Beyond EMV New channels for Authentication - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Beyond EMV New channels for Authentication

Description:

It's a '2 factors ' authentication solution: Something you own (the key) ... Possibly OTA download of the application in a SE ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 16
Provided by: jean89
Category:

less

Transcript and Presenter's Notes

Title: Beyond EMV New channels for Authentication


1
Beyond EMVNew channels forAuthentication
Payment
2
WebSTIC USB key for Online Authentication
  • Secured and convenient access for Home Banking

3
WebSTIC USB key for Online Authentication
  • A secure convenient solution
  • A USB key which contains a Flash controller
    module and a combined Smart Card
  • The Flash memory part securely host a home
    banking dedicated browser which is launched at
    the key insertion
  • The dedicated browser will connect only to the
    Home Banking Server with SSL connection
  • The pages are accessed only after a PIN
    validation by the smart card which will send an
    OTP or sign a challenge to the server plus
  • Its a 2 factors authentication solution
    Something you own (the key) , something you know
    (PIN) plus additional security (a dedicated
    browser linking only to the home banking server
    with SSL,)

4
WebSTIC for Online Authentication
  • Step by Step

0 User is connected to Internet
1 User takes his key
User at Home
2 User plug the key
3 The Browser is launched from the secured area
of the Key
4 The Browser connect the Home Banking Server
with SSL using the adress stored in the
Smart Card
5 The Browser ask the Smart Card in the key for
authentication
6 PIN is requested by the Smart Card in the Key
7 If PIN is valid the user access home banking
pages
5
Features, details and options
  • Access to the server
  • The browser (stored in the flash memory) is
    automaticaly launched after key insertion
  • Possible graphic customisation of the browser
  • The browser can only access the pre-stored
    address (in the smart card) of the home banking
    web server and only via SSL.
  • Virtual PINpad for PIN entry
  • Authentication mechanisms
  • All the authentication mechanisms are securely
    provided by the smart card
  • Based on 3DES, MasterCard CAP, VISA DPA or any
    other mechanisms such as PKI
  • Authentications mechanisms can be done in
    background (just PIN input is shown) or can be
    explicitly shown if details for a transaction
    signature must be visible to user.
  • Specific pages
  • Some Error pages (no Internet connection, page
    does not exist,) can be locals and stored in the
    key

6
Benefits
  • Convenience for the cardholder
  • Just a key
  • Just a PIN
  • Access directly and only to the home banking web
    site
  • Portability with same interface security
  • Tangible benefits for Issuers
  • Customer convenience and confidence
  • More security through direct access
  • A branded a dedicated solution to access online
    services
  • Less support to Cardholders for online banking
  • Cost reductions from
  • Reduced customer support, less branch visits and
    less fraud prevention investments
  • More use of online services

7
MobileContactless PaymentThe SIMphonIC
FlyBuysolutions
8
Mobile Contactless a Wide Range of Applications
Peer2Peer Data exchange
Interactive Contactless Advertisement
9
Some definitions
  • Contactless Payment
  • Already in place or about to be launched with
    contactless payment cards or dual-interface
    (contact/contactless) cards
  • Target cash replacement with maximum amount of
    25 and no PIN
  • The model within the EMV zone should use offline
    payment (no call from the Point Of Sales to
    validate the payment during the transaction
    over night batch processing) with a limit in term
    of cumulated amount or number of transactions.
    Use of DDA (RSA based) capabilities of
    contactless smartcards for authentication between
    cards and POS.
  • Secure Element
  • The Secure Element or SE host the contactless
    applications
  • For Payment applications it has to be a secured
    certified microprocessor
  • The SE can be in the handset itself or in a
    removable component such as the SIM card
  • NFC component
  • In the mobile handset the NFC component is in
    charge of the communications
  • Specific component linked to an antenna mounted
    or buried in the handset.
  • Can send or receive data through the antenna
    following ISO 14443 standard
  • Comunicate with the SE following a NFC protocole
    (SWP, S2C,)
  • OTA Management
  • Other The Air management of Payment applications
  • Possibly OTA download of the application in a SE

10
2006-2007 a variety of technical solutions
SW
SW
Application processor
Application processor
SD or MMC
SD or CF card as the secured element of the NFC
Front End. SIM may control the Secure Element
SIM CENTRIC SOLUTION NFC Front end secured by
the SIM
Standalone Sticker.No link between the Sticker
and the phone
11
SIM CENTRIC solution
  • SIM centric solutions the preferred ones
  • SIM used as the Secure Element in the Mobile
    Handsets
  • Mobile operators are the one paying to install
    the NFC technology in the handsets
  • ? they need to keep somehow control over the
    contactless services in the mobile phones.
  • Operators have the possibility to add value to
    their commercial offer with new, attractive and
    innovative services to their clients and, as an
    ultimate goal, to increase their ARPU.
  • The SIM is the removable secure element of mobile
    phones
  • The applications provisioning systems for SIMs
    are already in place and can be reused

12
One Vision Two implementations
  • SIMphonIC FlyBuy
  • The SIM based solutions for mobile NFC Payment
  • Use standard NFC component for contactless
    communication (SWP, S2C,)
  • The Secure element used to run and host critical
    applications (payment, transport, e-tickting) is
    the SIM card
  • 2 Options
  • One chip used for communication NFC Paymentg
  • 2 components
  • 1 for communication
  • 1 dedicated to NFC Payment and other applications

Interface SW (STK or JAVA)
Application processor
13
Personalization process for contactless cards
  • Contactless Payment Cards must follow
    standardized process
  • Cards emitted for an issuer (MasterCard or Visa
    member) must be certified
  • (Functional including Security certification)
  • Manufacturing and personalisation sites must be
    audited and certified
  • (Physical logical certifications)
  • Personalisation require specific know-how and
    experience

How to Adapt this process and the associated
constraints for NFC Payment ?
14
Personalisation Solutions
  • Loading of Payment applications without
    personalisation during the manufacturing phase of
    the SIM (card distribution following the SIM
    model)
  • Secured Personalisation Other The Air of NFC
    Payment applications plus activation/de-activation
    services
  • Or
  • Full manufacturing personalisation of the SIM
    card as a Banking card (card supplied t
  • only activation/de-activation of the
    pre-personalised payment application OTA

GSM network OTA perso
Personalisation upon request (by third party/end
user with operator validation)
Administration Monitoring
15
Thank you for Your AttentionQuestions
Comments?
Write a Comment
User Comments (0)
About PowerShow.com