Presentation is loading. Please wait.

Presentation is loading. Please wait.

2016 LOGO Comparison Between Apple Pay and Ali Pay Zhu Liang Li Zhihao

Published byJanice Thompson Modified over 7 years ago

Similar presentations

Presentation on theme: "2016 LOGO Comparison Between Apple Pay and Ali Pay Zhu Liang Li Zhihao"— Presentation transcript:

1 2016 LOGO Comparison Between Apple Pay and Ali Pay Zhu Liang Li Zhihao
Xu Chuchu slide to unlock

2 LOGO 1 2 3 4 5 6 7 8 9 Enter Passcode Emergency Cancel ABC DEF GHI JKL
MNO 7 PQRS 8 TUV 9 WXYZ Emergency Cancel

3 CONTENTS LOGO Introduction Security Authentication Communication 1 2 3
4

4 Introduction of Apple Pay
A tokenized NFC payment method Payment information flow from iPhone to merchant, acquirer bank, payment gateway and issuer bank by layers. High security by using token and other secure units. Acquire PG Issuer Merchant Customer NFC & Touch ID 2.Payment is Verified by layers 1. Customer uses Apple Pay Apple Pay Procedures

5 Introduction of Ali Pay
Online QR Method Ali pay play the role of intermediary Create E-wallet and control cash flow The login password and payment password are not same All the payment based on Internet Double Password Third Party Scan QR code to pay to other Let merchant scan customer’s QR code to start a payment procedure

6 Apple Pay Security Major Technology Use token represent the card No.
Token is save in Secure Element in iPhone The convert from card No. to token is irreversible Key point is Touch ID Tokenization

7 Apple Pay Security Core Units in iPhone
Secure Unit Function Secure Element Core, save token, prevent physical attack NFC Controller Router, connect POS SE and AP Passbook Show card and transaction information Touch ID Gain fingerprint Secure Enclave Provide secure environment in iPhone Apple Pay Server Manage card and account, communicate Core Units in iPhone Secure communication between Secure Enclave and Touch ID Secure communication between Secure Element and Secure Enclave

8 Apple Pay Security Apple Pay
Secure communication between Secure Enclave and Touch ID Attacker Application Processor Touch ID Secure Enclave Session key shared by Touch ID and Secure Enclave Based on AES–CCM algorithm

9 Key distribute to SE in production period
Apple Pay Apple Pay Security Secure communication between Secure Element and Secure Enclave Attacker NFC Controller and Application Processor Secure Element Secure Enclave Can not use session key Key distribute to SE in production period Based on AES algorithm

10 Apple Pay Security Prevent from replay attack Dynamic Security Code
Device Account Number Payment Network Verify DSC

11 Apple Pay Security Security threat of Apply Pay SE Touch ID
SE module is damaged Security threat of Apply Pay Touch ID Touch ID is Jail-broken Third Party App Unauthorized Application leads to threat

12 Encryption of exchanged message behind the QR code
Ali Pay Ali Pay Security Security demand of Ali Pay Confidentiality Integrity Non-repudiation Encryption of exchanged message behind the QR code Use hash function to secure the integrity of exchanged message Use digital signature

13 Ali Pay Security Ali Pay Security threat of Ali Pay
The payment procedure is all online may leads to secure information leak Online cause security threat If the QR code is stolen, attacker can easily attack your e-wallet, although the QR code has timelineness about 5 min Steal of QR Code

14 Ali Pay Third Party threat Authorization
Continued As a controller, Ali Pay may become the bottleneck of whole payment procedure Third Party threat When customer scan other QR code for payment, the authorization about the QR code need to strengthen. Authorization

15 Authentication LOGO How Ali Pay achieves authentication
1 How Apple Pay achieves authentication 2

16 Real Name System Of Ali Pay
Real Name Registration Customers are divided by three types. Corresponding user authentication requirements are provided for different client types. Account Type Payment Service Payment Limit Authentication Method Type 1 Consumption Transfer 1,000 RMB In total At least one online authentication channel Type 2 100,000 RMB/ a year Face-to-face authentication/ At least three online authentication channels Type 3 Investment 200,000 RMB/ a year Face-to-face authentication/ At least five online authentication channels Real Name System Of Ali Pay

17 Real Name System Of Ali Pay
Real Name Registration Users need to provide different types of information to the system to help them be classified three categories, including filling a personal information questionnaire, uploading a photo of their identity card, banding bank card, etc. Ali Pay keeps user’s user name, gender, address, contact means and state ID number on file. Real Name System Of Ali Pay

18 Using NNL S3 Authentication Suite
Ali Pay Fingerprint Authentication Ali pay uses Nok Nok Labs S3 Authentication Suite to enable secure online payments by using the Fingerprint Sensor (FPS) technology. The S3 Authentication Suite is the only authentication platform that supports the entire FIDO authentication modes including the passwordless mode and the password augmentation mode. Using NNL S3 Authentication Suite

19 Using NNL S3 Authentication Suite
Ali Pay Fingerprint Authentication The NNL S3 architecture features: An NNL Multifactor Authentication Client (MFAC) using an abstraction layer. Authentication for Web applications achieved by using a JavaScript library that communicates with MFAC which using a browser plug-in. Authentication for mobile apps enabled by integrating with the NNL Mobile App SDK. Using NNL S3 Authentication Suite

20 Using NNL S3 Authentication Suite
Ali Pay Fingerprint Authentication The NNL S3 architecture features: MFAC communicates to MFAS using the Universal Authentication Framework (UAF) protocol allowing MFAS to interoperate with any FIDO Ready device and authentication method. MFAS can be deployed in different environments and it provides Web and mobile applications with REST API endpoints to handle device registration. Using NNL S3 Authentication Suite

21 Apple Pay System BI Intelligence

22 Authentication Of Apple Pay
How Apple Pay Achieves Authentication  Data authentication: An emerging form of tokenization increases security of transactions made within apps & in-store.  Device authentication: Each Apple Pay transaction has a unique value to ensures that the transaction is coming from an authorized device.  User authentication: Apple requires the user’s bank to have an additional user authentication system. In addition, Apple Pay requires fingerprint authentication through Touch ID. Authentication Of Apple Pay

23 Mobile payment Communication
LOGO Mobile payment Communication NAME Ali Pay Apple Pay Position Communication QR Code NFC

24 QR Code in Mobile Payment
Ali Pay QR Code Scan and Pay 1.Merchant uses the reader machine to scan user’s QR code in smart phone to finish payment. 2.User opens Ali Pay app on smart phone and scan the merchant’s QR code to finish payment. QR Code in Mobile Payment

25 Apple Pay NFC Touch and Pay Users put the electronic device close to the Pos machine which embed NFC components, then the payment can be finished at once. NFC in Mobile Payment

26 QR Code Ali Pay Active read mode Advantages Disadvantages
1.User opens Alipay app 2.Scan merchant QR code 3.QR code is recognized 4.User confirms payment information 5.App sends payment order to the payment system. 6.System sends the feedback results Active read mode Mobility Accessibility Fast transaction speed 1.High cost of merchants’ device 2.The app can be only downloaded on smart phone with the special system Advantages Disadvantages Passive read mode 1.User opens Alipay app 2. Merchant scan user QR code 3.QR code is recognized 4.Merchant sends the payment request to the payment system. 5.System sends the payment confirmation to user 6.User confirms payment information and sends it to the payment system 7.System sends the feedback results

27 NFC Active mode Advantages Disadvantages Passive mode Apple Pay
Initiator and target devices will generate their own field alternately. The field of one device will be activated while sending data, its field will be deactivated while waiting data. Active mode Low power consumption High bandwidth High Security level Fast connection speed 1.Communcation range is short 2. Slower transmission speed compared with bluetooth. Advantages Disadvantages Passive mode Initiator device will generate a field, target device will modulate this field and response, obtain power from RF field of initiator device.

28

29 THANK YOU

Download ppt "2016 LOGO Comparison Between Apple Pay and Ali Pay Zhu Liang Li Zhihao"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security Controls and Systems in E-Commerce

Security Controls and Systems in E-Commerce
Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.

Michal Bodlák. Referred to as mobile money, mobile money transfer, and mobile wallet generally refer to payment services operated under financial regulation.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
Cryptography and Network Security

Cryptography and Network Security
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 10 Micropayments I.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments I.
“Electronic Payment System”

“Electronic Payment System”
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,

System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. iOS.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. iOS.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Similar presentations

Ads by Google