Presentation is loading. Please wait.

Presentation is loading. Please wait.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

Similar presentations


Presentation on theme: "HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014."— Presentation transcript:

1 HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014

2 INTRODUCTION TO HCE Host Card Emulation– NFC Killer? Please Copy and Distribute

3 What is Host Card Emulation? Please Copy and Distribute Handset Application UICC NFC Controller NCI HCI/SWP ISO 14443 NCI NFC Controllers have always had the ability to exchange ISO14443 frames between the Handset’s main processor and an external ISO 14443 reader HOST CARD EMULATION exposes that capability to applets running in the handset via APIs NCI (NFC Forum NFC Controller Interface Specification) provides a standard way of accessing that capability

4 Contactless Payments Transaction Details Offline Data Authentication Cryptogram Verification If we restrict or limit the usefulness of the keys in the phone, we limit the liability associated with their compromise; We can accept a greater vulnerability for those limited use keys yet still achieve an acceptable overall exposure Please Copy and Distribute Cryptogram Digital Signature Everything that’s going on in NFC with Banks, MNOs and TSMs is to enable banks to extend their reach into the MNO’s chips with the same degree of security as that into chips in single-issuer bank cards.... And it’s commercially and technically challenging

5 How does it work? Transaction Details Cryptogram Online Cryptogram Verification Offline Data Authentication Digital Signature 3) Issuer generates limited use keys from the static keys and counter, and downloads them to the phone’s handset 4) Cardholder opens application, waves phone at reader 5) Terminal conducts transaction as normal 2) Cardholder periodically contacts issuer and requests download 7) Issuer verifies cryptogram but using limited use key rather than static key 6) Terminal verifies signature using certificates as normal 1) Issuer retains the static keys and counter and provides access to them over the phones network connection (GSM, 3G, WiFi) Please Copy and Distribute

6 Most Issuing Banks currently have or are developing, mobile banking applications. You can do many things with those but cannot pay for things in stores. These already have a mechanism for authenticating the customer to the bank, and for securely exchanging information over web service protocols. HCE provides a mechanism to allow these apps to be used for in store purchasing. It allows banks to provide mobile proximity payment capability without needing to negotiate with MNOs or TSMs. Probably best not to put a real Card Number in the phone, though Implications of HCE for Issuing Banks Please Copy and Distribute

7 Tokenisation Please Copy and Distribute ACQUIRER TOKEN SERVICE PROVIDER TOKEN SERVICE PROVIDER PAYMENT NETWORK PAYMENT NETWORK ISSUING BANK MERCHANT RULES ENGINE -Channel --Time RULES ENGINE -Channel --Time DATABASE -Real PAN - Token PAN DATABASE -Real PAN - Token PAN Token PAN Real PAN

8 Implications of HCE for Retailers Please Copy and Distribute PCD Secure Element Payment App NFC Chip Payment Kernel Payment Kernel Point Of Sale Terminal Point Of Sale Terminal Handset Operating System HCE allows us to bypass the app in the secure element to talk to the payment kernel Handset App We can also bypass the payment kernel by using a reader “pass-through mode” to send data directly over the contactless interface Until recently there was no point in doing this as we could only communicate with an app in the secure element, which was expensive to build and certify However, with HCE a POS can now communicate directly with a retailer handset app to support a richer sales experience over contactless than just payments. Retailer POS Application Retailer POS Application Before HCE, POS terminals could only communicate with apps in secure elements.

9 INTRODUCTION TO BLE Bluetooth Low Energy – NFC Killer? Please Copy and Distribute

10 BLE Promises Please Copy and Distribute

11 BLE is Bluetooth for devices powered by small batteries mostly off; limited range (<50m) Devices are peripherals or central hosts or can be both BLE devices can Discover each other infrequently broadcast short “It’s Me!” data bursts Measure received signal strength to indicate distance BLE devices can Connect to each other Devices can be paired using pre-shared key or passcode Paired devices can encrypt communications BLE devices can Exchange Data with each other: Get value of attribute # 123 Set value of Attribute # 123 Notify me when the value of attribute #123 changes BLE Technology Please Copy and Distribute

12 Discovering Devices Please Copy and Distribute Advert SCAN REQUEST SCAN RESPONSE Battery lifetime decreases with more frequent advertisements Battery lifetime decreases with more data in advertisements Reliability of signal strength indication improves with more frequent advertisements Latency (noticing when the tag appears or disappears) improves with more frequent advertisements Received Signal Strength decreases when objects (and people) get in the way D6 BE 89 8E 40 09 32 A9 F0 93 0C D8 02 01 06 20 D1 54 1E A5 D6 BE 89 8E 40 24 FE 4F D7 E4 F5 D5 02 01 06 1A FF 4C 00 02 15 B9 40 7F 30 F5 F8 46 6E AF F9 25 55 6B 57 FE 6D 4F FE E4 D7 B6 26 5A 10 23 A5 D6 BE 89 8E 83 0C D5 3B 22 8C BA 1C 32 A9 F0 93 0C D8 C8 40 DA 40 A5 D6 BE 89 8E 44 20 32 A9 F0 93 0C D8 04 08 73 42 32 11 06 A6 DA 37 DE C1 9A FC 80 94 4A D8 A8 02 62 C2 BE 02 0A 00 DC EE 65 10 A5

13 Connecting Devices Please Copy and Distribute CONNECT Example: The device supports the Health Thermometer Service The Service has a Characteristic with a Description of “Temperature Measurement” The Service has a Characteristic with a Description of “Temperature Type” The “Temperature Measurement” Characteristic has a Value of “68 Fahrenheit” The “Temperature Type” Characteristic has a Value of “Body” SERVICE DISCOVERY CHARACTERISTIC DESCRIPTION DISCOVERY CHARACTERISTIC DISCOVERY

14 Exchanging Data Please Copy and Distribute SET Each Attribute has a unique “Handle”: think of it as one row in a table Data is exchanged by reading or writing to the Attribute with a particular handle Data can be protected by assigning access rights specific to each handle. GET NOTIFY Server Client

15 Data Connections to sensors Heart Rate Monitors Fitness Trackers Temperature Monitors Motion Sensors BLE Services Client Confidential Based on Presence Find Me Device Leashing Beacons

16 Transmits Advertising Packets Only (no reception) Proximity UUID identifies the Merchant; Major (up to 65535) and Minor (up to 65535) together identify a unique Beacon within a Store Transmitted Signal Strength (Tx) from Beacon and Received Signal Strength Indicator (RSSI) at phone together indicate range (Close, Near, Far Away) Apps are notified when the phone enters or leaves regions If the retailer app knows where the beacons are, it knows where you are Apple’s iBeacon Please Copy and Distribute 16-byte Proximity UUID MajorMinorTx HDR RSSI

17 Extends PayPal Here to simplify purchases Beacons at doorways to detect entering the store Connections used to authenticate user Avoids use of WiFi or Mobile Network PayPal Beacon Please Copy and Distribute Who is in my store? ID + ID + £xx.xx I’m Here! Connect & Request Token Token + Store Data + Signature Encrypted Data Encrypted Response

18 For more information Please contact: USA and Latin America: lanny.byers@chyp.comlanny.byers@chyp.com Rest of the world: nick.norman@chyp.comnick.norman@chyp.com Visit: http://www.chyp.comhttp://www.chyp.com Read: http://tomorrowstransactions.comhttp://tomorrowstransactions.com Listen: http://www.chyp.com/media/podcastshttp://www.chyp.com/media/podcasts Follow: @chyppings Please Copy and Distribute


Download ppt "HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014."

Similar presentations


Ads by Google