Title: Beyond EMV New channels for Authentication
1Beyond EMVNew channels forAuthentication
Payment
2WebSTIC USB key for Online Authentication
- Secured and convenient access for Home Banking
3WebSTIC USB key for Online Authentication
- A secure convenient solution
- A USB key which contains a Flash controller
module and a combined Smart Card - The Flash memory part securely host a home
banking dedicated browser which is launched at
the key insertion - The dedicated browser will connect only to the
Home Banking Server with SSL connection - The pages are accessed only after a PIN
validation by the smart card which will send an
OTP or sign a challenge to the server plus - Its a 2 factors authentication solution
Something you own (the key) , something you know
(PIN) plus additional security (a dedicated
browser linking only to the home banking server
with SSL,)
4WebSTIC for Online Authentication
0 User is connected to Internet
1 User takes his key
User at Home
2 User plug the key
3 The Browser is launched from the secured area
of the Key
4 The Browser connect the Home Banking Server
with SSL using the adress stored in the
Smart Card
5 The Browser ask the Smart Card in the key for
authentication
6 PIN is requested by the Smart Card in the Key
7 If PIN is valid the user access home banking
pages
5Features, details and options
- Access to the server
- The browser (stored in the flash memory) is
automaticaly launched after key insertion - Possible graphic customisation of the browser
- The browser can only access the pre-stored
address (in the smart card) of the home banking
web server and only via SSL. - Virtual PINpad for PIN entry
- Authentication mechanisms
- All the authentication mechanisms are securely
provided by the smart card - Based on 3DES, MasterCard CAP, VISA DPA or any
other mechanisms such as PKI - Authentications mechanisms can be done in
background (just PIN input is shown) or can be
explicitly shown if details for a transaction
signature must be visible to user. - Specific pages
- Some Error pages (no Internet connection, page
does not exist,) can be locals and stored in the
key
6Benefits
- Convenience for the cardholder
- Just a key
- Just a PIN
- Access directly and only to the home banking web
site - Portability with same interface security
- Tangible benefits for Issuers
-
- Customer convenience and confidence
- More security through direct access
- A branded a dedicated solution to access online
services - Less support to Cardholders for online banking
- Cost reductions from
- Reduced customer support, less branch visits and
less fraud prevention investments - More use of online services
7MobileContactless PaymentThe SIMphonIC
FlyBuysolutions
8Mobile Contactless a Wide Range of Applications
Peer2Peer Data exchange
Interactive Contactless Advertisement
9Some definitions
- Contactless Payment
- Already in place or about to be launched with
contactless payment cards or dual-interface
(contact/contactless) cards - Target cash replacement with maximum amount of
25 and no PIN - The model within the EMV zone should use offline
payment (no call from the Point Of Sales to
validate the payment during the transaction
over night batch processing) with a limit in term
of cumulated amount or number of transactions.
Use of DDA (RSA based) capabilities of
contactless smartcards for authentication between
cards and POS. - Secure Element
- The Secure Element or SE host the contactless
applications - For Payment applications it has to be a secured
certified microprocessor - The SE can be in the handset itself or in a
removable component such as the SIM card - NFC component
- In the mobile handset the NFC component is in
charge of the communications - Specific component linked to an antenna mounted
or buried in the handset. - Can send or receive data through the antenna
following ISO 14443 standard - Comunicate with the SE following a NFC protocole
(SWP, S2C,) - OTA Management
- Other The Air management of Payment applications
- Possibly OTA download of the application in a SE
10 2006-2007 a variety of technical solutions
SW
SW
Application processor
Application processor
SD or MMC
SD or CF card as the secured element of the NFC
Front End. SIM may control the Secure Element
SIM CENTRIC SOLUTION NFC Front end secured by
the SIM
Standalone Sticker.No link between the Sticker
and the phone
11SIM CENTRIC solution
- SIM centric solutions the preferred ones
- SIM used as the Secure Element in the Mobile
Handsets - Mobile operators are the one paying to install
the NFC technology in the handsets - ? they need to keep somehow control over the
contactless services in the mobile phones. - Operators have the possibility to add value to
their commercial offer with new, attractive and
innovative services to their clients and, as an
ultimate goal, to increase their ARPU. - The SIM is the removable secure element of mobile
phones - The applications provisioning systems for SIMs
are already in place and can be reused
12One Vision Two implementations
- SIMphonIC FlyBuy
- The SIM based solutions for mobile NFC Payment
- Use standard NFC component for contactless
communication (SWP, S2C,) - The Secure element used to run and host critical
applications (payment, transport, e-tickting) is
the SIM card - 2 Options
- One chip used for communication NFC Paymentg
- 2 components
- 1 for communication
- 1 dedicated to NFC Payment and other applications
Interface SW (STK or JAVA)
Application processor
13Personalization process for contactless cards
- Contactless Payment Cards must follow
standardized process - Cards emitted for an issuer (MasterCard or Visa
member) must be certified - (Functional including Security certification)
- Manufacturing and personalisation sites must be
audited and certified - (Physical logical certifications)
- Personalisation require specific know-how and
experience
How to Adapt this process and the associated
constraints for NFC Payment ?
14Personalisation Solutions
- Loading of Payment applications without
personalisation during the manufacturing phase of
the SIM (card distribution following the SIM
model) - Secured Personalisation Other The Air of NFC
Payment applications plus activation/de-activation
services - Or
- Full manufacturing personalisation of the SIM
card as a Banking card (card supplied t - only activation/de-activation of the
pre-personalised payment application OTA
GSM network OTA perso
Personalisation upon request (by third party/end
user with operator validation)
Administration Monitoring
15Thank you for Your AttentionQuestions
Comments?