Digital Identity for Malaysia

 Jul.2019-Apr.2020: A solution to use iOS secure enclave and Android key store to generate a secure key pair and build trust based on this secure key pair.

Technical Stack:

• Kotlin, Swift, C
• Digital ID
• Fingerprint authentication
• CSR
• 2 ways SSL
• Root/Jailbreak detection, debugger detection

Experience:

• CSR(Certificate Signing Request) generation with secure key pair, sent CSR to EJBCA server and return certificate chain signed with user document ID hash. 
• 2 ways SSL authentication using secure key pair to generate ECDSA signature. 
• Using SQLCipher to create local storage, and using PBKDF2 to generate the key.
• Root/Jailbreak detection and debugger detection. JNI interface data obfuscation. 

Root of Trust

 Oct.2019-Dec.2019: A secure IoT solution by using SIM.

Technical Stack:

• Raspberry Pi
• mbedTLS
• ECDSA and ECDHE

Experience:

• Customized mbedTLS library, replaced most of the TLS cryptographic operations by using SIM card applet operations, including using SIM card to store client key pair and X509 certificate, calculate ECDSA signature and ECDHE session key. 

Secure Element based Provisioning SDK

A mobile digital Car Key SDK by using eSE on Huawei and Samsung handphones, used as Digital Card Keys to operate your car.

Technical Stack:

• Android Java Programming
• Junit, Mockito and PowerMockito
• Global Platform Card Specification
• Secure Channel Protocol (SCP02)
• Server Certificate Pining

Reference:

Magic Marker - A Memorising Tool

The Keyword Method is an effective system for remembering definitions, learning foreign language vocabulary, and more. The tool is to make your memorising more efficient.

[Magic Marker] is a simple memorising tool to mask the keywords in a text paragraph or word list. You can memorise the keywords first and slowly the whole paragraph.

- Support 4 different colours of marker pen: yellow, green, red, blue
- Support underline the key words (Bate)
- Show and hide any key word by single click
- Reverse the the mask to show key words only
- Remove all the masks by single click

iOS App Store Link: https://tinyurl.com/y9s63fbj
Android Play Store Link: https://tinyurl.com/y7rhcqdr

Technical Stack:

• Android Kotlin Programming
• iOS Swift Programming
• Native C++ programming
• OpenCV
• SQLite
• Core Data

Demo Video

Screenshots of launching screens

Gemalto Mobile Wallet

This is a demonstration App for the Gemalto Mobile Wallet solution. Users can add a credit card to their wallet and use it for payment. To do the payment, the user just needs to present the QR code to the merchant to scan.

Technical Stack:

• iOS Objective-C Programming
• OCMock
• OAuth v1.0 Authentication
• WhiteBox Crypto
• Secure Enclave ECIES encryption and decryption
• App Protection: Anti-tampering, Anti-debug, Anti-hooking, Jailbreak detection, App re-signing detection.

Experience:

• Designed the mechanism to prevent app re-signing on iOS by parsing MachO format.
• Enhanced the security of payment flow by using Secure Enclave as part of the payment key calculation. 

    

Mobile Transportation SDK for 福建出行助手

Designed a transportation iOS SDK by using QR code scanning for 福建出行助手.

App Store Link: 
https://tinyurl.com/y73n9bpt

Technical Stack:

• Ionic and AngularJS
• White-box cryptography (Protect the data between client and server)
• Anti-hooking (Personal Implementation)
• Integrated Alipay and Wechat payment by using Paymax SDK (拉卡拉).
• iOS Core Data with Encryption Layer
• Obfuscate the data stored in User Defaults and Key Chain
• QR Code Display and Scan
• Core Graphics
• MQTT notification
• URL Schemes

Screenshots: