Cartes 2014 digital identity v2
17
24-09-2013 Las Vegas, Cartes 2014 Francois Oudot – Innovation Manager NAM Digital Identity - The Next Generation of Mobile Wallet?
-
Upload
francois-oudot -
Category
Science
-
view
225 -
download
1
description
Digital identity has been and still is a promise of computer science. Automatic and real time identification and authentication wherever you are in the physical or digital world is the Holy Grail. The use cases are numerous behind this idea and the added value is huge for the users and its eco system: merchants, content providers, service providers. Here are some examples: - Continuous authentication: Users do not need to use login and password anymore, to get out their car keys or their id card; their digital identity follows them throughout their journey - Invisible design: Knowing the users identity and preferences, the world around them can interact accordingly to their personality and desires. Mobile apps could bring the appropriate content at the appropriate time and brick & mortar stores could adapt depending on the users. On the other side, mobile wallets have still not find the way to create adoption among users. Disparate offerings, value for consumers not well defined: reasons for the lack of adoption are numerous. But what if the mobile wallet becomes our digital identity? It is a natural step: users already put one of their more secure information in the mobile wallet so this means they trust the company. These companies can then retain their users by offering them a digital identity service that will finally lead to adoption of the mobile wallet. Worldline designed and operate the mobile wallet of the three main French Bank (BNP Paribas, La Banque Postale, Socitete Generale) called Paylib (http://www.paylib.fr/). At the innovation lab we are now working on the way to increase adoption by using digital identity. Currently, we are working on two PoC on digital identity on which we would be glad to share.
Transcript of Cartes 2014 digital identity v2
24-09-2013
Las Vegas, Cartes 2014
Francois Oudot – Innovation Manager NAM
Digital Identity - The Next Generation of Mobile Wallet?
| 05/13/2014 | Francois OudotGBU | Division | Department
Who we areKey facts & figures
2
| 05/13/2014 | Francois OudotGBU | Division | Department
Who are we The number 1 market player in
3
eCommercepayment providerin France
Commercial acquirer in
Benelux
Issuing solution
provider in Asia
DCC acquiring
provider in India
POS Terminal provider in
the Netherlands
Issuing processing in
Germany
| 05/13/2014 | Francois OudotGBU | Division | Department
Mobile wallet Customer portfolio
4
• Payment to Merchant through remote payment channel• P2P (payer or payee initiated)
Full-authentication : online banking, eWallet service, 3D-Secure payment Multi-device (smartphone, PC, tablet) and multi-OS integration
Wallet strong authentication validation Multi-device (smartphone, PC, tablet) and multi-OS integration
Wallet strong authentication validation Multi-device (smartphone, PC, tablet) and multi-OS integration
| 05/13/2014 | Francois OudotGBU | Division | Department
Digital identity currently
5
| 05/13/2014 | Francois OudotGBU | Division | Department
Digital identity in mobile wallet – Privacy by design
6
| 05/13/2014 | Francois OudotGBU | Division | Department
The Challenge of privacy« The right to move freely »
7
vs
2012 - MOBIB Card awarded
2012 - SNCB Gate : 1.400.000 client data leaked
| 05/13/2014 | Francois OudotGBU | Division | Department
Consortium
Major playersSMEsAcademics
Ambition
Create and promote a Privacy preserving architecture for contactless mobile services
Sponsoring
What is the Lyrics project?
| 05/13/2014 | Francois OudotGBU | Division | Department
Our vision for digital identity
9
Digital identity = user centric + privacy by design
Trusted authentication
Seamless authentication
Personal data store
| 05/13/2014 | Francois OudotGBU | Division | Department
1 - Our current authentication method
2 factors method :
“Something you know” : M-PIN
• Stored on the authentication server,
• Dynamic Virtual Keyboard
“Something you have”: Soft Secure Element
• Use of a software crypto-engine core element,
• Protection of the SSE thanks to a unique “Tamper Resistance” component
| 05/13/2014 | Francois OudotGBU | Division | Department
1 - Our current authentication solution
11
SEA platform
SSE* generator
SEA server
HSM
Interface / secured channel
ApplicationMobile wallet…
SEA clientrepository
* Soft Secure Element
SDK interface
CryptoEngine
Tamper Resistant
SSE
Computer
Mobile
| 05/13/2014 | Francois OudotGBU | Division | Department
2 - Seamless authentication
Adapt level of authentication to risk of transaction
▶ By embedding a fraud detection engine on each device
▶ By combining devices and sensors to simplify user experience
▶ Add TSM(1) and/or TEE(2) interface dialog
12
Key concept: The embedded fraud engine detects automatically troubling contexts in the user behaviour and directly triggers adaptive authentication
(1) Trusted Service Manager(2) Trusted Executive Environment
| 05/13/2014 | Francois OudotGBU | Division | Department
2 – Authentication based on sensors
13
GoalsAssociate devices in proximity of userPropagate the trust or the risk
| 05/13/2014 | Francois OudotGBU | Division | Department
Consent mode for medium level of trust▶ unlock smartphone ▶ agree to transaction
Strong mode for low level of trust▶ log on▶ consent▶ enter PIN
2 - Next generation of authentication
TapTap mode for high level of trust▶tap tap
14
| 05/13/2014 | Francois OudotGBU | Division | Department
3 - Personal data store
15
Trust authoritymobile wallet
SSE* generator
SEA server
HSM
ApplicationMobile wallet…
Personal data store
Trust authoritycorporation
Object or mobile/web
appBLE, NFC, webservices
trust control
Worldline is a registered trademark of Atos Worldline SAS. June 2013© 2013 Atos. Confidential information owned by Atos Worldline, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos Worldline.
dd-mm-yyyy
Worldline is a registered trademark of Atos Worldline SAS. June 2013© 2013 Atos. Confidential information owned by Atos Worldline, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos Worldline.
dd-mm-yyyy
Thanks
Francois Oudot
Innovation manager
+1 510 283 1943
| 05/13/2014 | Francois OudotGBU | Division | Department
SEA componentsFunctional scope (generic)
17
SEA
Front
End
SEA
Back
End
Support
HelpDesk
API
ID user/deviceSEA client
Logs & proofs
ACS
Cloud Wallet
Home banking
Web portal
Mobileportal
IVR
APP Mobile
SDK SEA
APP PC
SDK SEA
SEA components
SEA authentication server
. . .
