/7,503,205,943) = 15.90 bits
State is CA: ΔS = -log2 (39,140,000/7,503,205,943) = 7.58 bits
Browser Fingerprinting
https://panopticlick.eff.org/
Device Fingerprinting
//-------------
// Build Info: http://developer.android.com/reference/android/os/Build.html
//-------------
System.getProperty("os.version"); // OS version
android.os.Build.DEVICE // Device
android.os.Build.MODEL // Model
android.os.Build.VERSION.SDK_INT // SDK version of the framework
android.os.Build.SERIAL // Hardware serial number, if available
Retrieving Build Information for Android Device
Location Awareness
Purchase History
Ninety percent of individuals could be
uniquely identified using just four
pieces of information- telegraph.co.uk
Getting Paired Devices
The Future of Secure Payments
Thank you!
https://www.slideshare.net/jcleblanc
Jonathan LeBlanc
Twitter: @jcleblanc
Book: http://bit.ly/iddatasecurity