SlideShare ist ein Scribd-Unternehmen logo

Protecting the Future of Mobile Payments

Jonathan LeBlanc
Jonathan LeBlanc

We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Protecting the Future of Mobile Payments! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!
Trust Zones & Account Security!
Building Shortcuts!
Browser Fingerprinting! https://panopticlick.eff.org/!
Using Location Data!
Phone Identification?!
Device Fingerprinting!
//-------------! //Build Info: http://developer.android.com/reference/android/os/Build.html! //-------------! ! System.getProperty("os.version"); //os version! android.os.Build.DEVICE //device! android.os.Build.MODEL //model! android.os.Build.VERSION.SDK_INT //sdk version of the framework! android.os.Build.SERIAL //hardware serial number, if available! Retrieving Build Information for Android Device !
Getting Paired Devices?!
//fetch all bonded bluetooth devices! Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices();! ! //if devices found, fetch name and MAC address for each! if (pairedDevices.size() > 0){! for (BluetoothDevice device : pairedDevices){! //Device Name - device.getName()! //Device MAC address - device.getAddress()! }! }! Get all Bluetooth Paired Devices: Android!
Hardware Prototyping!
Asynchronous Cryptography: Securing an Insecure Channel!
Multi-User Environment!
//create private key in private.key! openssl genrsa -out private.key 2048! ! //create public key in public.pem! openssl rsa -in private.key -outform PEM -pubout -out public.pem! Generating Public / Private Keys!
var fs = require('fs');! var path = require('path');! var ursa = require('ursa');! var mkdirp = require('mkdirp');! ! //make direction and generate private / public keys for sender / receiver! var rootpath = './keys';! makekeys(rootpath, 'sender');! makekeys(rootpath, 'receiver');! Package Instantiation and Directory Creation!
function makekeys(rootpath, subpath){! try {! mkdirp.sync(path.join(rootpath, subpath));! } catch (err) {! console.error(err);! }! ! var key = ursa.generatePrivateKey(); ! var privatepem = key.toPrivatePem();! var publicpem = key.toPublicPem()! ! try {! fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii');! fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii');! } catch (err) {! console.error(err);! }! }! Key and Directory Creation!
//generate required keys! var senderprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'sender', 'private.pem')));! var recipientpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));! ! //prepare JSON message to send! var msg = { 'user':'Nikola Tesla',! 'address':'W 40th St, New York, NY 10018',! 'state':'active' };! ! msg = JSON.stringify(msg);! ! //encrypt with recipient public key, and sign with sender private key! var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64');! var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64');! Preparing Message, Encrypting, and Signing!
//generate required keys! var senderpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'sender', 'public.pem')));! var recipientprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem')));! ! //verify message with sender private key! bufferedmsg = new Buffer(encrypted);! if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){! throw new Error("invalid signature");! } else {! //decrypt message with recipient private key! var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8');! ! //--------! //message verified and decrypted ! //--------! }! ! Decrypting, and Verifying Message!
Card Tokenization!
Credit Card Tokenization! Credit Card Information! Address Information! Card Holder Name! ...! 7e29c5c48f44755598dec3549155 ad66f1af4671091353be4c4d7694 d71dc866  
Mobile Payments Landscape!
Thank You!! ! Slides: http://slideshare.net/jcleblanc! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!

Empfohlen

Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityJonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data SecurityJonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境Yuriko IKEDA
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby RobotsDaniel Cukier
 
Laporan setting dns
Laporan setting dnsLaporan setting dns
Laporan setting dnsSeptian Adi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 

Empfohlen

Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityJonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data SecurityJonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境Yuriko IKEDA
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby RobotsDaniel Cukier
 
Laporan setting dns
Laporan setting dnsLaporan setting dns
Laporan setting dnsSeptian Adi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkSarah Sexton
 
Word Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TraceryWord Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TracerySarah Sexton
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Redis
RedisRedis
RedisPuneet Kumar
 
DEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allDEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allFelipe Prado
 
NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6Thomas Haessle
 
MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!Stennie Steneker
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 
Rails by example
Rails by exampleRails by example
Rails by exampleAngelo van der Sijpt
 
Java & Script ─ 清羽
Java & Script ─ 清羽Java & Script ─ 清羽
Java & Script ─ 清羽taobao.com
 
Cpsh sh
Cpsh shCpsh sh
Cpsh shBen Pope
 
One Size Fits All
One Size Fits AllOne Size Fits All
One Size Fits AllClaudio Meinberg
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Angelo van der Sijpt
 
DevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenDevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenYozo SATO
 
Forbes MongoNYC 2011
Forbes MongoNYC 2011Forbes MongoNYC 2011
Forbes MongoNYC 2011djdunlop
 
Device deployment
Device deploymentDevice deployment
Device deploymentAngelo van der Sijpt
 
Pecha Kucha
Pecha KuchaPecha Kucha
Pecha KuchaJose Diaz-Gonzalez
 
Human Talks Riot.js
Human Talks Riot.jsHuman Talks Riot.js
Human Talks Riot.jsstreamdata.io
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchJonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensJonathan LeBlanc
 

Weitere ähnliche Inhalte

Was ist angesagt?

Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkSarah Sexton
 
Word Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TraceryWord Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TracerySarah Sexton
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
DEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allDEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allFelipe Prado
 
NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6Thomas Haessle
 
MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!Stennie Steneker
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 
Java & Script ─ 清羽
Java & Script ─ 清羽Java & Script ─ 清羽
Java & Script ─ 清羽taobao.com
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Angelo van der Sijpt
 
DevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenDevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenYozo SATO
 
Forbes MongoNYC 2011
Forbes MongoNYC 2011Forbes MongoNYC 2011
Forbes MongoNYC 2011djdunlop
 

Was ist angesagt? (20)

Getting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot FrameworkGetting Started with Microsoft Bot Framework
Getting Started with Microsoft Bot Framework
 
Word Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with TraceryWord Play in the Digital Age: Building Text Bots with Tracery
Word Play in the Digital Age: Building Text Bots with Tracery
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Redis
RedisRedis
Redis
 
DEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them allDEF CON 23 - Phil Polstra - one device to pwn them all
DEF CON 23 - Phil Polstra - one device to pwn them all
 
NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6NodeJS The edge of Reason - Lille fp#6
NodeJS The edge of Reason - Lille fp#6
 
MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!MongoDB shell games: Here be dragons .. and JavaScript!
MongoDB shell games: Here be dragons .. and JavaScript!
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AES
 
Rails by example
Rails by exampleRails by example
Rails by example
 
Java & Script ─ 清羽
Java & Script ─ 清羽Java & Script ─ 清羽
Java & Script ─ 清羽
 
Cpsh sh
Cpsh shCpsh sh
Cpsh sh
 
One Size Fits All
One Size Fits AllOne Size Fits All
One Size Fits All
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011
 
DevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screenDevLOVE ターミナル勉強会 zsh + screen
DevLOVE ターミナル勉強会 zsh + screen
 
Forbes MongoNYC 2011
Forbes MongoNYC 2011Forbes MongoNYC 2011
Forbes MongoNYC 2011
 
Device deployment
Device deploymentDevice deployment
Device deployment
 
Pecha Kucha
Pecha KuchaPecha Kucha
Pecha Kucha
 
Human Talks Riot.js
Human Talks Riot.jsHuman Talks Riot.js
Human Talks Riot.js
 

Andere mochten auch

Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchJonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensJonathan LeBlanc
 
High Performance API Mashups with Node.js and ql.io
High Performance API Mashups with Node.js and ql.ioHigh Performance API Mashups with Node.js and ql.io
High Performance API Mashups with Node.js and ql.ioJonathan LeBlanc
 
2012 4D Summit: Payments Made Easy
2012 4D Summit: Payments Made Easy2012 4D Summit: Payments Made Easy
2012 4D Summit: Payments Made EasyJonathan LeBlanc
 
Payments Made Easy Infographic
Payments Made Easy InfographicPayments Made Easy Infographic
Payments Made Easy InfographicCareCap
 
medicalbulkbuy India Pvt. Ltd. | SlideShare
medicalbulkbuy India Pvt. Ltd. | SlideShare medicalbulkbuy India Pvt. Ltd. | SlideShare
medicalbulkbuy India Pvt. Ltd. | SlideSharePriyanka Reddypogu
 
Papa Francisco: Decálogo para ser feliz
Papa Francisco: Decálogo para ser felizPapa Francisco: Decálogo para ser feliz
Papa Francisco: Decálogo para ser felizRamón Rivas
 
宇宙科学入門
宇宙科学入門宇宙科学入門
宇宙科学入門noinoi79528
 
惑星物理学 2015
惑星物理学 2015惑星物理学 2015
惑星物理学 2015noinoi79528
 
Current and Future Fashion Trend Analysis
Current and Future Fashion Trend Analysis Current and Future Fashion Trend Analysis
Current and Future Fashion Trend Analysis Shihab Muhib
 
10 industries that will be disrupted by Virtual / Augmented Reality
10 industries that will be disrupted by Virtual / Augmented Reality10 industries that will be disrupted by Virtual / Augmented Reality
10 industries that will be disrupted by Virtual / Augmented RealityProteams
 
Creating Real-Time Data Mashups with Node.JS and Adobe CQ
Creating Real-Time Data Mashups with Node.JS and Adobe CQCreating Real-Time Data Mashups with Node.JS and Adobe CQ
Creating Real-Time Data Mashups with Node.JS and Adobe CQiCiDIGITAL
 
Factors Affecting Tennis Racquet Selection
Factors Affecting Tennis Racquet SelectionFactors Affecting Tennis Racquet Selection
Factors Affecting Tennis Racquet SelectionThe Tennis Ball Courts
 
RFID Application
RFID ApplicationRFID Application
RFID Application14208490
 

Andere mochten auch (17)

Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
 
High Performance API Mashups with Node.js and ql.io
High Performance API Mashups with Node.js and ql.ioHigh Performance API Mashups with Node.js and ql.io
High Performance API Mashups with Node.js and ql.io
 
2012 4D Summit: Payments Made Easy
2012 4D Summit: Payments Made Easy2012 4D Summit: Payments Made Easy
2012 4D Summit: Payments Made Easy
 
Payments Made Easy Infographic
Payments Made Easy InfographicPayments Made Easy Infographic
Payments Made Easy Infographic
 
Kwasan150926
Kwasan150926Kwasan150926
Kwasan150926
 
Coffee
CoffeeCoffee
Coffee
 
medicalbulkbuy India Pvt. Ltd. | SlideShare
medicalbulkbuy India Pvt. Ltd. | SlideShare medicalbulkbuy India Pvt. Ltd. | SlideShare
medicalbulkbuy India Pvt. Ltd. | SlideShare
 
Papa Francisco: Decálogo para ser feliz
Papa Francisco: Decálogo para ser felizPapa Francisco: Decálogo para ser feliz
Papa Francisco: Decálogo para ser feliz
 
к и ш
к и шк и ш
к и ш
 
宇宙科学入門
宇宙科学入門宇宙科学入門
宇宙科学入門
 
惑星物理学 2015
惑星物理学 2015惑星物理学 2015
惑星物理学 2015
 
Current and Future Fashion Trend Analysis
Current and Future Fashion Trend Analysis Current and Future Fashion Trend Analysis
Current and Future Fashion Trend Analysis
 
10 industries that will be disrupted by Virtual / Augmented Reality
10 industries that will be disrupted by Virtual / Augmented Reality10 industries that will be disrupted by Virtual / Augmented Reality
10 industries that will be disrupted by Virtual / Augmented Reality
 
Creating Real-Time Data Mashups with Node.JS and Adobe CQ
Creating Real-Time Data Mashups with Node.JS and Adobe CQCreating Real-Time Data Mashups with Node.JS and Adobe CQ
Creating Real-Time Data Mashups with Node.JS and Adobe CQ
 
Factors Affecting Tennis Racquet Selection
Factors Affecting Tennis Racquet SelectionFactors Affecting Tennis Racquet Selection
Factors Affecting Tennis Racquet Selection
 
RFID Application
RFID ApplicationRFID Application
RFID Application
 

Ähnlich wie Protecting the Future of Mobile Payments

Bullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-FrameworkBullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-FrameworkVance Lucas
 
Moving to modules
Moving to modulesMoving to modules
Moving to modulesSean Mize
 
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W... Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...Robert Nyman
 
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...Atlassian
 
Getting Started With Play Framework
Getting Started With Play FrameworkGetting Started With Play Framework
Getting Started With Play FrameworkTreasury user10
 
Mozilla Web Apps - Super-VanJS
Mozilla Web Apps - Super-VanJSMozilla Web Apps - Super-VanJS
Mozilla Web Apps - Super-VanJSRobert Nyman
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE
 
Twas the night before Malware...
Twas the night before Malware...Twas the night before Malware...
Twas the night before Malware...DoktorMandrake
 
A.I. Exercise.
A.I. Exercise.A.I. Exercise.
A.I. Exercise.Mario Cho
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeAngel Borroy López
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidVlatko Kosturjak
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesjerryorr
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.Josh Hillier
 
Firefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobileFirefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobileRobert Nyman
 
How Kris Writes Symfony Apps
How Kris Writes Symfony AppsHow Kris Writes Symfony Apps
How Kris Writes Symfony AppsKris Wallsmith
 

Ähnlich wie Protecting the Future of Mobile Payments (20)

Transforming WebSockets
Transforming WebSocketsTransforming WebSockets
Transforming WebSockets
 
Es.next
Es.nextEs.next
Es.next
 
State of Web APIs 2017
State of Web APIs 2017State of Web APIs 2017
State of Web APIs 2017
 
Bullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-FrameworkBullet: The Functional PHP Micro-Framework
Bullet: The Functional PHP Micro-Framework
 
Moving to modules
Moving to modulesMoving to modules
Moving to modules
 
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W... Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
Bringing the open web and APIs to mobile devices with Firefox OS - Whisky W...
 
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
Taking the Friction Out of Ticket Investigation (Standardized Debugging Envir...
 
Getting Started With Play Framework
Getting Started With Play FrameworkGetting Started With Play Framework
Getting Started With Play Framework
 
Mozilla Web Apps - Super-VanJS
Mozilla Web Apps - Super-VanJSMozilla Web Apps - Super-VanJS
Mozilla Web Apps - Super-VanJS
 
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇACODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
CODE BLUE 2014 : BadXNU、イケてないリンゴ! by ペドロ・ベラサ PEDRO VILAÇA
 
Html 5 boot camp
Html 5 boot campHtml 5 boot camp
Html 5 boot camp
 
Node.js
Node.jsNode.js
Node.js
 
Twas the night before Malware...
Twas the night before Malware...Twas the night before Malware...
Twas the night before Malware...
 
A.I. Exercise.
A.I. Exercise.A.I. Exercise.
A.I. Exercise.
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
 
Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to Android
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.
 
Firefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobileFirefox OS learnings & visions, WebAPIs - budapest.mobile
Firefox OS learnings & visions, WebAPIs - budapest.mobile
 
How Kris Writes Symfony Apps
How Kris Writes Symfony AppsHow Kris Writes Symfony Apps
How Kris Writes Symfony Apps
 

Mehr von Jonathan LeBlanc

JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessJonathan LeBlanc
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer WorkshopJonathan LeBlanc
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security PracticesJonathan LeBlanc
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI ElementsJonathan LeBlanc
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingJonathan LeBlanc
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyJonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityJonathan LeBlanc
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsJonathan LeBlanc
 
Identity in the Future of Embeddables & Wearables
Identity in the Future of Embeddables & WearablesIdentity in the Future of Embeddables & Wearables
Identity in the Future of Embeddables & WearablesJonathan LeBlanc
 
Internet Security and Trends
Internet Security and TrendsInternet Security and Trends
Internet Security and TrendsJonathan LeBlanc
 
Mobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesMobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesJonathan LeBlanc
 

Mehr von Jonathan LeBlanc (20)

JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
 
Box Platform Overview
Box Platform OverviewBox Platform Overview
Box Platform Overview
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
 
Kill All Passwords
Kill All PasswordsKill All Passwords
Kill All Passwords
 
BattleHack Los Angeles
BattleHack Los Angeles BattleHack Los Angeles
BattleHack Los Angeles
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with Beacons
 
Identity in the Future of Embeddables & Wearables
Identity in the Future of Embeddables & WearablesIdentity in the Future of Embeddables & Wearables
Identity in the Future of Embeddables & Wearables
 
Internet Security and Trends
Internet Security and TrendsInternet Security and Trends
Internet Security and Trends
 
Rebuilding Commerce
Rebuilding CommerceRebuilding Commerce
Rebuilding Commerce
 
Mobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesMobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & Wearables
 

Kürzlich hochgeladen

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Kürzlich hochgeladen (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Protecting the Future of Mobile Payments

  • 1. Protecting the Future of Mobile Payments! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!
  • 2. Trust Zones & Account Security!
  • 5.
  • 9. //-------------! //Build Info: http://developer.android.com/reference/android/os/Build.html! //-------------! ! System.getProperty("os.version"); //os version! android.os.Build.DEVICE //device! android.os.Build.MODEL //model! android.os.Build.VERSION.SDK_INT //sdk version of the framework! android.os.Build.SERIAL //hardware serial number, if available! Retrieving Build Information for Android Device !
  • 11. //fetch all bonded bluetooth devices! Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices();! ! //if devices found, fetch name and MAC address for each! if (pairedDevices.size() > 0){! for (BluetoothDevice device : pairedDevices){! //Device Name - device.getName()! //Device MAC address - device.getAddress()! }! }! Get all Bluetooth Paired Devices: Android!
  • 13.
  • 15.
  • 17. //create private key in private.key! openssl genrsa -out private.key 2048! ! //create public key in public.pem! openssl rsa -in private.key -outform PEM -pubout -out public.pem! Generating Public / Private Keys!
  • 18. var fs = require('fs');! var path = require('path');! var ursa = require('ursa');! var mkdirp = require('mkdirp');! ! //make direction and generate private / public keys for sender / receiver! var rootpath = './keys';! makekeys(rootpath, 'sender');! makekeys(rootpath, 'receiver');! Package Instantiation and Directory Creation!
  • 19. function makekeys(rootpath, subpath){! try {! mkdirp.sync(path.join(rootpath, subpath));! } catch (err) {! console.error(err);! }! ! var key = ursa.generatePrivateKey(); ! var privatepem = key.toPrivatePem();! var publicpem = key.toPublicPem()! ! try {! fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii');! fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii');! } catch (err) {! console.error(err);! }! }! Key and Directory Creation!
  • 20. //generate required keys! var senderprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'sender', 'private.pem')));! var recipientpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));! ! //prepare JSON message to send! var msg = { 'user':'Nikola Tesla',! 'address':'W 40th St, New York, NY 10018',! 'state':'active' };! ! msg = JSON.stringify(msg);! ! //encrypt with recipient public key, and sign with sender private key! var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64');! var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64');! Preparing Message, Encrypting, and Signing!
  • 21. //generate required keys! var senderpubkey = ursa.createPublicKey(! fs.readFileSync(path.join(rootpath, 'sender', 'public.pem')));! var recipientprivkey = ursa.createPrivateKey(! fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem')));! ! //verify message with sender private key! bufferedmsg = new Buffer(encrypted);! if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){! throw new Error("invalid signature");! } else {! //decrypt message with recipient private key! var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8');! ! //--------! //message verified and decrypted ! //--------! }! ! Decrypting, and Verifying Message!
  • 23. Credit Card Tokenization! Credit Card Information! Address Information! Card Holder Name! ...! 7e29c5c48f44755598dec3549155 ad66f1af4671091353be4c4d7694 d71dc866  
  • 25. Thank You!! ! Slides: http://slideshare.net/jcleblanc! Jonathan LeBlanc ! Twitter: @jcleblanc ! Book: http://bit.ly/iddatasecurity!