ferry.dekoning@gemalto.com Director of Mobile Financial Services Sales NORAM Mobile 1 512 2218778 Mobile NFC Mobile Money Mobile Payment Mobile Banking Mobile Wallet

Gemalto and Managing Secure Elements

Gemalto- Leader in Innovation and #1 in the world in SIM cards and OTA management

ª  Over € 2 billion revenue 2011

ª  Innovation:

§  14 R&D centers worldwide §  1,500 digital scientists §  107 inventions first filed in 2011 §  Over 4,200 patents and patent applications

ª  Global footprint: §  18 production centers §  30 personalization facilities §  87 sales & marketing offices

ª  Experienced team: §  10,000 employees §  90 nationalities §  45 countries

2

Mobile Communication

Secure Transactions

Security (IAM & Gov’t Programs)

27%

15%

58%

Gemalto’s Vision is to be Leader in Digital Security

3

Smart card technology uses a small computer and software with 100s of built-in security features...

... to create personal, portable security devices...

It can be used in contactless situations

It can be used in contact situations

Key Market Drivers §  LTE (4G Network) §  Mobile Financial Services

§  Mobile NFC §  Mobile Payment §  Mobile Money §  Mobile Banking

§  EMV migration §  Electronic Identities §  Machine to Machine

Mobile NFC

(Provisioning Platform)

4

Two different Payment Solutions in the Market Cloud and non Cloud based. Gemalto is a Market leader in both solutions……

SE, SE management platform (MNO TSM), SE Applications

Issuance and lifecycle management (SP TSM)

Mobile Payment Platform

(Transaction Platform)

Mobile Wallet and Wallet Server (User Interface)

Cloud Based Proximity and Remote Payments

NFC Secure Element based Proximity Payments (non Cloud)

Focus of today’s presentation

Gemalto’s Holistic MFS Solution Converged at the Mobile Wallet Level

5

Gemalto    NFC  SIM  

Gemalto    Secure  NFC  applica4on  

Visa  /  MasterCard    Networks,    

open  loop  payments  

Issuance  and    post-­‐issuance  

MNO  TSM  

NFC  Payment  

Payment  Transac4ons  

Mobile  Payment  PlaCorm  

MNO  

SP  TSM  

Gemalto    Mobile  Wallet  

e/m-­‐Commerce  

Peer-­‐to-­‐Peer  

NFC ecosystem and Gemalto

6 6

NFC Phone Contactless Infrastructure

Service providers: Bank, transit, merchants…

Banking TSM Services (EMV)

UICC & SEs

Mobile Wallet

SE Applications

Mobile Network

TSM: Secure element and service management

Transit TSM Services (MF4M)

SE Mgmt (eSE, UICC, uSD)

Access (PIV, MiFare)

OTA (SMS, IP, CDMA, GSM, LTE)

Notion of Secure Element (SE)

" SE is a piece of hardware that hosts any NFC applications: mobile ticketing for transport, mobile payment, loyalty, P2P, etc.

" SE role is to guarantee that security is present during the whole NFC transaction

" SE can have different form factors: •  SIM card •  µSD card •  EmbeddedSE (eSE) in the handset

7

Global Platform standard makes it possible for contactless applications !

8

Transport SD – SP SD

Ticket Subscription

User Info

Bank SD – SP SD

Credit Card

E purse Loyalty

TRANSPORT MNO BANK …

Issuer Security Domain - ISD

GSM USIM

MNO Servic

es

Events Ticketing

Smart Poster

Global Platform standard enables all applications to be managed securely on the single SIM card!

…

Current Release GP 2.2

TSM Classical Architecture

9

Public API

Custom Integration based on the APIs of

MNO components

SE allocation, lifecycle, and integration point

MNO-TSM NFC service provisioning and management

SP TSM

SP SP TSM 2

SP 1 Backend System

SP 2 Backend System

SP TSM MNO TSM

SE Issuer back-end

OTA

MNO MNO TSM 2

SP TSM Managed multiple services, Interface multiple MNOs

Gemalto Operation center

GP TSM Messaging / AFSCM API

Banking Security Zone

Credit / Debit

Pre-Paid

Mifare /DesFire

Loyalty Digital ID Digital ID

Coupon One Time Password

Calypso

SP TSM

10

Pay

men

t TS

M

SP Security Domain management

Lock & unlock

End of life

Post-perso (top-up, counter reset …)

SE & handset replacement

SP subscriber view

SDSP

012...012

X

Application provisioning and personalization

MNO TSM

Gem Operation center

TSM Messaging / AFSCM API MNO

Backend systems

MNO TSM

Banking Security Zone

Core TSM

11

MN

O TS

M (B

usiness Enabler)

Global SE control

MNO subscriber view

Single entry point for any TSM

Notifications

Token management

" Simple mode •  The application download/install is managed by the MNO TSM •  SP TSM manages the ordering of the applications being

downloaded, installed by MNO TSM

" Authorized mode •  SP TSM is authorized to download/install the applications •  Sends the notification to the MNO TSM for tasks performed

" Delegated mode •  SP TSM takes care of the download/install of application in SE •  Requires permission from MNOTSM for each task (Token)

" Personalization and post issuance use-cases are always

managed by SP TSM.

12

‘Card’ Deployment Modes

Card content management use cases

13

ª Service delivery (Simple mode) §  SP TSM asks to MNO for Service application(s) Load §  SP TSM asks to MNO for Service application(s) Install §  SP TSM asks to MNO for Service application(s) Activate §  SP TSM asks to MNO for Service application(s) Removal

ª Service delivery (Delegated management mode) §  SP TSM asks to MNO for Tokens issuance and receipt verification

for Service application(s) Load §  SP TSM asks to MNO for Tokens issuance and receipt verification

for Service application(s) Install (install and extradite) §  SP TSM asks to MNO for Tokens issuance and receipt verification

for Service application(s) Activate (make selectable and update registry)

§  SP TSM asks to MNO for Tokens issuance and receipt verification for Service application(s) Removal

ª Service delivery (Dual mode management ) §  TSM informs MNO is Starting to deliver a service §  TSM informs MNO has finished to deliver a service

Notifications of SE and devices life cycle events

14

ª  I have lost my handset with my SE §  I would block all services on my current handset/SE and have

everything on my new handset/SE §  Please notify also all my SP for which I have subscribed a

NFC service

ª My UICC has changed §  Because I upgraded my old SIM §  Because I accidentally locked my current one §  Because I received a new UICC from my MNO

ª  I want to change my handset §  Update Midlet certificate * §  Midlet re-install

ª My MSISDN has changed §  Because I changed my account §  Because I received a new UICC from my MNO

15 Confidential and Proprietary 5/23/12

Thank You