 I think this is the third lecture that we're hosting as part of... UpTV is a new brand that we've launched as part of the function series that has been... the idea is to bring together developers and ecosystem players for payments to actually come together and understand how they need their system to work. So the first two lectures that we've had with the... I can mention again, for each other, and then the other one with the... I think we're also seeing that the payment system, the way it functions, is a pretty... yeah, this is a model that's been... I like really looking up what's really our distance and what comes where and how things really start and what's really end and what each player is responsible for. I think also the payment system in that sense doesn't put regulations and policies in changing all the time. So part of the function is really depending on the spread of it and how this system really works, what are the new changes, how regulatory payments even affect the way it needs to be developed, and what are the emerging areas which we're excited to come to in these 12 periods. So as part of the function series, we're hosting a multiple game and talks. So also first we have a sense of how we read the content from the conference. The conference is on 7th, 8th of December and we've just been hosting a multiple game events for the conference. We're really glad to have much love in here. As far as... so we've had to say that we have found a party where on the education systems and I think the party arrived to be excited to talk about the mitigation of payments. But also the issues around the approach is quite critical to the whole business. So I want to take up a little bit of time and really thank you all for coming here. Thanks a lot. So this is what I was planning on covering. You may see what's happening is as I sat down and looked at the whole spectrum of payments and payments, we know authentication may be required. And you guys are really in a free space as we are. We'll be coming in an hour's time. So what I'm going to focus on is payments in the situation of current and present. You guys understand what current and present scenarios are? No. You have to define that? I can't define it. I understand what you're saying. Okay. So anyone else? So basically card present is with the person and the card is in the present. It's the ATM situation. Or you're in a store, you're using those false terminals in your card in the present. Or in a store like a square where some device comes to you. That's card present. The authentication name is completely different and it's card reverb. The card itself has specific protocol which can communicate with the rest of the device in a certain way. But the payments currently, what they are doing at human balance, they are the most... Syllables are card marketing. When you are paying online, you don't need to have card. You just have to remember the CVV numbers. And the authentication for positive people is really huge in Karnataka. And it's a coaxing stock on Karnataka's and Syllables. Is that fair? So the payments anything else? If you think about any other situation, it will be these two. And it's basically about online payments and Syllables. And including some of the whole audience. And then I go a little bit into what is currently similar. Which is the other solution for a lot of the payment network. And I think all of them are connected. These are master... So why is authentication needed? Basic question. That's very obvious. Yeah, so in the Karnataka present Syllables, everything can come from them. Since you don't own, most of the frauds are more in Karnataka. Hence, other people need to have very high in Karnataka. Syllables. Well, I can go into these details of various frauds. How do you understand what I'm talking about? You want to go into the solution? The solution is the most popular fraud right now. People call you and say, the fraud is an update. What is the solution? Fold. In other words, value of the... Okay, let me... Let me draw a... Value of the... See, somebody is sitting in your DNS server using two conversations. As you type your... You can keep your friends. Yeah, it's okay. Should we just communicate with people in your pocket? No, this is easy. So, value of the money is something that happens either in your web server, but it could be a malware company in your browser. It's called value of the money. It might be research to everything that you are doing. I've been putting it out once you pass it out. Then it cuts off the session and poses as you come in front of you in the server. That's the... It could happen at the realness and what they call realness, voiceless. Basically, re-looks your request from the destinations that are going on. Some of that stuff. Force to enter your VPN other information in some hardware. The large world value of the money. Any experiences, any... Do you speak... Can I open the example for that? Kate did what for? In the example for the... So, you know, the company called Matt Kate, for some reason. Right, he's been in the server's company for some time. You go serious in the server? Yeah, so, one thing... Someone is running through the web browser. And that's the end of the talk. So, basically, just research everything you're doing until the other is the most sophisticated attack where the poison is in the server to re-look the website. So, you're saying, as you say, I'm back in the car. And the poison is in the server. And it's a target area. There it is, re-look the browser. Delicious website. In this case, if we have any firewall, we'll be able to... Firewall and other... Game user point. Yeah, so, yeah. How much is the firewall? Stop, gain is... The gain is... Maybe it's already in the organization, but it might be the sole reason. Yeah, it might be some other ISP, right? I mean, it might be some other ISP outside. So, that's a good clue. Yeah, yeah. It's a targeted attack, right? What is the... What is the... Firewall has got... No great point. Yeah. That's a good point. It cannot be decoded as such. Yeah, okay, sir. Firewall, please. So, basically, so, Firewall is... Maybe at the edge of your... But when you do the NS7, if you already have NS7 in the... But it will not have answers to all of the DNS queries. It has to go and contact some other DNS server. Assuming there is no DNS server, there is... I won't go into details of that, but... So, if you go and contact that server, that server has to compromise, right? The answers that you will get that are different. So, you might think that you're going to buy a CAC event, but you are not. Firewall doesn't know all of it. Doesn't know all of it. So, it's completely unaware. Because it's completely unaware. Yeah, so Firewall only blocks certain kind of things. And it makes sure that the rules that you have written for the Firewall are kind of outside of Firewall, inside of Firewall, what happens if you want to... That's the... T-Logers, you guys know, right? I mean, why the SMS OTP may not be clean, safe, or even static passwords may be captured. Please, this T-Logers can't be listening to what you would like, but Firewall, you are going to have something. I have a question. I think it's somewhere between T-Logers and Man in the middle of the dance. Now, a lot of these new apps, especially on mobile, when you're trying to enter your card, trying to pay with card, it says, it assists you in entering the OTP, or it will offer to remember the 3D security, like the third factor, the second factor. So, I mean, how are you assured that it won't be compromised, right? How does that work? There's no assurance. That is your whole point of... Because how are these permitted to even operate in that case? If you need a second factor, and then they say, okay, we will let you do it, how are these even allowed to work? It's not there. You see, T-Logers are best, but in the middle of the... They also offer this thing, right? So, that... You know, people trying new apps, but they are somewhere else. Like, travel apps, etc. Yeah, they offer tools, yeah. No, they don't offer to give them a CDV. Not a CDV. After that, the... The CDV password. So, I don't have a go-up. One is that what I have seen, maybe the others also. One is that you get an SMS, and sometimes you do an app, the ability to read the SMS. That's a very bad security practice, but it is very much. So, you can't do much. So, the second thing is, you can enter your IP password, or internet password, and what he's saying is that they can remember... So, if you select card in the payment, you enter your CDV, the next step is, I want to receive an OTB, or I want to enter my verified IP password. Now, it often should remember that as well. That's wrong. It can opt out. The point is, if it is there, if it can opt out, it means it's already there. It's a part of the app. It's a part of the app, actually. So, it's actually illegal, because if you look at VCI standards, which most of the financial acts, financial transactions are supposed to be ordered, you see, it's like clearly saying, you can store any of this. Yeah. For more than 15 minutes, I'll tell you what it is. So, this particular problem is an impoverished issue with that app. They're actually... I don't... They think it's a password. Yeah. You know, Chrome does it sometimes. Yeah, Chrome does it. I mean, I don't think it's important. It doesn't help them, because your OTB will expand into... It's not OTB. It's not OTB. If you use Bola and then you go to card payment, there's this thing called Just Pay. It offers to save your verified IP password. No, actually, Just Pay and then it's just a three-year process and entering it. What's the best way to do it? I'm sorry, I lost it. Yeah. So, what most of these apps have, what I have seen in my limited knowledge of human access, they have a value program. Yeah. So, it's actually... Yeah, and then you can deal with that. Yeah. Yeah, you can deal with that. Yeah, you can deal with that. You can do that. So, it is... It's an implementation problem, but if you have given those commissions and the OS is not kind of enforcing them, yeah, it's a loophole. Yeah, so, I think this is where the... So, technically, it's easy work, but legally it shouldn't be allowed. I mean, which legal legal is what I am saying. Yeah, so, it is illegal, but you know, again, the kind like... Today, they are actually very difficult. They don't say, you know, it is mandatory. It is suggested. It's written as a title. And there are minimum set of requirements for any of these security audits. So, if you pass that, you are a valid app. But that is not the distinction between a PCI certified app versus any other app. Right? So, I think all apps are safe. And probably, as a consumer, even behind your back, you have to be more PCI certified in this. Something that you are noticing, like, you should ideally fly it. But you don't know that, you are not consumerized. That is where some of these issues come from. And also, it's always about user convenience versus security. I'll talk about trade-off with later. And businesses tend to be close to trade-off because, you know, unless there is a severe loss that I would suggest, they are not too much worried about the loss that you may have. And there are some big entities around that, too. And there are the students who have been in the Indian country about how these providers work out. So, at times, the reason I put all this in my face, you know, depending on which one you want to stop, you don't have different levels of unemployment. If it is just user-negative children serving in, like, passwords and all that, you know, it's two sides of education, which is, you don't need more SMS. But if you have to stop wishing user-awareness is a secret and not a secret, you know, you just got an SMS and you know, every day you do that. Interestingly, what you have to do is it's not mandated. It's written as a guide time, right? And they say, RPA guidelines say you're encouraged to implement them. And that's how actually they're being reclaimed. Now, it is it is it's not so if the merchant is, so the thing is, the reason maybe Justine has that is that if something bad happens, Justine won't take the liability for them. But now what has happened is the merchant who is going to get the payment says if there's a child back, I will take the liability for that. So it's more of a business-court issue rather than a national issue. But I think legally it's a gray area. It's a gray area, legally it's a gray area, but many people have it, but they're very busy in that. So I know for a fact, it's a business standard. But it is still a very hard to deal with. It's not a final solution. So I have a question about that. So basically when you buy stuff from foreign websites, say Aliexpress, there's no two factor of the kind of thing. Now what stops an Indian business from probably having their offices in a foreign country while selling goods in India? They wouldn't need that. How do you say if your management is in India, they're in your Indian business. Okay, but I heard like Frikar or somebody has their offices in Singapore or something. Yeah, so all of them do, but they have to be concerned in India because management is based on India. So all these rules are that you can just keep an eye on anywhere, but if you are Indian operating with an Indian customer, then you have to use Indian government in their rules. So it doesn't matter where the company is registered. The company can complain. This is what happened to Uber, right? Uber actually had billing outside in India. They were billing from the Netherlands. And all are complained and RBI is stuck around. So if you are monopoly, you can it's valid. Or if you're too small for any of your company just to care. Is there for something from Apple, iTunes, website of union? Even Siri is not in some areas. Because some of the banks the burden of we personally charge banks. All these charge banks are also compensating the end user. So how do you think the charge of a bank is very hard? It's trying to smooth them because it's very possible. So I guess it's a great opportunity between business convenience and these are the various I put all these things here because the level of attacks that you want to start is directly proposed to the network. So there are more options that you can do. The type of factor you think can be locked under the bank. So one is typical 40% but there are things like Google which is the time which is constantly changing. And then there are PTA which are compared to a lot of other things in high-end attacks like this. But you can lock down the FMI key not the MMI key. So I will go through some of these things and then we can discuss which one is suitable for which kind of situation. Any combination of these ownership is something that you have before it would be open even the network knowledge is something that you remember in the sub-sign password or you know your mother's name and then the inference inference is where not a current technology development is happening where they look at history of you for the past 7-8 months and say this person behaves in a certain way and suddenly he's buying something else and they increase the risk for say 9 p.m. or 9 p.m. not where you are actually are asked for additional attention for doing something. Infants also could be buying material if you are using this person more like you that's you. So these are the three different products and you are actual mechanisms that people use in the tokens and smart cards where the phone ownership is established there is also audio frequency where something is not even because it turns out on the website the whole app can hear it we now are going to be transverse communication same with message already select the message message of C++ on the phone and it's on the website so things like the way the ownership of a laptop and the phone is established so these are the things the pictures, smart cards, aspender a little bit of time to delete some of the key high tech solutions for a lot of the problems but also there are issues in terms of user going out because you don't have to distribute this kind of the key there before hand there are some business solutions password is very large password info probably everyone is using it that's usually the first time if people are using ownership as the same why would they be less can you give an example of a website which uses audio frequency for an individual patient and you can just try it out it's a company but already you know THY so they are the ones who are the individuals I don't think they have that but if you go to RQT you can download and have match the frequency same as QR course GOMO GOMO is GOMO they use audio frequency for, yeah yeah, it's an ultra test but where the the audio frequency so the cache is just what is called the cache they use audio frequency it's a similar idea it's a slightly different application you can try it out RAPTI is the guy who provides that mechanism so RAPTI is basically a rule based so what happens which ICS actually uses so you log in and they say you OTP and sometimes they ask you to download a smart card, I don't know what they have done is they have classified their users into a disk for high network they have enforced smart cards so a lot of other normal things become SMS or not to be so what happens let's say you try to download a smart card which is considered a high-risk one Thailand also and China when you do a transaction there is an engine sitting in the along the dangling system which is trying to analyze that and there is a lot of parameter which scores the transaction from all the hardware but if it goes above 60 they will say add an additional or add an additional transaction so it's like a combination of or maybe it's a combination of or a disk engine plus maybe add actually an opportunity yeah, it's a combination of disk engine disk goals, sometimes it's other like it looks at transaction over the last two years and so if there is a transaction it doesn't fall into any of those things it's not very important I thought that it was a different technique but it seems like it's a combination of yeah, it's a combination of disk engine and the factor factor factor factor now I got used to what kind of a company which you and I could be I used to work with I think it was a country they advised that you call them and get them yeah, right otherwise the hardware is trapped and if you are in some other country it blocks the path yeah and that's actually the part of the problem right, where does look at another indication stop you are a legitimate reason, that is why RRP works should be able to intelligent predict the user if you are a business founder and you are with a RRP it should not happen to you every time you do RRP you'll be able to predict that this person is a part of the problem what's the problem is that most of the time it is the part of the system we know that I found that the card was declined and I didn't know what the reason until I got this luckily from even in young powers so this is the trial a little bit this is 100% as I said this whole network is gone in M4 it actually goes through various a different network I assume it is a payment switch most of the time is connected to the radio networks that's actually a very dedicated network it's not even connected so it should be easier for them to connect because ultimately everything comes together we notice analysis in the system with adaptive authentication layers just above the network to 4 band 4 band even then writing becomes there medium payment finally goes back to the 4 band massive network this is the reason why the cards so other we have cards we did not have that's the that's the reason why it has come into something like this so what used to happen is the card used to contain your fingers it's migratory so when you enter into many of the game slots in M4 that means it had all the information about it it's easy to connect so basically freeing any of slot set up you know all these kind of things if you look at the serial card you can actually get the computer vision because they work fraudulent computer machines which is to confidence so they come and show it to you so I'll talk about EMB how it's kind of manage all this right what they said is how do we reactivate the identity stream on our cards so now they have come up with what is culture for the game there's a circuit slot it's not a migratory so you can't talk much it's a system of it yeah it's not like a complete OS or anything it still stores limited information it's not a microcontroller microcontroller and the R&D comes to ISO DP5, KDP, payment switches in the back so communication is directly hampered on the card it's so valuable the additional then you end up to prove the ownership but you know since you own the card and you've known it it's like I'm not focusing on this because worldwide this is a lesser efficient microcontroller although there is enough for people who will compare to you from first era when they introduced the chicken it is a a study which these cards went up they all shake this thing democracy so this is where the EMV covid it's a body of this master card and the payment performance company to manage authentication for all of the people friends actually there are those who come up with standards saying these are the realist mechanisms that they should use so first they came up with something called the cap-dp P which is right out in Europe right now they require a download of the specific keys into your application but they massively failed because a lot of people would not download this it's not easy so then 3D-sec is a what commercial version of 3D-sec is what is called well-informed 3D-sec 3D-sec is the total card and it's also known as security in the mix now on networks everyone can use 3D-sec in protocol so what 3D-sec can be used is based on domain this issuer is a merchant man and the user so it basically collected our fee made the verification half of that cost but it also has a bit factor for adaptive authentication bit interest so it's said if the domains are basically domains you can ask for each time the static password but sometimes it forces you to do if you look at some of the things although in general sometimes some of the transactions force you to enter 3D-sec that is 3D-sec so the newest one that you posted there is called 3D-sec what they're suggesting is the reason for what's next is 3D-sec all sorts of important information you enter your card number enter your CDB and half of it goes to the CDB 3D-sec and it forces you to end all forces you to enter another password in other domain 3D-sec when you do the right thing most of the domain we have 3D-sec it is not posted in the and it also pops up both of these mechanisms are a big MITM actually enable one of the biggest 3D-sec it helps phishing and welding which is not really the net there are some files that are happening they say for every transaction there is a random folder which goes back to the transaction the transaction information the script account information everything doesn't get traveled across the internet so this another layer of abstraction is it a hash code? it is one of the hash codes but it could be any random substitution for every transaction you have the whole transaction with some code and the code translates to the transaction in the package there are maybe 2 or 3 ways of doing this definitely hash the whole thing the problem is in the shared security the problem is what is the security of the mechanism of calculating the the mechanism of calculating the source itself and the way the code is getting linked so it's not full proof one of the 2 important combinations including pk including pk because all you need to do is choose a soft copy so that is where it's ubiquo it's pdol even if you know pdol not here who else is pdol pdol is a group of companies including me who have come together and formed this consortium to solve the identity aspects of the system because none of them are full proof what they are actually promoting is a hardware key it basically sits in your head and it's a single key for any sort of services one key can hold up to 50-60 you just have to register download a specific key using that kind it's quite a bit it's not fully out there there are companies for bringing ubiquo to the post there are companies who are in the manufacture of the hardware key to become the key for every transaction it's like they are telling you at 25 years old it's actually going back more and more they are telling you that any of them are softwares they are for softwares MPC so so group A is a more of a payment payment payment first the idea of MPCI was all these transactions they are you basically do them all and and we are not getting any information and we don't have an English skill why you don't I, if I trans from from here to you know I should go back to from Americans and also using all this valuable data third part of indigenous speech but also I think there are a lot of broader speech it can be in which year you own the banks in India also to make the transactions more efficient more heads are going more heads are going so group A basically is like a visa group A is a brand like visa and actually MPCI uses the same I saw this in I was I was responsible I know they already have TB which is very early 3 days in India actually 98% of the world payment networks use find one in India there are some variations of it but that will be the client section if you look at all this authentication is not a network issue because you cannot do too much in the network it's all pretty different the speeches are there so the owners of making authentication works on the end fund software makers and their websites are apps and how much you want to import into those areas when you are in the authentication sector please you know everybody's business knowledge and then authentication actually depends on your identity if you say Aadhaar is my identity and when you work Aadhaar as a lady what it does is basically it scans your IDs back and other data which is whatever it is presenting is true if that whole mechanism of the database is corrected authentication is not automated the enrollment and ID creation part is much more complicated than authentication authentication is full techniques say you know this person is playing this game I go all the way the ID self is coming authentication is made so how much time do we have about 20 minutes so this is what I got I didn't want to go into the glory details but when you watch you can talk to these and basically it is available as plug-in for example access for the old server which is an in fact as I was earlier they actually divide it from a third party and then you need to do a pretty simple transaction and some time perhaps he said it is not the best method it is the problem with the replayer so you won't outside your domain so one of the safety mechanisms is you look at ICS you can when it is redirected the ability of the hackers to introduce their own malicious code is the root of this it is going out of ICICS so the transition is out of it if somebody does a DNS proof or something then the user has no way of knowing that DNS proofing is even like BGP's proofing is like you are at country level you are seeing those attacks you know none of the browser they can pop up and look at your customers even like I was transparent it is inside you know ultimately if the hacker is very determined it is in the because it increases attack surface that is where it will not be it increases attack surface backups are always you know but they influence the popular problems and then you can make the customers into a client let's say you are a customer website and then suddenly you complete the transaction you have to do a client the client is still a better brand then this doesn't become a question of recognition and client activity then in fact you know there are attacks you put an image in your browser and whatever the name is the secure image you are talking about so they just put your browser it says I say I will be successful whatever but can we talk it from the poster to the browser the website let's say hacker.com that can be found the name of this image you are yeah I am the you are can we bottle this then you can put a you are the user give a impression to the user that you are very nice whatever the other so I mean how is the unified activity the unified influence is slightly different like I said so that post is related to the bank look at IMPS you know any FTA you guys do that's basically if they have IMPS most people do not do what IMPS is doing is mobile payment you can substitute your account number in your mobile but in order to register there is a process you need to submit your mobile number then once the mobile number is registered you can transfer money to any other mobile number which is also registered it's limited by those people who are registered it's also limited by the banks the mobile number in htlc the bank is in different places the data is not in the bank what UPI has done is created a layer of internet for the same mobile and instead of mobile number it has created a user pretty new only so I can basically register it in htlc in htlc so you just have to register it in htlc you just just register it okay so that's the that's the ease of this talk problems remain same for authentication issues they also have other ways to authentication but it is not what we are doing it's more of it's a retro study concept it's really useful when we change the from an architecture perspective it's not so it is going to change the detail environment also I think businesses can also register it's a good part of htlc and all that the real already have that they don't have this issue it feels like if I am answering to this guy only once then I have to take all his details I have a good name settings around in that here I look to make that unibody it's actually a mobile wallet but it is a problem because it is NPCI it becomes a big problem you can transfer to say speak okay but if there is a transfer to anyone who has been here when it is going to be put into this NPCI body of all the guys so another question what kind of the the the the the the the the the the the the the the the So basically what happens if a person is very different and the resources are part of the issue, any two of your system can be broken, including physically, maybe even go over it. Yeah, exactly. Yeah, right here. Why am I thinking that you know like Papio Rai is in the scene. The scene is in the movie, right? And you know, I forget about going to that extreme violence out there. They have demonstrated that fingerprint images can make that change. But now I think the liveliness checks and other things. Yeah, but then how many will actually be made in every film? Every film, right? If it's a five or four, whatever film they want, they get it. Also, the liveliness can also be taken for a film. We have a fit between... You know, so we play at that, right? That they end up in. If you basically take a working image and then substitute it. I don't even know. It's actually pretty even. You can always have a bigger picture. Yeah. So that is... So hence, the level of food that you would want to include in your system, depends on what is your life, in your case. What happens if something happens then? How will you deal with it? So there is this new concept which has been talked about quite a lot, and also come resilience. They say you can't model from good to bad. In the 70s, the whole war in the middle age, when you were alive, it was a bit of a reality. The fact that there are grills and all that. How can you save yourself from it? But one military strategy, something actually, even with this scenario, they assume that it will give you an attack. So how will you survive after that? That was a part of military hospitals back then. Yeah. So one of them. So they came up with five, six scenarios. And we're sure that there will be resources to address the aftermath. So one of the concepts that has been talked about in the 70s, is to assume that it will be valuable. Then what? How will you deal with it? How easily can you recover? How easily can you replace these mechanisms that you are concerned about? Passwords and make sure your static passwords remain well. What are some things? How do you minimize the aftermath? That is the way of doing something. So there is a big block chain. There are a lot of discussions about whether block chain can be used or not. Block chain is something that we can do. How can it be different? It can be different in any way. Block chain is not good. Because we can do it because governments are not like this. Because currency leads to direction. Currency is always backed by the media. Block chain as a technology, it has a complication beyond your countries. So again, one of the more than block chain guarantee is non-division. Why is authentication required? One is making sure for the right people. But also because for a lot of the guys, it needs to leave the burden of proof. You did it because you had all these things and then a hundred percent say that it's your responsibility. So block chain can help you transform the identity of your country. The hash keys and blocks are based on authentication. The original problem of authentication still remains the same. Where it is built to how strong it will write. And how well it can be managed. Another mechanism of what the key is, how the key gets distributed to users. Block chain may not solve all the issues. It can give you a delta for your country. Would it be right to say that block chain is more of a mystery rather than... Yeah. It's a... It will say that this has happened in the past and you cannot change it. Yeah, it cannot change it because maybe... How would it... How would it die back to our country? Basically, what you are saying is you use block chain key to sign that transaction. You know, how can you add that to your application? You get a public-private email and the website has a public-private email. The website was a challenge. We signed it with a private email and the website can use your public-private email since doing that, you are the new owner of that email. And vice-versa. So, PPI is used as an image by the English community. So, they extend to that concept in the same way. Use block chain key, which is also what is used to come to the cashier number to listen to the process. And the advantage is it's more distributed. You don't have to ask for reasons. Various subsequent issues. So, that is the advantage of that approach? Yeah. So, that's the benchmark. Now, you are... Not a lot of parties can tell you this feeling, rather than just say, well, you know what that means. Distribution of fees also becomes likely. I have a general question. So, as I know, the thought of reversing and of making more symmetric is the problem of... How do I know that it is the time that we are asking for this? Which is currently very... Yeah. So, how do I reverse that? PPI, right? PPI helps them. How? Because the user still doesn't know. The user also does mutual authentication with the certificate of the line. We have SWART card. Which has to be issued by the bank. You already know that it should be issued by the bank. Yeah, it has to be issued by the bank. That's one of the problems of these brokers, but one can say, for every website, you need to have a different... I think the bank can probably give something like its own company. It can always authenticate. Yes. As long as the mechanism... First, the mechanism of transfer. Then you go to the transfer. So, the kind of transfer itself on the line kind of system is likely to attack. That's not a problem. Right. So, it's a reference even. As long as you trust the transfer of the key itself, if the bank gives you its public key and you trust that transfer idea, this is the bank that is giving you this public key. You can always say that it's a bank... It's not a bank which is giving you the key. No, I mean... For that case, identify... How HTTPS does it at the login screen? It says, when you sign up, it says this is the image we are going to show you. Sir, how does it ask to you? Yeah, but that's how they want to prove that, you know, it's us and nobody else. It just adds one more click for me. It doesn't do it. Yeah. Because the images can be easily created. And it's the same image every time. At least. With HTTPS, what happens is, third party gets involved. You see, issuing this image. So, again, it goes back to the point I gave a hold. Identity being the key. Eventually, I think it's like who will watch the watchman. Right? I mean, if you are saying that's... So, that is why... The system will walk you. This certificate doesn't seem to be from a revamp. But if you want to... If anybody can hear this, Right. But that's what I'm saying. Eventually, you have to trust somebody, which is like... So, it is like where if you are hired for your company, and you want from Stanford, you want from unknown college, you need somebody who is coming in from there. It was the start for 10 years, right? Because they did the job, right? They did. And then you have mechanisms to verify whether it is from Stanford. If it's from someone who you don't want to go on, take the next limit. It's the same thing, right? So, the certificates need to be issued from a standard party, which is, you know, very sorry, for another country based level. But once that level crosses, then it goes to the C, that the public C, and the private B sign matches. And then it signs back with its private B, so that the band knows that this is the same certificate, same guy, that's what they know, and he has the right to keep it, but we don't proceed. So, it's unusual, I think. The problem with PKI is some software needs to be downloaded on each end point. Which isn't the problem, but then, yeah. Maybe we are not aware of it. I mean, at least more, I think we are not aware of it. What is the problem? Yes, once you disturb a software. But, you know, the industry has seen that if you don't even install it, because if you are not savvy, you install it. The PKI software is part of it. You enroll and then it gets dropped into that software. You don't have any point where you are using it. You see, you can see the mobile app that is here, can be part of it. Yes. It's also quite performant. Yes. There is some computation there, really. Yeah. Technology exists and, you know, it is working, but there are issues, right? It plays, it plays. Whereas for, there is no review. No review is available. It's like, you know, that's why, you know, you might solve some of it, but I think, who will buy that additional? They have actually solved it very nicely. You can buy this, you know, you just take your memories, you might not leave it to anyone. And then, you can write it. You can read it yourself. But, you know, again, people need the support that they have. All the, etc. How much muscle power is there for this. And that's what we do all the time. That's a very interesting solution. After a generation, even that, that thing will be built into your phone or your, and then you will use that state as a product. It's a little bit great. And then there is some machines that are always lost. Okay, so if there are no other questions, Manjula, thanks a lot for doing this. And there's drinks and dinner downstairs. And on behalf of ASCII, I'd just like to present a small token for 53. And I hope you can have some hot tea and so do you. Thanks a lot for doing this Manjula. Please join us for dinner.