five standards for one way to pay - etsi€¦ · five standards for one way to pay etsi mpayment...
TRANSCRIPT
1 CONFIDENTIAL
Five Standards for One way to pay
ETSI mPayment Workshop Robert Brown VP Market Development 2 July 2014
Fragmented Financial Services
2
‹ Paying a utility bill ‹ direct billing relationship with account owner’s bank ‹ Paying a tradesman ‹ set up a direct bank transfer ‹ cash or cheque ‹ Buying online ‹ a large retailer - retains your card data for repeat business with one click ‹ a small merchant - requests all of your card data for a one-off transaction ‹ an auction site - requires use of a third party payment service ‹ Paying for a coffee ‹ a mobile app with a pre-registered payment card in a large chain ‹ a contactless payment for a smaller vendor with no loyalty app ‹ cash for the smallest of vendors ‹ Buying the week’s groceries ‹ Chip & PIN card payment ‹ Click & collect
CONFIDENTIAL
New Methods?
Technical Challenges
3 CONFIDENTIAL
‹ User Authentication ‹ Usernames and passwords now unusable ‹ Identity Management ‹ Do we have “one” identity? ‹ Privacy ‹ How much are we giving away and what do we get? ‹ Database breaches ‹ Not if, but when your database is breached ‹ Malware ‹ Going to get worse when the value of attack
increases
7KH�SULQFLSDO�ORJR�FRORU�LV�EODFN��EOXH�W\SH� ZLWK�WKH�LFRQ�ORFNXS�
7KH�EODFN�ORJR�LV�XVHG�YHU\�UDUHO\�RQO\�LQ�LQVWDQFHV�ZKHUH�WKH�SXEOLFDWLRQ�RU�GRFXPHQW� ZLOO�RQO\�DSSHDU�LQ�EODFN��ZKLWH��LH��ID[�VKHHWV�DQG�QHZVSDSHU�
7KHVH�DUH�WKH�RQO\�YHUVLRQV�SHUPLWWHG�
LOGO
LOGO IN BLACK
LOGO COLOR VERSIONS
LOGO ON BLACK
TOUCHSCREEN
FINGERPRINTS
VIDEO
STORAGE
TRUSTED EXECUTION
COMMERCE
IDENTITY
CONTENT
ENTERPRISE
TRUSTED BOOT
TRUSTED HARDWARE
Authentication
Tokenization
Secure display
2 Factor Auth
Single sign on
Certificates
Rights management
Display link protection
UHD key protection
Authentication
Data loss prevention
Secure communication
SECURITY MARKETS USES TRUSTED
DEVICES
Why use a TEE?
MAIN OPERATING SYSTEM TRUSTONIC TEE
TRUSTZONE™ SYSTEM-ON-CHIP
7KH�SULQFLSDO�ORJR�FRORU�LV�EODFN��EOXH�W\SH� ZLWK�WKH�LFRQ�ORFNXS�
7KH�EODFN�ORJR�LV�XVHG�YHU\�UDUHO\�RQO\�LQ�LQVWDQFHV�ZKHUH�WKH�SXEOLFDWLRQ�RU�GRFXPHQW� ZLOO�RQO\�DSSHDU�LQ�EODFN��ZKLWH��LH��ID[�VKHHWV�DQG�QHZVSDSHU�
7KHVH�DUH�WKH�RQO\�YHUVLRQV�SHUPLWWHG�
LOGO
LOGO IN BLACK
LOGO COLOR VERSIONS
LOGO ON BLACK
SMART CONNECTED DEVICE
Normal App
Security Critical Assets
TEE Enabled App
API Call on Security critical Routine
Secure Container
Trusted App - Secured Critical Assets
‹ Key assets exposed ‹ Key assets protected
‹ Isolated space for handling high value assets
Trustonic End to End Trust
TRUSTED APP MANAGER
CHIP MAKER
DEVICE MAKER
APP DEVELOPERS
SERVICE PROVIDERS
‹t-base TEE
‹t-kph Key Gen
7KH�SULQFLSDO�ORJR�FRORU�LV�EODFN��EOXH�W\SH� ZLWK�WKH�LFRQ�ORFNXS�
7KH�EODFN�ORJR�LV�XVHG�YHU\�UDUHO\�RQO\�LQ�LQVWDQFHV�ZKHUH�WKH�SXEOLFDWLRQ�RU�GRFXPHQW� ZLOO�RQO\�DSSHDU�LQ�EODFN��ZKLWH��LH��ID[�VKHHWV�DQG�QHZVSDSHU�
7KHVH�DUH�WKH�RQO\�YHUVLRQV�SHUPLWWHG�
LOGO
LOGO IN BLACK
LOGO COLOR VERSIONS
LOGO ON BLACK
‹t-dev SDK
‹t-sek OTA
TRUSTED APPS
APP STORE APPS
KERNEL LEVEL
TRUSTZONE™ SYSTEM-ON-CHIP
7KH�SULQFLSDO�ORJR�FRORU�LV�EODFN��EOXH�W\SH� ZLWK�WKH�LFRQ�ORFNXS�
7KH�EODFN�ORJR�LV�XVHG�YHU\�UDUHO\�RQO\�LQ�LQVWDQFHV�ZKHUH�WKH�SXEOLFDWLRQ�RU�GRFXPHQW� ZLOO�RQO\�DSSHDU�LQ�EODFN��ZKLWH��LH��ID[�VKHHWV�DQG�QHZVSDSHU�
7KHVH�DUH�WKH�RQO\�YHUVLRQV�SHUPLWWHG�
LOGO
LOGO IN BLACK
LOGO COLOR VERSIONS
LOGO ON BLACK
HARDWARE LEVEL
APP LEVEL
LINUX
ANDROID 4.4
BEACON & HCE
‹t-base TEE
SECURE BOOT
PERIPHERAL LEVEL
‹ Hardware Isolation ‹ Microkernel Separation ‹ Managed Domains
for Trusted Applications ‹ Privileged Peripheral Access
VPN
(Trusted Execution Environment) Page 14The touchpoint of power and ease
Colors
Basic Color (Gradation)
(Offset printing, on-screen display, etc.)
You may download the N-Mark image ¿OH�LQ�VHYHUDO�¿OH�IRUPDWV�IURP�WKH�1)&�Forum’s website after you have executed an N-Mark license.
Single-Color
(Silkscreen and uni-color printing)
The N-Mark must be in the following color or equivalents:
Q 3$1721(�����&
Q 5*%����������
Q RGB Hex: #005ABB
Q CMYK: 100/46/0/0
Monochrome
(Silkscreen printing, monochrome prints, etc.)
The N-Mark must be printed in white, black, or a gradation of gray.
Other Colors
:KLOH�WKH�1)&�)RUXP�UHFRPPHQGV�WKDW�\RX�XVH�WKH�3$1721(�����&�EDVLF�FRORU�(gradation) and single-color schemes above to enhance global recognition of the N-Mark, it is understood there may be occasions where other colors are more visually complementary to the overall design of a device or information materials and are thus allowable. In these cases, request permission from the NFC Forum to deviate from the recommended color schemes.
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
EMVCo
SECURE PERIPHERAL
CONNECTION SE TOUCH-
SCREEN DEVICE
DISPLAY FINGERPRINT
SENSOR
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
TEE | FIDO | EMV-Token | HCE
FIDO AUTHENTICATION SERVER
LOCATION
BIOMETRIC
PASSCODE
EMV TOKEN SERVICE PROVIDER
TRANSACTION ACQUIRER
Multi-factor authentications
Authorizations
Secure token storage
Authenticated token release
Merchant terminal online
transaction acquired as
usual
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
TOKEN
T O K E NAccelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
Token processed
Payment
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
Beacon or NFC or mobile internet
channel
TOKEN
T O K E N
Accelerometer
Camera (consumer) Camera (surveillance) Heart rate sensor
Discount Coupons
Token
Secure Display Payment Terminal
Boiler
Movie Maker Shop Keeper Barcode Scanner
Authorisation token
Microphone
One way to pay
9 CONFIDENTIAL
Web High Street
Online Offline
Low Value One Click One Click or
HCE Tap
HCE Tap
High Value Click + mPIN Click + mPIN or
HCE Tap + mPIN
HCE Tap + mPIN
‹ Click or Tap and ‹ mPIN or Fingerprint ‹ For all transactions ‹ Secured by TEE
Added benefits
10 CONFIDENTIAL
‹ choose to shop incognito or identified, online and on high street ‹ have privacy by default and choose when to exchange it for value ‹ choose to build loyalty one transaction at a time ‹ have a simple payment experience online or on street using Click
and PIN or Fingerprint and PIN ‹ no longer be distrusted by retailers ‹ rely upon genuine reviews of purchase experiences ‹ no longer worry about retailers storing your payment data in
vulnerable databases ‹ be freed from having to pick usernames and passwords ‹ be sure your money is safe from malware breaking your payment
enabled apps