Ecosystem Scenarios for Cloud-based NFC Payments

Slides:



Advertisements
Similar presentations
Credit Card Processing 101
Advertisements

Chapter 8 Payment Systems: Getting the Money
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Healthcare Payment & Remittance Medical Banking - Best Practices
European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.
Chang-ho CHUNG 정창호, 鄭彰鎬 Judge, Republic of Korea, since 1993 Head of UNCITRAL and UNIDROIT Research Team of Supreme Court of Korea SNU, LSE, HKU 1.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:
Banking Services AVAILABLE FOR A SMALL BUSINESS. BANKING SERVICES 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.
Cloud Banking Services MBSP Mobile Banking Service Provider Welcome to:
Management of Data-Generating Front Office Subsystems
Security of JavaCard smart card applets Erik Poll University of Nijmegen
Mobile Devices in the DoD
Pharos Uniprint 8.3.
Financial Stability & Integrity Track: Innovations in Technology for Financial Inclusion & Managing Risks.
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.
What we do Larotecs Web2M is an off-the shelf, end-to-end, web-based solution designed to manage multiple widely distributed devices.
Multi-Application in Smart Card-based Devices Christophe Colas, Chief Software Architect August 2002.
Discovering Computers Fundamentals, 2012 Edition
Accelerate the on-boarding of Service Providers in Trusted Infrasturcture Virginia Chan, Vice President Hong Kong Mar 19 th, 2014.
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
Take Charge of Your Finances
Introduction to computer
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
NFC Devices: Security and Privacy
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Contactless Payment. © Family Economics & Financial Education – January 2007 –– Financial Institution Unit – Contactless Payment - 2 Funded by a grant.
Our Eyes are on the watch for you! One Stop Shop Payment Automation: Innovative and Smart platform that: Increase Sales and Merchant Retentions Creates.
© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.
CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.
Dongyan Wang GlobalPlatform Technical Program Manager
1 Visa Acceptance and Enablement Bank of America Merchant Services - Supplier Strategy April 2009.
Digital Payment Systems
Mobile Payments 101 Richard A. GibbsJune 1, 2011 Karen Ross Andrew Lorentz How do they work?
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
ITEC0722: Mobile Business and Implementation: Mobile Payment and Security Suronapee Phoomvuthisarn, Ph.D.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Hsu-Chen Cheng, *Wen-Wei Liao, Tian-Yow Chi, Siao-Yun Wei
EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National.
Secure Electronic Transaction (SET)
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
Property of the Smart Card Alliance © 2011 The Future of NFC Mobile Payments Randy Vanderhoof Executive Director Transit Payments Markets Migration to.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
·
Near Field Communication Systems Patras, July 2006.
Leveraging UICC with Open Mobile API for Secure Applications and Services.
By Hinal Pithia Monday, November 14, Overview The traditional wallet The digital wallet –How it works –Technology –Payment Models –The players –Considerations.
Chapter 11 Working with Credit Card Methods of Processing Credit Cards Preparing for Cyber Cash Authoring a Credit card Transaction.
Mobile Payments: Key IT Law Issues Sony Gokhale October 26, 2015
Smart Card And GSM Based Advanced Security System
E-Commerce & M-Commerce. Introduction Electronic commerce, commonly known as e- commerce, It is a type of industry where buying and selling of product.
Near Field Communication Armando Octavio Yesenia Sunny Nidia.
Saahithi Chillara Radhika Goyal ECE Fall Senior Design Project.
Electronic Banking & Security Electronic Banking & Security.
Digital Payments STEP BY STEP INSTRUCTIONS FOR VARIOUS MODES OF PAYMENT: Cards, USSD, AEPS, UPI, Wallets.
Digital Payments STEP BY STEP INSTRUCTIONS FOR VARIOUS MODES OF PAYMENT: Cards, USSD, AEPS, UPI, Wallets.
Smart Money Concept.
A catalyst for mobile contactless payments adoption?
Going Mobile Across Campus
EMV® 3-D Secure - High Level Overview
BY GAWARE S.R. DEPT.OF COMP.SCI
Cesar Lomeli.
Objectives Overview Explain why computer literacy is vital to success in today’s world Define the term, computer, and describe the relationship between.
Cesar Lomeli.
Presentation transcript:

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Computing and Mathematics Brunel University London, UK UB8 3PH pardis.pourghomi@brunel.ac.uk

pardis.pourghomi@brunel.ac.uk - Brunel University, UK Introduction to NFC NFC is designed for short distance wireless communication NFC is complementary to Bluetooth and 802.11 with their long distance capabilities Easy and simple connection method Enables the exchange of data between devices over the distance of up to 20 centimetres Provides communication method to non-self powered devices pardis.pourghomi@brunel.ac.uk - Brunel University, UK

Examples of using NFC enabled mobile phones Download music or video from a smart poster Exchange business cards, Pay bus or train fair, Parking tickets, Pay at Kiosks, Pay and purchase at Point of Sale Terminals Access controls in office, hotels, airports, print receipts to printer pardis.pourghomi@brunel.ac.uk - Brunel University, UK

What is a Secure Element (SE)? SE is intended as an attack resistant microcontroller Combination of hardware, software, interfaces and protocols embedded in a mobile handset that enable secure storage Provides a secure area for the execution of the applications and protection of the payment assets (i.e. payment keys, application codes, payment data) Can also be involved in authentication process 4. payment assets (e.g. payment data, keys, the payment application code) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

What is a Secure Element (SE)? Operating system running on the SE must be able to install, personalize and manage multiple applications The SE is essential in NFC transactions and ownership/control of it may yield commercial or strategic advantage SE types: Stickers, removable Secure Memory Card (SMC), Universal Integrated Circuit Card is (UICC), Embedded SE (eSE) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

pardis.pourghomi@brunel.ac.uk - Brunel University, UK NFC ecosystem players Consumer: is the party that is considered as the end user in an NFC ecosystem. Merchant: is considered as the consumer matching part. Secure Element issuer (SEI): is the party that issues the SE in an NFC ecosystem. It is also controlling the SE in which it decides how the storage of an SE should be used. Secure Element provider: SE provider is the manufacturer of the SE. It has a direct relationship with SE issuer and service provider. Service Provider (SP): is the party that issues the payment application and deploys data element to consumer. SP is also responsible for managing the payment application which is stored in SE. pardis.pourghomi@brunel.ac.uk - Brunel University, UK

pardis.pourghomi@brunel.ac.uk - Brunel University, UK NFC ecosystem players Mobile Network Operator (MNO): is responsible for providing the GSM network for data transmission. In our case, the MNO is the SE issuer (SE in the form of UICC). Trusted Service Manager (TSM): The role of TSM is to integrate several SEs and SPs. Acquirer: The main role of the acquirer is handling financial payments by clearing and settling transactions through the financial institutions. pardis.pourghomi@brunel.ac.uk - Brunel University, UK

pardis.pourghomi@brunel.ac.uk - Brunel University, UK SE management SE management in a mobile multi-application environment is very challenging SP and SE issuers have ‘n’ to ‘n’ active relationship Partners may have limited control over the service environment Current card issuance models cannot support the dynamic post issuance personalization process (lack of SP’s control on SE) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

Mobile wallet + Cloud computing Is there a need for cloud? Would NFC do the job on its own? There is a need for a clear right to go market strategy for mobile payments There is not much agreement in the minds of mobile wallet stakeholders Which technology will finally get accepted by consumers and merchants? PayPal, Telefonica/O2, and Best Buy have announced wallets that are using cloud technology – “cloud wallets” pardis.pourghomi@brunel.ac.uk - Brunel University, UK

NFC wallet & Cloud wallet A chip is required – stored in the phone A mobile app is required – Logging Client registers with the SP (cloud) Phone can be scanned on the POS Registered info are stored in an offline database Beneficial for busy environments e.g. train stations Pre-paid account is required Improves the loyalty experience of clients Required info (e.g. credit card details) is pulled out from the database when client aims to make a payment Different apps can be integrated into a single app Beneficial for merchants – no need to change their current POS terminals pardis.pourghomi@brunel.ac.uk - Brunel University, UK

NFC Cloud Wallet model – Overview Customer scans his NFC enabled phone on the POS to make the payment The payment application is downloaded into customer’s mobile phone SE The POS communicates with the cloud provider to check whether the customer has enough credit Cloud provider transfers the required information to the POS The merchant either authorizes the transaction or rejects customer’s request The merchant communicates with the cloud to update customer’s balance pardis.pourghomi@brunel.ac.uk - Brunel University, UK

NFC Cloud Wallet model – General idea Additional Security (optional) When NFC enabled phone sends a request to the cloud provider to get permission to make a payment (step 1), the cloud provider sends a SMS requesting a PIN number to identify the user of the phone Customer sends the PIN back to the cloud provider as an SMS – Verification pardis.pourghomi@brunel.ac.uk - Brunel University, UK

Ecosystem scenarios: Direct Link between POS and MNO Extension to NFC cloud wallet model Assumptions: The SE is part of the SIM (UICC) The cloud is part of the MNO The MNO manages the SE/SIM (GSM) Banks, etc. are linked with the MNO MNO is the only party which manages confidential data stored in the cloud More info: Pourghomi, P., Saeed, M., Q., and Ghinea, G. A Proposed NFC Payment Application, In International Journal of Advanced Computer Science and Applications (IJACSA), volume 4, Number 8/2013, pages 173-181. The Science and Information Organization Ltd, 2013. pardis.pourghomi@brunel.ac.uk - Brunel University, UK

Ecosystem scenarios: Unlinked POS and MNO Assumptions: The main SE (virtual SE) is part of cloud – managed by MNO A secure tamper resistant component is in mobile device used for authentication (phone’s SE) The MNO manages the SE/SIM (UICC) Banks, etc. have connections with MNO Vendor trusts MNO pardis.pourghomi@brunel.ac.uk - Brunel University, UK

The virtual SE V.S. phone’s SE Virtual SE (stored in cloud): Securely store personal data such as debit and credit card information, user identification number, loyalty program data, payment applications, PINs and networking contacts Phone’s SE: Stores authentication data such as keys, certificates, protocols and cryptographic mechanisms pardis.pourghomi@brunel.ac.uk - Brunel University, UK

pardis.pourghomi@brunel.ac.uk - Brunel University, UK Research challenges Integration of financial institution(s) with MNO Integration of cloud with MNO Design secure transaction protocols according to payment scenarios Further exploration of cloud architecture (SP perspective) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

pardis.pourghomi@brunel.ac.uk - Brunel University, UK Thank you for your attention! Question time Contact: pardis.pourghomi@brunel .ac.uk pardis.pourghomi@brunel.ac.uk - Brunel University, UK

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.