SlideShare a Scribd company logo

Mobile based authentication and payment

Josef Noll
Josef Noll

This document discusses mobile-based authentication and payment using near field communication (NFC) technology. It provides an overview of NFC, including how it works using RFID at 13.56 MHz, typical operating distances of 10 cm, and compatibility with existing RFID standards. Examples of potential NFC uses discussed include mobile payment and ticketing applications.

Technology
1 of 50
Download to read offline
NISnet Winterschool, April 2008 Mobile based authentication and payment Josef Noll Prof. stip. University Graduate Center/ University of Oslo josef@unik.no
Research and  Education at Kjeller Close relation to FFI,  IFE, NILU,... Prof. from Univ. of  Trondheim and Oslo 2 Mobile Payment and Access April 2008, Josef Noll
Outline Admittance, service access and payment  Mobile extensions  Introduction of RFID and NFC  Message: “Using the phone for payment and access” – Interfaces and standardisation – Phone implementations – Activities worldwide  Snapshots, Standardisation – “Who owns the SIM?”  My security infrastructure – Ownership versus management – 3 Mobile Payment and Access April 2008, Josef Noll
Service development Personalised broadband B3G: wireless services 3G: Multimedia communication Mobile telephony, SMS, FAX, 2G: Data 1G: Mobile telephony 2000 1970 1980 1990 2010 Josef Noll, 26.4.2005 RFID - NFC tutorial 4
The Service Challenge Mobile and Proximity Services Mobile services  Internet services te services in the mobile fica – ti cer mobile network services – signed certificates Internet services – NFC Proximity services Mobile initiated NFC service access Proximity services  Payment – Access, Admittance – 5 Mobile Payment and Access April 2008, Josef Noll
Current Access & Authentication mechanisms Login/password  Admission card  Payment card  Biometrics  6 Mobile Payment and Access April 2008, Josef Noll
My phone collects all my security SIM with NFC & PKI 7 Mobile Payment and Access April 2008, Josef Noll
Mobile Services, incl. NFC • NFC needs next • Focus in 2008 on generation phones mobile web • S60, UIQ, ... • Push content upcoming • Common Application development • Integrated SMS authentication Mobile Web Push content NFC payment 60 development 45 30 15 0 2006 2008 2010 Expected customer usage [%] “have tried” of mobile services in the Nordic Market [“Mobile Phone Evolution”, Movation White paper, May 2007] 8 Josef Noll, “Who owns the SIM?”, 5 June 2007
Mobile Phone supported access SMS one-time password  MMS, barcode  eCommerce (SMS exchange)  Network authentication  WAP auto access  Applets: PIN code generation  (Bank ID) Future SIM  9 Mobile Payment and Access April 2008, Josef Noll
WAP gateway Seamless authentication HTTP request HTTP request Hash 94815894 cTHG8aseJPIjog== Pictures for ’rzso’. Password:1234 sID: cTHG8aseJPIjog== 10 Mobile Payment and Access April 2008, Josef Noll
Banking from the mobile phone Security considerations  Equally secure as SMS Welcome Josef: (get your account status) SIM authentication  Easy to use  Advanced functionality Advanced through PIN (if required) Information: functionality  Seamless phone (SIM) Using SIM, authentication BankID or PIN no customer input (double security)  Advanced security when required required BankID or – Transfer, NFC communication Account status PIN – unit payments NFC2 SIM SIM Smartcard interfaces ISO/IEC 7816 11 Mobile Payment and Access April 2008, Josef Noll
MyBank example: Banking from the mobile phone User incentive:  “My account is just one click away”  “enhanced security for transactions” Phone (SIM) authentication Level 2 security through PKI/BankID/PIN? 12 Mobile Payment and Access April 2008, Josef Noll
Authentication provider Seamless authentication Auth. provider Content Service Physical access, .mp3, VPN access access .jpg Josef Noll, “Who owns the SIM?”, 5 June 2007
Outline Admittance, service access and payment  Mobile extensions  Introduction of RFID and NFC  Message: “Using the phone for payment and – access” Interfaces and standardisation – Phone implementations – Activities worldwide  Snapshots, Standardisation – “Who owns the SIM?”  My security infrastructure – Ownership versus management – 14 Mobile Payment and Access April 2008, Josef Noll
ID, trust and personalisation provider Who provides?  Certifica Remote services ID provider te – Where to store?  Network – Phone – How to store/backup?  long term, short term – Proximity services Josef Noll, “Who owns the SIM?”, 5 June 2007
RFID Technology: Principle RFID-reader sends a  RF signal TAG receives it  TAG returns  predefined signal   RFID-TAG doesn’t need own power supply  TAG gets power to operate from the RF-pulse of reader  No need for physical sight or contact between reader and TAG Each product can have own id-number Source: Eurescom P1346 D2, January 2004 16 Mobile Payment and Access April 2008, Josef Noll
Passive RFID: Main frequencies Toll Roads Item Access Control Item Management I.C. Cards Animal ID Management 2.45 GHz 13.56 Mhz 125,133 kHz ~900 MHz 100 MHz 10 kHz 100 kHz 10 MHz 1 Mhz 1000 MHz 2.45 GHz Frequency division:  Low: 100-500 kHz – – Medium: 6-15 MHz – High: 850-950 MHz and 2.45 GHz Active responses  – AutoPass 5.8 GHz Source: Eurescom P1346 D2, January 2004 17 Mobile Payment and Access April 2008, Josef Noll
Current Services and Applications Typical services made using RFID today Sports Timing  Access Control  Animal Tracking  Asset Management  Baggage Handling  Product Authentication, Security  Supply Chain Management  Transportation, user information  Wireless Commerce, Payments, Toll Collection  Source: Eurescom P1346 D2, January 2004 18 Mobile Payment and Access April 2008, Josef Noll
Registration example: Birkebeiner Online information to mobile  phone Could be used for photo, video,  etc 19 Mobile Payment and Access April 2008, Josef Noll
Ticketing Cinema/Concerts RFID ticketing zone MobileCommerce Football/Sport Terminal Incl. rfid tag Ticketing Bus/Subway terminal with RFID ticketing RFID reader server Source: Eurescom P1346 D2, January 2004 20 Mobile Payment and Access April 2008, Josef Noll
Supply chain supplier A customer Prosessing wholesaler retailer customer customer supplier 2 Presentation Product Infomration Database RFID reader/gate RFID reader/gate can be placed along manufacturing lines (company internal) and along the distribution chain (company external/between the actors) Source: Eurescom P1346 D2, January 2004 21 Mobile Payment and Access April 2008, Josef Noll
Visitor Density, two functions InfoSpot Example1: Roller-coaster Customer ”Wher queue reader ”Where is e ID:12 was service my kid?” 31 seen? 23 last ” ”At the Reader X roller- ”Roller -coaste coaster r queue” System queue” Database Example2: Reader Y Resort ”What ride has owner most users?” services ”Bumber cars; 200 users/day; Datamining 50cent/ride” Resort owner services Source: Eurescom P1346 D2, January 2004 22 Mobile Payment and Access April 2008, Josef Noll
Technology: Range From millimeters to tens of meters  Depends on antennas, power of reader,  characteristics of TAG and operation principle Range decided when application developed  ISO standards:  proximity cards: 10 cm – Vicinity cards: 1,5 m – Source: Eurescom P1346 D2, January 2004 23 Mobile Payment and Access April 2008, Josef Noll
NFC is ... Passive operation: RFID at 13.56 MHz  1) Phone=Reader has static RF (modem) and protocolls  magnetic field 2) Tag acts as resonator, “takes energy” ~1/r^6 1 Power decrease of static and electromagnetic field 0,75 0,5 1/r^2 0,25 1/r^6 0 0,8 1,6 2,4 3,2 4 4,8 5,6 6,4 7,2 8 8,8 9,6 24 Mobile Payment and Access April 2008, Josef Noll
Technology: Security considerations In the past there was no need for security in RFID-systems  – logistic data collection the information has no relevance or value anywhere else except the originally designed purpose If TAGs are in consumer goods there is a need for security and  privacy Security protocols:  Bilateral authentication – Key agreement – Encrypted communication – Secure communications needs computing resources  Personal items  Passport, Payment cards, mobile phone Source: Eurescom P1346 D2, January 2004 25 Mobile Payment and Access April 2008, Josef Noll
ViVOtech 2006: Contactless replaces cash 26 Mobile Payment and Access April 2008, Josef Noll
NFC technology and use case ECMA-340, ISO/IEC 18092 & Based on RFID technology at   ECMA-352, …standards 13.56 MHz Powered and non-self Typical operating distance 10 cm   powered devices Compatible with RFID  Data rate today up to 424 kbit/s  Philips, Sony and Nokia  27 Mobile Payment and Access April 2008, Josef Noll
NFC use cases Payment and access  include Master-/Visacard in the phone – have small amount money electronically – admittance to work – Service Discovery  easy access to mobile services: – Web page, SMS, call, ... local information and proximity services (get – a game) Ticketing  Mobile tickets for plain, train, bus: – Parents can order and distribute, ... Source: Nokia 6131 NFC Technical Product Description 28 Mobile Payment and Access April 2008, Josef Noll
NFC standardisation ECMA-340 Specifies the RF signal • interface Initialisation, anti- • collision and protocols Communication mode • ECMA 352 (v1, Dec 2003) selection mechanism Selects communication • modes: NFC, PCD, and VCD Enables communication in • that mode Josef Noll, 26.4.2005 RFID - NFC tutorial 29
NFCIP-2 Interface and protocol (ISO/IEC 21481) Interface Standards ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode ECMA-340 (MIFARE, FeliCa) (facility access) 30 Mobile Payment and Access April 2008, Josef Noll
NFCIP-2 Interface and protocol (ISO/IEC 21481) Proximity Card Vicinity Card NFC device Reader Reader YES 340 okay Interface Standards NFC ECMA-340 ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 31 Mobile Payment and Access April 2008, Josef Noll
NFCIP-2 Interface and protocol (ISO/IEC 21481) Proximity Card Vicinity Card NFC device Reader Reader NO 15693 okay Interface Standards NFC ECMA-340 ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 32 Mobile Payment and Access April 2008, Josef Noll
Nokia 6131 Firmware ISO 14443 Source: Nokia 6131 NFC Technical Product Description 33 Mobile Payment and Access April 2008, Josef Noll
NFC phone status (April 2008) Nokia 3320, 5340, 6131, xx  Philips/Samsung X700  LG  Sagem  BenQ T80  Missing specifications  Motorola  HTC  34 Mobile Payment and Access April 2008, Josef Noll
Time to market based on phone evolution DnB Nor and Telenor to form mobile payments unit Posted April 21, 2008 Norwegian banking group DnB Nor and local telco Telenor have revealed plans to establish a new mobile payments program. The new mobile payments system, called Trusted Service Manager (TSM) Nordic, will be a subsidiary of Doorstep. Orange delays NFC launch Posted April 16, 2008 Mobile operator Orange is postponing its commercial NFC launch by several months, according to CardLine Global. Operators to Launch NFC-Based Mobile Payment Services 13th November 2007, Macau: 12 mobile operators will run trials of contactless mobile payment services in Australia, France, Ireland, Korea, Malaysia, Norway, The Philippines, Singapore, Taiwan, Turkey and the U.S. as a precursor to commercial launches. Near Field Communications News and Insight BBC names NFC a top technology for 2008 Posted January 16, 2008 Survey shows that US consumers want simple payment features for NFC phones Posted January 10, 2008 Report: Majority of phones will support NFC once standards are finalized Posted January 03, 2008 Source: NFCnews.com 35 Mobile Payment and Access April 2008, Josef Noll
UNIK work Key-exchange for admittance and content protection  Analysis and implementation of Easy Pairing  Easy Pairing  Use NFC to establish Bluetooth contact with Media – Center analyse phones: Nokia 3320, Nokia 6131 – Experiences from Implementations  Phones and NFC tags – Linux pairing – Windows pairing – 36 Mobile Payment and Access April 2008, Josef Noll
Prototype: SMS key access Service Centre 2) Send info 1) Send SMS to recipient Application 3) Send service to phone 4) Enters house NFC with NFC access communication unit NFC2SI M SIM Smartcard interfaces ISO/IEC 7816 37 Mobile Payment and Access April 2008, Josef Noll
Implementation (3) Receive info message (1) Register the user (4) Saving the NFC key (2) Send mobile key (mKey) to user 38 Mobile Payment and Access April 2008, Josef Noll
ITEA WellCom: Interworking Set-top box and mobile 1) Easy device set-up 2) Authentication and and communication Service Access Source: AlcatelLucent, WellCom Meeting Mobile Payment and Access April 2008, Josef Noll
Easy Pairing Scenario Using NFC for reading  connectivity data of phone Set-top box initiates process  NFC phones can pair through  vicinity – phone in range – start Bluetooth scanning 1. search for Bluetooth device – request for pairing 2. identity phone (tag info) 3. service discovery on phone No NFC phone  4. pairing – use tag with Bluetooth information Comment: Similar procedure for Wifi   pairing – security in handling activities 40 Mobile Payment and Access April 2008, Josef Noll
Example EnCap Easy authentication Challenge: Find your BankID to sign in for  Internet banking – Could be triggered through login: www.encap.mobi/demobank – Using NFC for starting secure authentication Tag starts application on phone  – One time password created Application areas  all kinds of authentication – local payment – BankID (while waiting for secure SIM) – 41 Mobile Payment and Access April 2008, Josef Noll
Interworking between NFC components Easy programming through Java MIDlet  software development environment available Interface to Java Card and Mifare environment  Tricky:  Interworking Java - Card, Mifare and Java Ongoing  secure element = SIM - Source: Nokia 6131 NFC Technical Product Description 42 Mobile Payment and Access April 2008, Josef Noll
Ongoing technical work Interaction SIM-Mifare-Mobile Phone = “Single-wire  protocoll” Interaction Phone - Devices  Power-on/power-off – Roadmap for secure authentication  43 Mobile Payment and Access April 2008, Josef Noll
New visions GlobalPlatform From current SIM to Future SIM Real Estate 3.r ionsfor mobile / UICC GlobalPlatform’s Party sec. dom vision Real Estate 3.rd  To comply with 3G networking requirements UICC Party sec. domains (USIM) vision Security features (algorithms and protocols), – longer key lengths GSM uses EAP SIM: client authentication – UMTS uses EAP AKA: Mutual authentication – 3rd party identities  ISIM application (IMS) – Current Telenor private user identity On-board On-board – WEB server ! WEB server ! SIM (UICC) card one or more public user – (from 2001) identities Multi- Multi- Thread Plus ETSI SCP– Long term secret Thread Plus ETSI 3 new phys IFs: 3 new phy 12 Mb/s USB SUN 2009? 12 Mb/s SUN (Java) NFC (SWP) 2009? Source: Judith Rossebø, Telenor (Java) NFC (S 44 Mobile Payment and Access April 2008, Josef Noll
New UICC Architecture / SIM advances UICC architecture UICC – elements New eHealth Payment Multimedia DRM ? EMV PKI / eID Ticketing (DRM !) SIM USIM Electronic ID= IMSI Purse ID= IMSI & MSISDN & MSISDN Common Storage Phonebook SIM Application Toolkit ! CAT UICC ID = ICCID GSM Allocated NFC (or other) IF 12 Mb/s USB (2G/3G) IFs (1 connector) (5 connectors) Full speed IF Source: Judith Rossebø, Telenor 45 Mobile Payment and Access April 2008, Josef Noll
UICC for multiple ID providers Compartmentalisation of the UICC 3.rd party on-board applications featuring • Internal and segregated Security domains • Private entrances for SP to applications (own keys and key management) • Use of NFC, USB IF or other common resources -MNO as house-keeper (Real Estate Manager) Source: Judith Rossebø, Telenor 46 Mobile Payment and Access April 2008, Josef Noll
Third party business model • Media, • Banks, Service providers Content provider • Telecom, Corporate, Home Service Payment aggregator • Service aggregator provider • Convenient interfaces • Ease of use Identity and personalisation • Identity and personalisation provider provider Customer Authentication care and Access • Convenience provider • Trust 47 Josef Noll, “Who owns the SIM?”, 5 June 2007
The secure element: SIM card Identity and personalisation Service Authentication provider aggregator and Access provider Send key and Send info to • SIM is secure credentials recipient element NFC communication Send service to unit • controlled environment phone NFC2SIM • over-the-air update • open for applications SIM Smartcard interfaces ISO/IEC 7816 • SIM will be owned by user • managed by trusted third party Josef Noll, “Who owns the SIM?”, 5 June 2007
Challenges and Benefits 200 Convenience How insecure is the of usage Internet? Will the phone be the only 150 secure element? 100 Visa and Mastercard enable convenient small amount purchases Are Google, facebook and flickr more trusted than telecom 50 operators? Dynamic service environment? On-the-fly creation of services? 0 2006 2008 2010 Telco favourite Third party favourite 49 Josef Noll, “Who owns the SIM?”, 5 June 2007
Conclusions on Near Field Communications Standardisation well-under-way  NFC with three modes – SIM interworking – power on (payment) versus power off (ticket) – Commercial kick-off visible  Pre-commercial trials “everywhere” – Critical hand-set status (only low-range phones) – Unclear business models  variety of application areas – co-operation and revenue sharing – “Sufficient Security”?  Teaching the customer  easy to use – “always available” – Mobile Payment and Access April 2008, Josef Noll

Recommended

Accessing pay buy mobile model
Accessing pay buy mobile modelAccessing pay buy mobile model
Accessing pay buy mobile modelArief Gunawan
 
Rcs ts.com 14 8-2012
Rcs ts.com 14 8-2012Rcs ts.com 14 8-2012
Rcs ts.com 14 8-2012Rafael Junquera
 
Mtel Cash Mobile Commerce Suite
Mtel Cash Mobile Commerce SuiteMtel Cash Mobile Commerce Suite
Mtel Cash Mobile Commerce Suitewatsongallery
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentStefano Maria De' Rossi
 
Mmu marketing mobile_money
Mmu marketing mobile_moneyMmu marketing mobile_money
Mmu marketing mobile_moneyCamilo Tellez
 
From E-Transactions to M-Transactions: Enabling mobile transactions with info...
From E-Transactions to M-Transactions: Enabling mobile transactions with info...From E-Transactions to M-Transactions: Enabling mobile transactions with info...
From E-Transactions to M-Transactions: Enabling mobile transactions with info...drctan
 
GSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway
 
Sip vo ip-ims-convergence-d2-10 at kishore
Sip vo ip-ims-convergence-d2-10 at kishoreSip vo ip-ims-convergence-d2-10 at kishore
Sip vo ip-ims-convergence-d2-10 at kishoreAT Kishore
 

Recommended

Accessing pay buy mobile model
Accessing pay buy mobile modelAccessing pay buy mobile model
Accessing pay buy mobile modelArief Gunawan
 
Rcs ts.com 14 8-2012
Rcs ts.com 14 8-2012Rcs ts.com 14 8-2012
Rcs ts.com 14 8-2012Rafael Junquera
 
Mtel Cash Mobile Commerce Suite
Mtel Cash Mobile Commerce SuiteMtel Cash Mobile Commerce Suite
Mtel Cash Mobile Commerce Suitewatsongallery
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentStefano Maria De' Rossi
 
Mmu marketing mobile_money
Mmu marketing mobile_moneyMmu marketing mobile_money
Mmu marketing mobile_moneyCamilo Tellez
 
From E-Transactions to M-Transactions: Enabling mobile transactions with info...
From E-Transactions to M-Transactions: Enabling mobile transactions with info...From E-Transactions to M-Transactions: Enabling mobile transactions with info...
From E-Transactions to M-Transactions: Enabling mobile transactions with info...drctan
 
GSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway
 
Sip vo ip-ims-convergence-d2-10 at kishore
Sip vo ip-ims-convergence-d2-10 at kishoreSip vo ip-ims-convergence-d2-10 at kishore
Sip vo ip-ims-convergence-d2-10 at kishoreAT Kishore
 
MasterCard and Penrillian Partnership in NFC
MasterCard and Penrillian Partnership in NFCMasterCard and Penrillian Partnership in NFC
MasterCard and Penrillian Partnership in NFCNFC Forum
 
Du assignment.
Du assignment.Du assignment.
Du assignment.Sidharth Lunawat
 
Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Adrian Treacy
 
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments DevelopmentRabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments DevelopmentDan Armstrong
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Future Communications
Future CommunicationsFuture Communications
Future CommunicationsValter Wolf
 
Mobile Money Business Track: understanding the Model and Market
Mobile Money Business Track: understanding the Model and MarketMobile Money Business Track: understanding the Model and Market
Mobile Money Business Track: understanding the Model and MarketArief Gunawan
 
Unstoppable Wireless Forces
Unstoppable Wireless ForcesUnstoppable Wireless Forces
Unstoppable Wireless ForcesContinuous Computing
 
Gemalto NFC
Gemalto NFCGemalto NFC
Gemalto NFCMobileMonday Beijing
 
Linking m-commerce to the physical point of sale
Linking m-commerce to the physical point of saleLinking m-commerce to the physical point of sale
Linking m-commerce to the physical point of saleOGZ
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Card issuance solution - Giai phap phat hanh the tai chinh
Card issuance solution - Giai phap phat hanh the tai chinhCard issuance solution - Giai phap phat hanh the tai chinh
Card issuance solution - Giai phap phat hanh the tai chinhTHANK Truong
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsEd Pimentel
 
Vs
VsVs
VsAnkit Gupta, FRM
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...Spire Research and Consulting
 
Secure mobile payment
Secure mobile paymentSecure mobile payment
Secure mobile paymentAhmed Kamel Taha
 
Teknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTETeknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTEHazim Ahmadi
 
Mobile Money Brochure
Mobile Money BrochureMobile Money Brochure
Mobile Money Brochureraquelfreitas
 
How we do monotize SaaS as a VAS in India?
How we do monotize SaaS as a VAS in India? How we do monotize SaaS as a VAS in India?
How we do monotize SaaS as a VAS in India? Ranjit Kumar
 
Grabovsky a.t.kearney telco-form_08.06.11
Grabovsky a.t.kearney telco-form_08.06.11Grabovsky a.t.kearney telco-form_08.06.11
Grabovsky a.t.kearney telco-form_08.06.11Андрей Лукин
 
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTeMobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTeJanet Jaiswal
 
Advances In Satellite Communication
Advances In Satellite CommunicationAdvances In Satellite Communication
Advances In Satellite Communicationabhijeet rasal
 

More Related Content

What's hot

MasterCard and Penrillian Partnership in NFC
MasterCard and Penrillian Partnership in NFCMasterCard and Penrillian Partnership in NFC
MasterCard and Penrillian Partnership in NFCNFC Forum
 
Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Adrian Treacy
 
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments DevelopmentRabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments DevelopmentDan Armstrong
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Future Communications
Future CommunicationsFuture Communications
Future CommunicationsValter Wolf
 
Mobile Money Business Track: understanding the Model and Market
Mobile Money Business Track: understanding the Model and MarketMobile Money Business Track: understanding the Model and Market
Mobile Money Business Track: understanding the Model and MarketArief Gunawan
 
Linking m-commerce to the physical point of sale
Linking m-commerce to the physical point of saleLinking m-commerce to the physical point of sale
Linking m-commerce to the physical point of saleOGZ
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Card issuance solution - Giai phap phat hanh the tai chinh
Card issuance solution - Giai phap phat hanh the tai chinhCard issuance solution - Giai phap phat hanh the tai chinh
Card issuance solution - Giai phap phat hanh the tai chinhTHANK Truong
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsEd Pimentel
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...Spire Research and Consulting
 
Teknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTETeknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTEHazim Ahmadi
 
Mobile Money Brochure
Mobile Money BrochureMobile Money Brochure
Mobile Money Brochureraquelfreitas
 
How we do monotize SaaS as a VAS in India?
How we do monotize SaaS as a VAS in India? How we do monotize SaaS as a VAS in India?
How we do monotize SaaS as a VAS in India? Ranjit Kumar
 
Grabovsky a.t.kearney telco-form_08.06.11
Grabovsky a.t.kearney telco-form_08.06.11Grabovsky a.t.kearney telco-form_08.06.11
Grabovsky a.t.kearney telco-form_08.06.11Андрей Лукин
 

What's hot (20)

MasterCard and Penrillian Partnership in NFC
MasterCard and Penrillian Partnership in NFCMasterCard and Penrillian Partnership in NFC
MasterCard and Penrillian Partnership in NFC
 
Du assignment.
Du assignment.Du assignment.
Du assignment.
 
Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012
 
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments DevelopmentRabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
Rabo Mobiel & NMB Mobile: Mobile Banking & Payments Development
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Future Communications
Future CommunicationsFuture Communications
Future Communications
 
Mobile Money Business Track: understanding the Model and Market
Mobile Money Business Track: understanding the Model and MarketMobile Money Business Track: understanding the Model and Market
Mobile Money Business Track: understanding the Model and Market
 
Unstoppable Wireless Forces
Unstoppable Wireless ForcesUnstoppable Wireless Forces
Unstoppable Wireless Forces
 
Gemalto NFC
Gemalto NFCGemalto NFC
Gemalto NFC
 
Linking m-commerce to the physical point of sale
Linking m-commerce to the physical point of saleLinking m-commerce to the physical point of sale
Linking m-commerce to the physical point of sale
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011
 
Card issuance solution - Giai phap phat hanh the tai chinh
Card issuance solution - Giai phap phat hanh the tai chinhCard issuance solution - Giai phap phat hanh the tai chinh
Card issuance solution - Giai phap phat hanh the tai chinh
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthings
 
Vs
VsVs
Vs
 
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Building block...
 
Secure mobile payment
Secure mobile paymentSecure mobile payment
Secure mobile payment
 
Teknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTETeknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTE
 
Mobile Money Brochure
Mobile Money BrochureMobile Money Brochure
Mobile Money Brochure
 
How we do monotize SaaS as a VAS in India?
How we do monotize SaaS as a VAS in India? How we do monotize SaaS as a VAS in India?
How we do monotize SaaS as a VAS in India?
 
Grabovsky a.t.kearney telco-form_08.06.11
Grabovsky a.t.kearney telco-form_08.06.11Grabovsky a.t.kearney telco-form_08.06.11
Grabovsky a.t.kearney telco-form_08.06.11
 

Viewers also liked

Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTeMobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTeJanet Jaiswal
 
Advances In Satellite Communication
Advances In Satellite CommunicationAdvances In Satellite Communication
Advances In Satellite Communicationabhijeet rasal
 
USAT : USIM Application Toolkit
USAT : USIM Application ToolkitUSAT : USIM Application Toolkit
USAT : USIM Application ToolkitByeongweon Moon
 
Security and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud ComputingSecurity and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud ComputingRam Kumar K R
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing Adz91 Digital Ads Pvt Ltd
 
Broadband wireless communications
Broadband wireless communicationsBroadband wireless communications
Broadband wireless communicationsNagu Omsi
 
Mobile computing security
Mobile computing securityMobile computing security
Mobile computing securityZachariah Pabi
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSKathirvel Ayyaswamy
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Designing for privacy in mobile applications
Designing for privacy in mobile applicationsDesigning for privacy in mobile applications
Designing for privacy in mobile applicationsVodafone developer
 
Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam
Designing for Privacy in Mobile and Web Apps - Interaction '14, AmsterdamDesigning for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam
Designing for Privacy in Mobile and Web Apps - Interaction '14, AmsterdamAmber Case
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingIGEEKS TECHNOLOGIES
 

Viewers also liked (20)

Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTeMobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
Mobile Privacy Consumer Survey Results by Harris Interactive & TRUSTe
 
Advances In Satellite Communication
Advances In Satellite CommunicationAdvances In Satellite Communication
Advances In Satellite Communication
 
USAT : USIM Application Toolkit
USAT : USIM Application ToolkitUSAT : USIM Application Toolkit
USAT : USIM Application Toolkit
 
Security and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud ComputingSecurity and Privacy in Mobile Cloud Computing
Security and Privacy in Mobile Cloud Computing
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
 
Broadband wireless communications
Broadband wireless communicationsBroadband wireless communications
Broadband wireless communications
 
Mobile computing security
Mobile computing securityMobile computing security
Mobile computing security
 
Cognitive radio
Cognitive radioCognitive radio
Cognitive radio
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKS
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Multimedia Network
Multimedia NetworkMultimedia Network
Multimedia Network
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Designing for privacy in mobile applications
Designing for privacy in mobile applicationsDesigning for privacy in mobile applications
Designing for privacy in mobile applications
 
Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam
Designing for Privacy in Mobile and Web Apps - Interaction '14, AmsterdamDesigning for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam
Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam
 
3 g vs 4g
3 g vs 4g3 g vs 4g
3 g vs 4g
 
Efficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computingEfficient authentication for mobile and pervasive computing
Efficient authentication for mobile and pervasive computing
 
3g 4g ppt
3g 4g ppt3g 4g ppt
3g 4g ppt
 
Introduction to 3G
Introduction to 3GIntroduction to 3G
Introduction to 3G
 
3g & 4g technology
3g & 4g technology3g & 4g technology
3g & 4g technology
 
Cognitive Radio
Cognitive RadioCognitive Radio
Cognitive Radio
 

Similar to Mobile based authentication and payment

mCommerce and Mobile Banking: The Evolution and Opportunities
mCommerce and Mobile Banking: The Evolution and OpportunitiesmCommerce and Mobile Banking: The Evolution and Opportunities
mCommerce and Mobile Banking: The Evolution and OpportunitiesMolecular Inc
 
Next Generation NFC Solutions and Contactless Infrastructure
Next Generation NFC Solutions and Contactless InfrastructureNext Generation NFC Solutions and Contactless Infrastructure
Next Generation NFC Solutions and Contactless InfrastructureCardtek
 
Zakaznik Uprostred Rustovych Strategii Firmy David Krystynek
Zakaznik Uprostred Rustovych Strategii Firmy David KrystynekZakaznik Uprostred Rustovych Strategii Firmy David Krystynek
Zakaznik Uprostred Rustovych Strategii Firmy David KrystynekTUESDAY Business Network
 
Mobey Forum - Case Study: Banking the Banked with NMB Mobile
Mobey Forum - Case Study: Banking the Banked with NMB MobileMobey Forum - Case Study: Banking the Banked with NMB Mobile
Mobey Forum - Case Study: Banking the Banked with NMB MobileDan Armstrong
 
Measurable Security in Mobile Systems
Measurable Security in Mobile SystemsMeasurable Security in Mobile Systems
Measurable Security in Mobile SystemsJosef Noll
 
Mobile Banking 2011: Clairmail
Mobile Banking 2011: ClairmailMobile Banking 2011: Clairmail
Mobile Banking 2011: ClairmailAberla
 
Near field communication and RFID - opening for new business
Near field communication and RFID - opening for new businessNear field communication and RFID - opening for new business
Near field communication and RFID - opening for new businessJosef Noll
 
P2P - Real Time Communications in the Enterprise
P2P - Real Time Communications in the EnterpriseP2P - Real Time Communications in the Enterprise
P2P - Real Time Communications in the EnterpriseMead Eblan
 
Obopay syncs Mobile payments into the Financial infrastructure
Obopay syncs Mobile payments into the Financial infrastructureObopay syncs Mobile payments into the Financial infrastructure
Obopay syncs Mobile payments into the Financial infrastructureObopay
 
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXPdroidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXPDroidcon Berlin
 
Mobile Financial Services - IBC / Singapore
Mobile Financial Services - IBC / SingaporeMobile Financial Services - IBC / Singapore
Mobile Financial Services - IBC / SingaporeDan Armstrong
 
The Future of DIgital Publishing - Telkomsel Indonesia June 2011
The Future of DIgital Publishing - Telkomsel Indonesia June 2011The Future of DIgital Publishing - Telkomsel Indonesia June 2011
The Future of DIgital Publishing - Telkomsel Indonesia June 2011Aris Sudewo Wirjoatmodjo
 
Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...
Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...
Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...Asociación de Marketing Bancario Argentino
 
Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...
Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...
Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...Dan Armstrong
 
OMI whitepaper On LBS - Nov 2008
OMI whitepaper On LBS - Nov 2008OMI whitepaper On LBS - Nov 2008
OMI whitepaper On LBS - Nov 2008Paul Brackel
 
All-IP Telecom Networks
All-IP Telecom NetworksAll-IP Telecom Networks
All-IP Telecom Networksalrohily
 
Technologies in the Networked Society, IP Networks in transition
Technologies in the Networked Society, IP Networks in transitionTechnologies in the Networked Society, IP Networks in transition
Technologies in the Networked Society, IP Networks in transitionEricsson Slides
 
The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...Josef Noll
 

Similar to Mobile based authentication and payment (20)

mCommerce and Mobile Banking: The Evolution and Opportunities
mCommerce and Mobile Banking: The Evolution and OpportunitiesmCommerce and Mobile Banking: The Evolution and Opportunities
mCommerce and Mobile Banking: The Evolution and Opportunities
 
Next Generation NFC Solutions and Contactless Infrastructure
Next Generation NFC Solutions and Contactless InfrastructureNext Generation NFC Solutions and Contactless Infrastructure
Next Generation NFC Solutions and Contactless Infrastructure
 
Zakaznik Uprostred Rustovych Strategii Firmy David Krystynek
Zakaznik Uprostred Rustovych Strategii Firmy David KrystynekZakaznik Uprostred Rustovych Strategii Firmy David Krystynek
Zakaznik Uprostred Rustovych Strategii Firmy David Krystynek
 
Mobey Forum - Case Study: Banking the Banked with NMB Mobile
Mobey Forum - Case Study: Banking the Banked with NMB MobileMobey Forum - Case Study: Banking the Banked with NMB Mobile
Mobey Forum - Case Study: Banking the Banked with NMB Mobile
 
Measurable Security in Mobile Systems
Measurable Security in Mobile SystemsMeasurable Security in Mobile Systems
Measurable Security in Mobile Systems
 
Mobile Banking 2011: Clairmail
Mobile Banking 2011: ClairmailMobile Banking 2011: Clairmail
Mobile Banking 2011: Clairmail
 
Near field communication and RFID - opening for new business
Near field communication and RFID - opening for new businessNear field communication and RFID - opening for new business
Near field communication and RFID - opening for new business
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services
 
P2P - Real Time Communications in the Enterprise
P2P - Real Time Communications in the EnterpriseP2P - Real Time Communications in the Enterprise
P2P - Real Time Communications in the Enterprise
 
Obopay syncs Mobile payments into the Financial infrastructure
Obopay syncs Mobile payments into the Financial infrastructureObopay syncs Mobile payments into the Financial infrastructure
Obopay syncs Mobile payments into the Financial infrastructure
 
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXPdroidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
 
Mobile Financial Services - IBC / Singapore
Mobile Financial Services - IBC / SingaporeMobile Financial Services - IBC / Singapore
Mobile Financial Services - IBC / Singapore
 
The Future of DIgital Publishing - Telkomsel Indonesia June 2011
The Future of DIgital Publishing - Telkomsel Indonesia June 2011The Future of DIgital Publishing - Telkomsel Indonesia June 2011
The Future of DIgital Publishing - Telkomsel Indonesia June 2011
 
Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...
Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...
Tecnologías emergentes y la evolución continua de los pagos electrónicos en l...
 
Inroduction mobile payments
Inroduction mobile paymentsInroduction mobile payments
Inroduction mobile payments
 
Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...
Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...
Rabobank: Case Studies in Mobile Banking & Payments Development: November 201...
 
OMI whitepaper On LBS - Nov 2008
OMI whitepaper On LBS - Nov 2008OMI whitepaper On LBS - Nov 2008
OMI whitepaper On LBS - Nov 2008
 
All-IP Telecom Networks
All-IP Telecom NetworksAll-IP Telecom Networks
All-IP Telecom Networks
 
Technologies in the Networked Society, IP Networks in transition
Technologies in the Networked Society, IP Networks in transitionTechnologies in the Networked Society, IP Networks in transition
Technologies in the Networked Society, IP Networks in transition
 
The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...The Future Network: Users will own the access in a collaborative radio enviro...
The Future Network: Users will own the access in a collaborative radio enviro...
 

More from Josef Noll

Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Josef Noll
 
Semantic technologies for attribute based access: measurable security for the...
Semantic technologies for attribute based access: measurable security for the...Semantic technologies for attribute based access: measurable security for the...
Semantic technologies for attribute based access: measurable security for the...Josef Noll
 
Masterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKMasterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKJosef Noll
 
Security, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksSecurity, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksJosef Noll
 
Internet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptationInternet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptationJosef Noll
 
"Potentials and Challenges for Mobile Commerce - a Nordic Perspective
"Potentials and Challenges for Mobile Commerce - a Nordic Perspective"Potentials and Challenges for Mobile Commerce - a Nordic Perspective
"Potentials and Challenges for Mobile Commerce - a Nordic PerspectiveJosef Noll
 
Towards Global Mobility
Towards Global MobilityTowards Global Mobility
Towards Global MobilityJosef Noll
 
What is Semantic Service provisioning
What is Semantic Service provisioningWhat is Semantic Service provisioning
What is Semantic Service provisioningJosef Noll
 
Semantic Service Creation for Mobile Users
Semantic Service Creation for Mobile UsersSemantic Service Creation for Mobile Users
Semantic Service Creation for Mobile UsersJosef Noll
 
Privacy issues in network environments
Privacy issues in network environmentsPrivacy issues in network environments
Privacy issues in network environmentsJosef Noll
 
Introduction to Personalisation
Introduction to PersonalisationIntroduction to Personalisation
Introduction to PersonalisationJosef Noll
 
Who ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networksWho ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networksJosef Noll
 

More from Josef Noll (12)

Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...Free Internet Information Access - Activities and Pilots for the Human Right ...
Free Internet Information Access - Activities and Pilots for the Human Right ...
 
Semantic technologies for attribute based access: measurable security for the...
Semantic technologies for attribute based access: measurable security for the...Semantic technologies for attribute based access: measurable security for the...
Semantic technologies for attribute based access: measurable security for the...
 
Masterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIKMasterthesis/Masteroppgaver at UNIK
Masterthesis/Masteroppgaver at UNIK
 
Security, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile NetworksSecurity, Privacy and Dependability in Mobile Networks
Security, Privacy and Dependability in Mobile Networks
 
Internet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptationInternet of Things in Scandinavia - society and ecosystem for early adaptation
Internet of Things in Scandinavia - society and ecosystem for early adaptation
 
"Potentials and Challenges for Mobile Commerce - a Nordic Perspective
"Potentials and Challenges for Mobile Commerce - a Nordic Perspective"Potentials and Challenges for Mobile Commerce - a Nordic Perspective
"Potentials and Challenges for Mobile Commerce - a Nordic Perspective
 
Towards Global Mobility
Towards Global MobilityTowards Global Mobility
Towards Global Mobility
 
What is Semantic Service provisioning
What is Semantic Service provisioningWhat is Semantic Service provisioning
What is Semantic Service provisioning
 
Semantic Service Creation for Mobile Users
Semantic Service Creation for Mobile UsersSemantic Service Creation for Mobile Users
Semantic Service Creation for Mobile Users
 
Privacy issues in network environments
Privacy issues in network environmentsPrivacy issues in network environments
Privacy issues in network environments
 
Introduction to Personalisation
Introduction to PersonalisationIntroduction to Personalisation
Introduction to Personalisation
 
Who ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networksWho ownes the SIM? a user-centric view on future networks
Who ownes the SIM? a user-centric view on future networks
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Mobile based authentication and payment

  • 1. NISnet Winterschool, April 2008 Mobile based authentication and payment Josef Noll Prof. stip. University Graduate Center/ University of Oslo josef@unik.no
  • 2. Research and  Education at Kjeller Close relation to FFI,  IFE, NILU,... Prof. from Univ. of  Trondheim and Oslo 2 Mobile Payment and Access April 2008, Josef Noll
  • 3. Outline Admittance, service access and payment  Mobile extensions  Introduction of RFID and NFC  Message: “Using the phone for payment and access” – Interfaces and standardisation – Phone implementations – Activities worldwide  Snapshots, Standardisation – “Who owns the SIM?”  My security infrastructure – Ownership versus management – 3 Mobile Payment and Access April 2008, Josef Noll
  • 4. Service development Personalised broadband B3G: wireless services 3G: Multimedia communication Mobile telephony, SMS, FAX, 2G: Data 1G: Mobile telephony 2000 1970 1980 1990 2010 Josef Noll, 26.4.2005 RFID - NFC tutorial 4
  • 5. The Service Challenge Mobile and Proximity Services Mobile services  Internet services te services in the mobile fica – ti cer mobile network services – signed certificates Internet services – NFC Proximity services Mobile initiated NFC service access Proximity services  Payment – Access, Admittance – 5 Mobile Payment and Access April 2008, Josef Noll
  • 6. Current Access & Authentication mechanisms Login/password  Admission card  Payment card  Biometrics  6 Mobile Payment and Access April 2008, Josef Noll
  • 7. My phone collects all my security SIM with NFC & PKI 7 Mobile Payment and Access April 2008, Josef Noll
  • 8. Mobile Services, incl. NFC • NFC needs next • Focus in 2008 on generation phones mobile web • S60, UIQ, ... • Push content upcoming • Common Application development • Integrated SMS authentication Mobile Web Push content NFC payment 60 development 45 30 15 0 2006 2008 2010 Expected customer usage [%] “have tried” of mobile services in the Nordic Market [“Mobile Phone Evolution”, Movation White paper, May 2007] 8 Josef Noll, “Who owns the SIM?”, 5 June 2007
  • 9. Mobile Phone supported access SMS one-time password  MMS, barcode  eCommerce (SMS exchange)  Network authentication  WAP auto access  Applets: PIN code generation  (Bank ID) Future SIM  9 Mobile Payment and Access April 2008, Josef Noll
  • 10. WAP gateway Seamless authentication HTTP request HTTP request Hash 94815894 cTHG8aseJPIjog== Pictures for ’rzso’. Password:1234 sID: cTHG8aseJPIjog== 10 Mobile Payment and Access April 2008, Josef Noll
  • 11. Banking from the mobile phone Security considerations  Equally secure as SMS Welcome Josef: (get your account status) SIM authentication  Easy to use  Advanced functionality Advanced through PIN (if required) Information: functionality  Seamless phone (SIM) Using SIM, authentication BankID or PIN no customer input (double security)  Advanced security when required required BankID or – Transfer, NFC communication Account status PIN – unit payments NFC2 SIM SIM Smartcard interfaces ISO/IEC 7816 11 Mobile Payment and Access April 2008, Josef Noll
  • 12. MyBank example: Banking from the mobile phone User incentive:  “My account is just one click away”  “enhanced security for transactions” Phone (SIM) authentication Level 2 security through PKI/BankID/PIN? 12 Mobile Payment and Access April 2008, Josef Noll
  • 13. Authentication provider Seamless authentication Auth. provider Content Service Physical access, .mp3, VPN access access .jpg Josef Noll, “Who owns the SIM?”, 5 June 2007
  • 14. Outline Admittance, service access and payment  Mobile extensions  Introduction of RFID and NFC  Message: “Using the phone for payment and – access” Interfaces and standardisation – Phone implementations – Activities worldwide  Snapshots, Standardisation – “Who owns the SIM?”  My security infrastructure – Ownership versus management – 14 Mobile Payment and Access April 2008, Josef Noll
  • 15. ID, trust and personalisation provider Who provides?  Certifica Remote services ID provider te – Where to store?  Network – Phone – How to store/backup?  long term, short term – Proximity services Josef Noll, “Who owns the SIM?”, 5 June 2007
  • 16. RFID Technology: Principle RFID-reader sends a  RF signal TAG receives it  TAG returns  predefined signal   RFID-TAG doesn’t need own power supply  TAG gets power to operate from the RF-pulse of reader  No need for physical sight or contact between reader and TAG Each product can have own id-number Source: Eurescom P1346 D2, January 2004 16 Mobile Payment and Access April 2008, Josef Noll
  • 17. Passive RFID: Main frequencies Toll Roads Item Access Control Item Management I.C. Cards Animal ID Management 2.45 GHz 13.56 Mhz 125,133 kHz ~900 MHz 100 MHz 10 kHz 100 kHz 10 MHz 1 Mhz 1000 MHz 2.45 GHz Frequency division:  Low: 100-500 kHz – – Medium: 6-15 MHz – High: 850-950 MHz and 2.45 GHz Active responses  – AutoPass 5.8 GHz Source: Eurescom P1346 D2, January 2004 17 Mobile Payment and Access April 2008, Josef Noll
  • 18. Current Services and Applications Typical services made using RFID today Sports Timing  Access Control  Animal Tracking  Asset Management  Baggage Handling  Product Authentication, Security  Supply Chain Management  Transportation, user information  Wireless Commerce, Payments, Toll Collection  Source: Eurescom P1346 D2, January 2004 18 Mobile Payment and Access April 2008, Josef Noll
  • 19. Registration example: Birkebeiner Online information to mobile  phone Could be used for photo, video,  etc 19 Mobile Payment and Access April 2008, Josef Noll
  • 20. Ticketing Cinema/Concerts RFID ticketing zone MobileCommerce Football/Sport Terminal Incl. rfid tag Ticketing Bus/Subway terminal with RFID ticketing RFID reader server Source: Eurescom P1346 D2, January 2004 20 Mobile Payment and Access April 2008, Josef Noll
  • 21. Supply chain supplier A customer Prosessing wholesaler retailer customer customer supplier 2 Presentation Product Infomration Database RFID reader/gate RFID reader/gate can be placed along manufacturing lines (company internal) and along the distribution chain (company external/between the actors) Source: Eurescom P1346 D2, January 2004 21 Mobile Payment and Access April 2008, Josef Noll
  • 22. Visitor Density, two functions InfoSpot Example1: Roller-coaster Customer ”Wher queue reader ”Where is e ID:12 was service my kid?” 31 seen? 23 last ” ”At the Reader X roller- ”Roller -coaste coaster r queue” System queue” Database Example2: Reader Y Resort ”What ride has owner most users?” services ”Bumber cars; 200 users/day; Datamining 50cent/ride” Resort owner services Source: Eurescom P1346 D2, January 2004 22 Mobile Payment and Access April 2008, Josef Noll
  • 23. Technology: Range From millimeters to tens of meters  Depends on antennas, power of reader,  characteristics of TAG and operation principle Range decided when application developed  ISO standards:  proximity cards: 10 cm – Vicinity cards: 1,5 m – Source: Eurescom P1346 D2, January 2004 23 Mobile Payment and Access April 2008, Josef Noll
  • 24. NFC is ... Passive operation: RFID at 13.56 MHz  1) Phone=Reader has static RF (modem) and protocolls  magnetic field 2) Tag acts as resonator, “takes energy” ~1/r^6 1 Power decrease of static and electromagnetic field 0,75 0,5 1/r^2 0,25 1/r^6 0 0,8 1,6 2,4 3,2 4 4,8 5,6 6,4 7,2 8 8,8 9,6 24 Mobile Payment and Access April 2008, Josef Noll
  • 25. Technology: Security considerations In the past there was no need for security in RFID-systems  – logistic data collection the information has no relevance or value anywhere else except the originally designed purpose If TAGs are in consumer goods there is a need for security and  privacy Security protocols:  Bilateral authentication – Key agreement – Encrypted communication – Secure communications needs computing resources  Personal items  Passport, Payment cards, mobile phone Source: Eurescom P1346 D2, January 2004 25 Mobile Payment and Access April 2008, Josef Noll
  • 26. ViVOtech 2006: Contactless replaces cash 26 Mobile Payment and Access April 2008, Josef Noll
  • 27. NFC technology and use case ECMA-340, ISO/IEC 18092 & Based on RFID technology at   ECMA-352, …standards 13.56 MHz Powered and non-self Typical operating distance 10 cm   powered devices Compatible with RFID  Data rate today up to 424 kbit/s  Philips, Sony and Nokia  27 Mobile Payment and Access April 2008, Josef Noll
  • 28. NFC use cases Payment and access  include Master-/Visacard in the phone – have small amount money electronically – admittance to work – Service Discovery  easy access to mobile services: – Web page, SMS, call, ... local information and proximity services (get – a game) Ticketing  Mobile tickets for plain, train, bus: – Parents can order and distribute, ... Source: Nokia 6131 NFC Technical Product Description 28 Mobile Payment and Access April 2008, Josef Noll
  • 29. NFC standardisation ECMA-340 Specifies the RF signal • interface Initialisation, anti- • collision and protocols Communication mode • ECMA 352 (v1, Dec 2003) selection mechanism Selects communication • modes: NFC, PCD, and VCD Enables communication in • that mode Josef Noll, 26.4.2005 RFID - NFC tutorial 29
  • 30. NFCIP-2 Interface and protocol (ISO/IEC 21481) Interface Standards ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode ECMA-340 (MIFARE, FeliCa) (facility access) 30 Mobile Payment and Access April 2008, Josef Noll
  • 31. NFCIP-2 Interface and protocol (ISO/IEC 21481) Proximity Card Vicinity Card NFC device Reader Reader YES 340 okay Interface Standards NFC ECMA-340 ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 31 Mobile Payment and Access April 2008, Josef Noll
  • 32. NFCIP-2 Interface and protocol (ISO/IEC 21481) Proximity Card Vicinity Card NFC device Reader Reader NO 15693 okay Interface Standards NFC ECMA-340 ECMA-340 ISO/IEC 14443 ISO/IEC 15693 PCD mode VCD mode (MIFARE, FeliCa) (facility access) 32 Mobile Payment and Access April 2008, Josef Noll
  • 33. Nokia 6131 Firmware ISO 14443 Source: Nokia 6131 NFC Technical Product Description 33 Mobile Payment and Access April 2008, Josef Noll
  • 34. NFC phone status (April 2008) Nokia 3320, 5340, 6131, xx  Philips/Samsung X700  LG  Sagem  BenQ T80  Missing specifications  Motorola  HTC  34 Mobile Payment and Access April 2008, Josef Noll
  • 35. Time to market based on phone evolution DnB Nor and Telenor to form mobile payments unit Posted April 21, 2008 Norwegian banking group DnB Nor and local telco Telenor have revealed plans to establish a new mobile payments program. The new mobile payments system, called Trusted Service Manager (TSM) Nordic, will be a subsidiary of Doorstep. Orange delays NFC launch Posted April 16, 2008 Mobile operator Orange is postponing its commercial NFC launch by several months, according to CardLine Global. Operators to Launch NFC-Based Mobile Payment Services 13th November 2007, Macau: 12 mobile operators will run trials of contactless mobile payment services in Australia, France, Ireland, Korea, Malaysia, Norway, The Philippines, Singapore, Taiwan, Turkey and the U.S. as a precursor to commercial launches. Near Field Communications News and Insight BBC names NFC a top technology for 2008 Posted January 16, 2008 Survey shows that US consumers want simple payment features for NFC phones Posted January 10, 2008 Report: Majority of phones will support NFC once standards are finalized Posted January 03, 2008 Source: NFCnews.com 35 Mobile Payment and Access April 2008, Josef Noll
  • 36. UNIK work Key-exchange for admittance and content protection  Analysis and implementation of Easy Pairing  Easy Pairing  Use NFC to establish Bluetooth contact with Media – Center analyse phones: Nokia 3320, Nokia 6131 – Experiences from Implementations  Phones and NFC tags – Linux pairing – Windows pairing – 36 Mobile Payment and Access April 2008, Josef Noll
  • 37. Prototype: SMS key access Service Centre 2) Send info 1) Send SMS to recipient Application 3) Send service to phone 4) Enters house NFC with NFC access communication unit NFC2SI M SIM Smartcard interfaces ISO/IEC 7816 37 Mobile Payment and Access April 2008, Josef Noll
  • 38. Implementation (3) Receive info message (1) Register the user (4) Saving the NFC key (2) Send mobile key (mKey) to user 38 Mobile Payment and Access April 2008, Josef Noll
  • 39. ITEA WellCom: Interworking Set-top box and mobile 1) Easy device set-up 2) Authentication and and communication Service Access Source: AlcatelLucent, WellCom Meeting Mobile Payment and Access April 2008, Josef Noll
  • 40. Easy Pairing Scenario Using NFC for reading  connectivity data of phone Set-top box initiates process  NFC phones can pair through  vicinity – phone in range – start Bluetooth scanning 1. search for Bluetooth device – request for pairing 2. identity phone (tag info) 3. service discovery on phone No NFC phone  4. pairing – use tag with Bluetooth information Comment: Similar procedure for Wifi   pairing – security in handling activities 40 Mobile Payment and Access April 2008, Josef Noll
  • 41. Example EnCap Easy authentication Challenge: Find your BankID to sign in for  Internet banking – Could be triggered through login: www.encap.mobi/demobank – Using NFC for starting secure authentication Tag starts application on phone  – One time password created Application areas  all kinds of authentication – local payment – BankID (while waiting for secure SIM) – 41 Mobile Payment and Access April 2008, Josef Noll
  • 42. Interworking between NFC components Easy programming through Java MIDlet  software development environment available Interface to Java Card and Mifare environment  Tricky:  Interworking Java - Card, Mifare and Java Ongoing  secure element = SIM - Source: Nokia 6131 NFC Technical Product Description 42 Mobile Payment and Access April 2008, Josef Noll
  • 43. Ongoing technical work Interaction SIM-Mifare-Mobile Phone = “Single-wire  protocoll” Interaction Phone - Devices  Power-on/power-off – Roadmap for secure authentication  43 Mobile Payment and Access April 2008, Josef Noll
  • 44. New visions GlobalPlatform From current SIM to Future SIM Real Estate 3.r ionsfor mobile / UICC GlobalPlatform’s Party sec. dom vision Real Estate 3.rd  To comply with 3G networking requirements UICC Party sec. domains (USIM) vision Security features (algorithms and protocols), – longer key lengths GSM uses EAP SIM: client authentication – UMTS uses EAP AKA: Mutual authentication – 3rd party identities  ISIM application (IMS) – Current Telenor private user identity On-board On-board – WEB server ! WEB server ! SIM (UICC) card one or more public user – (from 2001) identities Multi- Multi- Thread Plus ETSI SCP– Long term secret Thread Plus ETSI 3 new phys IFs: 3 new phy 12 Mb/s USB SUN 2009? 12 Mb/s SUN (Java) NFC (SWP) 2009? Source: Judith Rossebø, Telenor (Java) NFC (S 44 Mobile Payment and Access April 2008, Josef Noll
  • 45. New UICC Architecture / SIM advances UICC architecture UICC – elements New eHealth Payment Multimedia DRM ? EMV PKI / eID Ticketing (DRM !) SIM USIM Electronic ID= IMSI Purse ID= IMSI & MSISDN & MSISDN Common Storage Phonebook SIM Application Toolkit ! CAT UICC ID = ICCID GSM Allocated NFC (or other) IF 12 Mb/s USB (2G/3G) IFs (1 connector) (5 connectors) Full speed IF Source: Judith Rossebø, Telenor 45 Mobile Payment and Access April 2008, Josef Noll
  • 46. UICC for multiple ID providers Compartmentalisation of the UICC 3.rd party on-board applications featuring • Internal and segregated Security domains • Private entrances for SP to applications (own keys and key management) • Use of NFC, USB IF or other common resources -MNO as house-keeper (Real Estate Manager) Source: Judith Rossebø, Telenor 46 Mobile Payment and Access April 2008, Josef Noll
  • 47. Third party business model • Media, • Banks, Service providers Content provider • Telecom, Corporate, Home Service Payment aggregator • Service aggregator provider • Convenient interfaces • Ease of use Identity and personalisation • Identity and personalisation provider provider Customer Authentication care and Access • Convenience provider • Trust 47 Josef Noll, “Who owns the SIM?”, 5 June 2007
  • 48. The secure element: SIM card Identity and personalisation Service Authentication provider aggregator and Access provider Send key and Send info to • SIM is secure credentials recipient element NFC communication Send service to unit • controlled environment phone NFC2SIM • over-the-air update • open for applications SIM Smartcard interfaces ISO/IEC 7816 • SIM will be owned by user • managed by trusted third party Josef Noll, “Who owns the SIM?”, 5 June 2007
  • 49. Challenges and Benefits 200 Convenience How insecure is the of usage Internet? Will the phone be the only 150 secure element? 100 Visa and Mastercard enable convenient small amount purchases Are Google, facebook and flickr more trusted than telecom 50 operators? Dynamic service environment? On-the-fly creation of services? 0 2006 2008 2010 Telco favourite Third party favourite 49 Josef Noll, “Who owns the SIM?”, 5 June 2007
  • 50. Conclusions on Near Field Communications Standardisation well-under-way  NFC with three modes – SIM interworking – power on (payment) versus power off (ticket) – Commercial kick-off visible  Pre-commercial trials “everywhere” – Critical hand-set status (only low-range phones) – Unclear business models  variety of application areas – co-operation and revenue sharing – “Sufficient Security”?  Teaching the customer  easy to use – “always available” – Mobile Payment and Access April 2008, Josef Noll