Cartes 2014 digital identity v2
-
Upload
francois-oudot -
Category
Science
-
view
225 -
download
1
description
Transcript of Cartes 2014 digital identity v2
24-09-2013
Las Vegas, Cartes 2014
Francois Oudot – Innovation Manager NAM
Digital Identity - The Next Generation of Mobile Wallet?
| 05/13/2014 | Francois OudotGBU | Division | Department
Who we areKey facts & figures
2
| 05/13/2014 | Francois OudotGBU | Division | Department
Who are we The number 1 market player in
3
eCommercepayment providerin France
Commercial acquirer in
Benelux
Issuing solution
provider in Asia
DCC acquiring
provider in India
POS Terminal provider in
the Netherlands
Issuing processing in
Germany
| 05/13/2014 | Francois OudotGBU | Division | Department
Mobile wallet Customer portfolio
4
• Payment to Merchant through remote payment channel• P2P (payer or payee initiated)
Full-authentication : online banking, eWallet service, 3D-Secure payment Multi-device (smartphone, PC, tablet) and multi-OS integration
Wallet strong authentication validation Multi-device (smartphone, PC, tablet) and multi-OS integration
Wallet strong authentication validation Multi-device (smartphone, PC, tablet) and multi-OS integration
| 05/13/2014 | Francois OudotGBU | Division | Department
Digital identity currently
5
| 05/13/2014 | Francois OudotGBU | Division | Department
Digital identity in mobile wallet – Privacy by design
6
| 05/13/2014 | Francois OudotGBU | Division | Department
The Challenge of privacy« The right to move freely »
7
vs
2012 - MOBIB Card awarded
2012 - SNCB Gate : 1.400.000 client data leaked
| 05/13/2014 | Francois OudotGBU | Division | Department
Consortium
Major playersSMEsAcademics
Ambition
Create and promote a Privacy preserving architecture for contactless mobile services
Sponsoring
What is the Lyrics project?
| 05/13/2014 | Francois OudotGBU | Division | Department
Our vision for digital identity
9
Digital identity = user centric + privacy by design
Trusted authentication
Seamless authentication
Personal data store
| 05/13/2014 | Francois OudotGBU | Division | Department
1 - Our current authentication method
2 factors method :
“Something you know” : M-PIN
• Stored on the authentication server,
• Dynamic Virtual Keyboard
“Something you have”: Soft Secure Element
• Use of a software crypto-engine core element,
• Protection of the SSE thanks to a unique “Tamper Resistance” component
| 05/13/2014 | Francois OudotGBU | Division | Department
1 - Our current authentication solution
11
SEA platform
SSE* generator
SEA server
HSM
Interface / secured channel
ApplicationMobile wallet…
SEA clientrepository
* Soft Secure Element
SDK interface
CryptoEngine
Tamper Resistant
SSE
Computer
Mobile
| 05/13/2014 | Francois OudotGBU | Division | Department
2 - Seamless authentication
Adapt level of authentication to risk of transaction
▶ By embedding a fraud detection engine on each device
▶ By combining devices and sensors to simplify user experience
▶ Add TSM(1) and/or TEE(2) interface dialog
12
Key concept: The embedded fraud engine detects automatically troubling contexts in the user behaviour and directly triggers adaptive authentication
(1) Trusted Service Manager(2) Trusted Executive Environment
| 05/13/2014 | Francois OudotGBU | Division | Department
2 – Authentication based on sensors
13
GoalsAssociate devices in proximity of userPropagate the trust or the risk
| 05/13/2014 | Francois OudotGBU | Division | Department
Consent mode for medium level of trust▶ unlock smartphone ▶ agree to transaction
Strong mode for low level of trust▶ log on▶ consent▶ enter PIN
2 - Next generation of authentication
TapTap mode for high level of trust▶tap tap
14
| 05/13/2014 | Francois OudotGBU | Division | Department
3 - Personal data store
15
Trust authoritymobile wallet
SSE* generator
SEA server
HSM
ApplicationMobile wallet…
Personal data store
Trust authoritycorporation
Object or mobile/web
appBLE, NFC, webservices
trust control
Worldline is a registered trademark of Atos Worldline SAS. June 2013© 2013 Atos. Confidential information owned by Atos Worldline, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos Worldline.
dd-mm-yyyy
Worldline is a registered trademark of Atos Worldline SAS. June 2013© 2013 Atos. Confidential information owned by Atos Worldline, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos Worldline.
dd-mm-yyyy
Thanks
Francois Oudot
Innovation manager
+1 510 283 1943
| 05/13/2014 | Francois OudotGBU | Division | Department
SEA componentsFunctional scope (generic)
17
SEA
Front
End
SEA
Back
End
Support
HelpDesk
API
ID user/deviceSEA client
Logs & proofs
ACS
Cloud Wallet
Home banking
Web portal
Mobileportal
IVR
APP Mobile
SDK SEA
APP PC
SDK SEA
SEA components
SEA authentication server
. . .