KReSIT IIT Bombay 1 Survey on Smart Card & Mobile Payment Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes.

Slides:



Advertisements
Similar presentations
Mobile Computing and Commerce And Pervasive Computing
Advertisements

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Mobile Commerce.
Mobile Commerce (M-commerce) Alex Maldonado Mercy College INBS 510 Intro to Internet Business Systems May 11, 2002.
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
GSM Security and Encryption
1 Extending the GSM/3G Key Infrastructure DIMACS Workshop on Mobile and Wireless Security November 3, 2004 Scott B. Guthery CTO, Mobile-Mind
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mobile Payments Index: Introduction Technologies Payment methods
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
FIT3105 Smart card based authentication and identity management Lecture 4.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
Smart Card Development in Hong Kong SIMmate 2000 Product Launch 28 November 2000 Dr LM Cheng Director Smart Card Design Center Dept. of Electronic Engineering.
SMARTCARDS. What we’ll cover: How does the Smart Card work (layout and operating system)? Security issues for the card holder The present and future of.
InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Information Security for Managers (Master MIS)
9. Car-Borne Information System
Smartcard Evaluation TM8104 – IT Security Evaluation Linda Ariani Gunawan.
ITEC0722: Mobile Business and Implementation: Mobile Payment and Security Suronapee Phoomvuthisarn, Ph.D.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
Information Assurance... Smart Card Interoperability Steve Haynes Phone
GSM Network Security ‘s Research Project By: Jamshid Rahimi Sisouvanh Vanthanavong 1 Friday, February 20, 2009.
 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.
Secure Electronic Transaction (SET)
Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.
Java Mobile Application sms,sim,mms and barcode application Presented by Ayedh(SIM and MMS) Asad(SMS and Barcode Application)
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Author: Ingelin Olsen Content Strategy- mission and vision Functionality Demo Summary.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Mobile Commerce (M-Commerce)
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Altruist Mobile Banking. INTRODUCTION The mobile phone is the most popular device of the masses and these days it provides services beyond voice and text.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Chapter 4 Application Level Security in Cellular Networks.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.
Ivo Rosol, OKsystem Middleware.
4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)
1 Progress Report from NFC Working Group General Meeting Copenhagen 18 April 2013 Round Table 1.
Learning Objectives Understand the shifts that are occurring with regard to online payments. Discuss the players and processes involved in using credit.
Heidelberg, 25 February 1999 MTM’99 Workshop Terminal and Application Aspects of the Evolution of Broadband Mobile Services EURESCOM P809 Mobility in.
SIM application
EXAM PREP WORKSHOP MANAGEMENT INFORMATION SYSTEMS.
SMART CARDS Presented By Jishnu Sasikumar Reg No : 09 PG 142.
Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.
E-Commerce & M-Commerce. Introduction Electronic commerce, commonly known as e- commerce, It is a type of industry where buying and selling of product.
Mobile Phone Forensics Michael Jones. Overview Mobile phones in crime The mobile phone system Components of a mobile phone The challenge of forensics.
Electronic Banking & Security Electronic Banking & Security.
NEW WAVE TECHNOLOGY MOBILE COMPUTING. I ntroduction With digitalization the difference between telecommunication and computer net-working is fading.
1. Presentation Agenda  Identify Java Card Technology  Identify Elements of Java Card applications  Communicating with a Java Card Applet  Java Card.
AGENDA Introduction Kind of information smart card contain
Suronapee Phoomvuthisarn, Ph.D.
GSM SECURITY AND ENCRYPTION
M-COMMERCE.
Mobile Commerce.
ITB Identity Solutions.
Presentation transcript:

KReSIT IIT Bombay 1 Survey on Smart Card & Mobile Payment Tijo Thomas ( ) Guided by Prof: Bernard Menezes

KReSIT IIT Bombay 2 Contents Introduction Methodology of Study Existing Payments Schemes Business Drivers Relation between SIM card & Smart Card Technological Trends Business Trends Conclusion

KReSIT IIT Bombay 3 Introduction Motivation To understand the existing payment schemes. To understand the role of smart card in retail payment. To understand the security issues. Goal To understand the future of retail payment.

KReSIT IIT Bombay 4 Methodology of Study Collected the details about the existing payment schemes. Surveyed Industry Standards for Payments. Collected responses to questionnaire from focus groups. Studied various types of smart cards. Analyzed the relationship between smart card and SIM card. Surveyed the Business Trends of M- Commerce and its future.

KReSIT IIT Bombay 5 Existing Payment Scheme Based on Value Micro payments – less than 5$ Medium Payments – Between 5$ - 25$ Macro payments - above 25$ Based on Location Remote Transaction – SMS, GPRS Proximity Transaction – Bluetooth, RFID Based on Technology Magnetic Strip card Smart Card

KReSIT IIT Bombay 6 Smart card Payments What is smart card? Smart card is a tamper proof plastic card with an embedded microchip that can be loaded with data. Why smart card? Security Processing power Memory

KReSIT IIT Bombay 7 Smart Card Security OS and File Security File hierarchy – MF,DF,EF File security attributes Access Rights Always(ALW) Card holder Verification 1 (CHV1) Card holder Verification 2 (CHV2) Administrative (ADM)

KReSIT IIT Bombay 8 Smart Card Security Hardware Security  All the data are store in EEPROM, so can be erased using unusual voltage  Data can be erased by exposure to UV rays  Heating the card in high temperature  Statistical Attack like Differential power analysis (DPA)

KReSIT IIT Bombay 9 Java Card The Java Card platform was designed and developed from the beginning specifically to enhance the security of smart cards. Advantages Open Architecture Designed with Industry Experts Java runtime environment (JRE) Security Enhancements – transaction atomicity, Cryptography, Applet firewall Code reusability (OOPS) & data integrity Proven platform - Passed security evaluation by financial agencies, US Dept of Defense and US national security Agency.

KReSIT IIT Bombay 10 Mobile Commerce Definition: “Mobile commerce is the use the of mobile hand held devices to communicate, inform, transact and entertain using text and data via connection to public and private networks” (Lehman Brothers) “Mobile Commerce refers to any transaction with monetary value that is conducted via a mobile telecommunications network.” (Durlacher)

KReSIT IIT Bombay 11 Scheme of Mobile Payments SMS Based Payments WAP/GPRS Reverse SMS Billing Proximity Payments

KReSIT IIT Bombay 12 SMS Based Payments Secure message in the form of SMS are used to transfer money from one user account to another Use of PKI Implementation e.g.: mCheque Advantage: No account information is revealed

KReSIT IIT Bombay 13 WAP/GPRS based payments Wireless Application Protocol (WAP) over GPRS mobiles are used Similar to e commerce Less risk involved Cost for GPRS connectivity is reducing. No changes in the existing business model

KReSIT IIT Bombay 14 Reverse SMS Billing  Definition: Provider over charge SMS from special numbers - ( Premium SMS )  Separate Business Models are to be realized  Only small change in the existing set up  Advantage: No additional infra structure is required.  Applications: Digital contents like ring tones, music, video...etc

KReSIT IIT Bombay 15 Proximity Payments Definition: The trading parties are in the same vicinity.  Standardized interfaces e.g. Infra red, Blue tooth  Supported Offline transaction  Cheaper solution for micro payments  High Risk  Separate Business Models & Infrastructure need to be implemented

KReSIT IIT Bombay 16 Business Drivers Wider acceptance for GPRS/WAP enabled mobile devices Mobile operators are looking for new revenue streams Population of mobiles devices over PC Average time to detect a mobile theft is 68 min over 26 hours for credit cards More secure than conventional credit cards

KReSIT IIT Bombay 17 Relationship between SIM card and smart card GSM specification11.11 defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM. Any implementation of this standard can act as a SIM card in Mobiles. Implementation: Java Card Native Card

KReSIT IIT Bombay 18 Technology Trends Research organizations & Focus groups are working on the effective standards. Different Business Models (OSS & BSS) are being evaluated for its feasibility. Emerging Wireless Technology - 3G, 2.5G Advancement Mobile Phone Technology

KReSIT IIT Bombay 19 Business Trends Taken from “Towards A Holistic Analysis of Mobile Payments: A Multiple Perspectives Approach” by Jan Ondrus &Yves Pigneur

KReSIT IIT Bombay 20 Business Trends Research reveals high potential market New revenue stream for MNO’s Opportunity for new comers - application developer, content providers …etc High Penetration of mobile device Lack of security in existing credit/debit card system

KReSIT IIT Bombay 21 Conclusion High Potential Market High Demand for “Killer Applications” MNO are looking for new revenue stream Customers willingness to experiment Merchants are looking for a standard OSS and standard based products Opportunity for new comers

KReSIT IIT Bombay 22 Thank You

KReSIT IIT Bombay 23 GSM Specifications

KReSIT IIT Bombay 24 GSM Specification Defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM. Any implementation of this standard can act as a SIM card in Mobiles

KReSIT IIT Bombay 25 GSM Characteristics Physical Characteristics- electronic signals, supply voltage, transition protocol Logical Model- logical structure of SIM, file structure. Security Feature File access condition Description of Functionalities- functional description of commands and respective response, status condition, error code Description of Commands- mapping the functions to APDU Contents of Elementary files- elementary files for GSM session, access condition..etc Application Protocol- list of standard operation between SIM and ME.

KReSIT IIT Bombay 26 GSM SIM Security Subscriber Identity Authentication authenticate the identity of the mobile subscriber The network issues a random challenge Mobile Subscriber (MS) computes the response–using a one-way hash fn (A3 algo) using a authentication key which is unique to each subscriber The Network also compute the response and compare with the response it receive from MS The same mechanism is used to establish a cipher key K c This key is used to encrypt data and radio signal. (A8 Algo) The two algorithms are combined into single algorithm called A38

KReSIT IIT Bombay 27 GSM SIM Security User Signalling Data Confidentiality The data is exclusive-or’d with the key K c and transferred over the radio path. Subscriber Identity Confidentiality This service is to hide the International Mobile Subscriber Identity (IMSI) The service is based on Temporary MSI (TMSI) The IMSI is mapped to TMSI The TMSI is then encrypted with the cipher key K c and send

KReSIT IIT Bombay 28 Smart Card Standards

KReSIT IIT Bombay 29 Smart card Standards International Standards ISO 7816: physical and elecrical characteristics as well as format and protocol for information exchange between the smartcard and reader. European Telecommunication Standards Institute (ETSI): Standard for the GSM SIM to communicate with the mobile device

KReSIT IIT Bombay 30 Smart card Standards Industry Standards EMV: Euro pay, Master Cards & Visa defines a standard to allow safe,easy electronic commerce standard Mobile 3D: Visas international new global specification that ensure security of internet payments made over mobile phones. Open card Framework: Provides an architecture and a set of API that enable application developer to build application in java which use smart card reader. PC/SC: Personal computer/ Smartcard is a win 32 based specification to allow the manufactures to develop products independently. CEPS : Common Electronic Purse Standard Java Card

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.