ekyc

defense.ltx (7589B)

---

 \documentclass[
 	nenglish,
 	authorontitle=true,
 ]{bfhbeamer}
 
 
 \usepackage{iftex}
 \ifPDFTeX
 \usepackage[utf8]{inputenc}
 \fi
 
 % FIGURES
 \graphicspath{{figures/}}
 
 \let\code\texttt
 
 \title{KYCID}
 \subtitle{An operational oauth2 integration of eKYC}
 \author[M. Doy]{Yann Mickael DOY}
 \institute{Technik und Informatik}
 \titlegraphic*{\includegraphics{wallpaper}}
 
 %Activate the output of a frame number:
 \setbeamertemplate{page number in head/foot}[framenumber]
 
 \begin{document}
 
 \setbeamertemplate{title page}[BFH-fullgraphic]
 \maketitle
 
 \begin{frame}{Summary}
 	\tableofcontents[pausesections]
 \end{frame}
 
 \setbeamertemplate{section page}[BFH-ruled]
 \AtBeginSection{\sectionpage}
 
 % 5min max
 \section{Introduction}
 
 \usebackgroundtemplate{\includegraphics[width=\paperwidth]{kyc-exemple-aviation}}
 \setbeamercolor{frametitle}{fg=white}
 \begin{frame}
 	\setbeamercolor{frametitle}{fg=white}
 	\frametitle{Take a plan}
 \end{frame}
 
 \usebackgroundtemplate{\includegraphics[width=\paperwidth]{kyc-exemple-casino}}
 \begin{frame}
 	\frametitle{Play in casino}
 \end{frame}
 
 \usebackgroundtemplate{\includegraphics[width=\paperwidth]{kyc-exemple-alcohol}}
 
 \begin{frame}
 	\frametitle{Buy alcohol}
 \end{frame}
 
 \usebackgroundtemplate{}
 \setbeamercolor{frametitle}{fg=BFH-Gray}
 
 \begin{frame}{\textit{e}KYC}
 	\vfill\center
 	\huge \visible<2>{\textit{Electronic}} Know you customer
 	\vfill
 \end{frame}
 
 \begin{frame}{Application of eKYC}
 	\begin{itemize}[<+->]
 		\item \large Online casino\vfill
 		\item \large Online shop\vfill
 		\item \large Public wifi access point\vfill
 		\item \large Online bank / financial intermediary
 	\end{itemize}
 \end{frame}
 
 \begin{frame}{Authentication subject}
 	\begin{columns}
 		\begin{column}{0.5\textwidth}
 			\begin{center}
 				\huge Authority
 			\end{center}
 		\end{column}
 		\begin{column}{0.5\textwidth}
 			\pause
 			\begin{center}
 				\huge Owner
 			\end{center}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \begin{frame}{Authority authentication}
 	\begin{itemize}[<+->]
 		\setlength\itemsep{3em}
 		\item \large Passport
 		\item \large ID Card
 		\item \large Driving license
 		\item \large Telecom operator (indirect)
 	\end{itemize}
 \end{frame}
 
 \begin{frame}{Telecom owner authentication}
 	\begin{columns}
 		\begin{column}{0.265\textwidth}
 			\center
 			\includegraphics[width=\textwidth]{phone-ekyc-step-1}\pause
 		\end{column}
 		\begin{column}{0.367\textwidth}
 			\center
 			\includegraphics[width=\textwidth]{phone-ekyc-step-2}\pause
 		\end{column}
 		\begin{column}{0.367\textwidth}
 			\center
 			\includegraphics[width=\textwidth]{phone-ekyc-step-3}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \begin{frame}{ID Document check}
 	\begin{columns}
 		\begin{column}{0.5\textwidth}
 			\center
 			\includegraphics[height=0.85\textheight]{id-doc-ekyc-doc-front}\pause
 		\end{column}
 		\begin{column}{0.6\textwidth}
 			\center
 			\includegraphics[height=0.85\textheight]{id-doc-ekyc-doc-back}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \begin{frame}{Machine Readable Zone}
 	\center
 	\includegraphics[width=0.95\textwidth]{mrz}
 \end{frame}
 
 \begin{frame}{ID Document owner authentication}
 	\begin{columns}
 		\begin{column}{0.333\textwidth}
 			\center
 			\includegraphics[height=0.75\textheight]{id-doc-ekyc-face-left}\pause
 		\end{column}
 		\begin{column}{0.334\textwidth}
 			\center
 			\includegraphics[height=0.75\textheight]{id-doc-ekyc-face-front}\pause
 		\end{column}
 		\begin{column}{0.333\textwidth}
 			\center
 			\includegraphics[height=0.75\textheight]{id-doc-ekyc-face-right}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \section{Product}
 
 \begin{frame}{Idea}
 	\vfill
 	\begin{center}
 		\Huge Open-source eKYC-as-a-Service
 	\end{center}
 	\vfill
 \end{frame}
 
 \begin{frame}{Motivations}
 	\begin{itemize}[<+->]
 		\setlength\itemsep{3em}
 		\item \large Specialized service
 		\item \large eKYC is a market
 		\item \large No open-source solution
 		\item \large Use of standard \textit{OAuth2}
 	\end{itemize}
 \end{frame}
 
 \begin{frame}{OAuth2}
 	\begin{columns}
 		\begin{column}{0.5\textwidth}
 			\begin{itemize}
 				\setlength\itemsep{2em}
 				\item<1-> \large Authorization distributed
 				\item<3-> \large Normative
 				\item<4-> \large Widely deployed
 				\item<5-> \large Mature (security knowledge)
 				\item<6-> \large Framework \textit{OAuth2}
 			\end{itemize}
 		\end{column}
 		\begin{column}{0.5\textwidth}
 			\center
 			\visible<2->{\includegraphics[height=0.85\textheight]{oauth2-example}}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \begin{frame}{OAuth2 Authorization Code Flow}
 	\center
 	\includegraphics[width=0.95\textwidth]{oauth2-flow}
 \end{frame}
 
 \begin{frame}{OAuth2 Security}
 	\begin{columns}
 		\begin{column}{0.5\textwidth}
 			\begin{itemize}
 				\setlength\itemsep{2em}
 				\item<1-> \large Password security
 				\item<2-> \large Brute force protection (limitation)
 				\item<3-> \large Email verification
 				\item<4-> \large Cross-site request forgery
 				\item<5-> \large Open redirection
 			\end{itemize}
 		\end{column}
 		\begin{column}{0.5\textwidth}
 			\begin{itemize}
 				\setlength\itemsep{2em}
 				\item<6-> \large Input validation
 				\item<7-> \large Spam/bot prevention
 				\item<8-> \large Transaction bypass
 				\item<9-> \large Client authentication
 			\end{itemize}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \begin{frame}{Architecture}
 	\center
 	\includegraphics[width=0.85\textwidth]{system}
 \end{frame}
 
 \begin{frame}{Workflow security}
 	\begin{columns}
 		\begin{column}{0.5\textwidth}
 			\large{\textbf{Problems}}
 			\begin{itemize}
 				\setlength\itemsep{2em}
 				\item<1-> \large HTML Form
 				\item<2-> \large Cross-site request forgery
 				\item<3-> \large Contextual as input
 				\item<4-> \large Open redirection
 			\end{itemize}
 		\end{column}
 		\begin{column}{0.5\textwidth}
 			\large{\textbf{Solution}}
 			\begin{itemize}
 				\setlength\itemsep{2em}
 				\item<5-> \large Encrypt (AEAD)
 				\item<6-> \large Context input
 				\item<7-> \large Action as AD
 				\item<8-> \large Session as AD
 			\end{itemize}
 		\end{column}
 	\end{columns}
 \end{frame}
 
 \begin{frame}{Clean architecture (design)}
 	\center
 	\includegraphics[height=0.9\textheight]{software-layer}
 \end{frame}
 
 \begin{frame}{Testing driven developpment (TDD)}
 	\center
 	\includegraphics[height=.85\textheight]{tdd-cycle}
 \end{frame}	
 
 \begin{frame}{Testing diamond strategy}
 	\center
 	\includegraphics[height=0.85\textheight]{DiamondTesting}
 \end{frame}
 
 \begin{frame}{Writing test}
 	\begin{itemize}
 		\setlength\itemsep{3em}
 		\item<1-> \large Define \textit{system under test} (SUT)
 		\item<2-> \large Write an example (scenario)
 		\item<3-> \large \textit{Given}, \textit{when} and \textit{then} narative pattern
 		\item<4-> \large Don't mock what you don't own
 	\end{itemize}
 \end{frame}
 
 \section{Demo}
 
 \section{Conclusion}
 
 \begin{frame}{Project management I}
 	\center
 	\huge Don't underestimate the workload
 \end{frame}
 
 \begin{frame}{Project management II}
 	\center
 	\huge Task difficult to estimate = task poorly defined
 \end{frame}
 
 \begin{frame}{Project management III}
 	\center
 	\huge Skipped work will cost later
 \end{frame}
 
 \begin{frame}{Clean architecture and Acceptance test}
 	\center
 	\huge Use case is more important than domain
 \end{frame}
 
 \begin{frame}{Perspective}
 	\begin{itemize}
 		\setlength\itemsep{2em}
 		\item<1-> \large Validation by video stream
 		\item<2-> \large Validation process
 		\item<3-> \large IA for validation
 		\item<4-> \large UI \& UX
 		\item<5-> \large Audit
 	\end{itemize}
 \end{frame}
 
 \begin{frame}
 	\center
 	\Huge Thanks you!
 \end{frame}
 
 
 \begin{frame}
 	\center
 	\Huge Questions?
 \end{frame}
 \end{document}