CHRISTINE STIMA CHANNEL PARTNER EXECUTIVE The mPOS Explosion.
TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point...
-
Upload
tianna-redington -
Category
Documents
-
view
218 -
download
1
Transcript of TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point...
![Page 1: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/1.jpg)
TM
@GlobalPlatform_ www.linkedin.com/company/globalplatform1
GP Confidential©2013
1
GlobalPlatform’s Value Proposition forMobile Point of Sale (mPOS)
Dongyan Wang
GlobalPlatform Technical Program Manager
Wednesday 19 March
GP Confidential©2013
@GlobalPlatform_ www.linkedin.com/company/globalplatform
![Page 2: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/2.jpg)
TM
GlobalPlatform MembersTM
![Page 3: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/3.jpg)
TM
Introducing GlobalPlatform Standards...
• With GlobalPlatform standards:
• Create once based on: o Stable and interoperable application programming interfaces (APIs)o Stable security requirement
• Deploy ‘everywhere’
3
GlobalPlatform
![Page 4: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/4.jpg)
TM
GlobalPlatform Positioning
Across several market sectors and in converging sectors
GlobalPlatform is the standard for managing applications on secure chip technology
TrustedExecution
Environment
Secure Element
AND
PremiumContent
![Page 5: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/5.jpg)
TM
Mobile as a Center of the New Service Deployment
Trusted Execution Environment
The trusted execution environment (TEE) provides with a unique capability to ensure that a transaction:• Is approved by the right end user • Is on the right and trusted device • Takes place between the application and cloud or back-end service
![Page 6: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/6.jpg)
TM
What is a TEE?
• TEE provides hardware-based isolation from rich operating systems (OS) such as Android
• TEE runs on the main device chipset and relies on hardware roots of trust (crypto keys and secure boot)
• TEE has privileged access to platform and device resources (user interface, memory controller, video / audio hardware, crypto accelerators, biometry…)
• Technology already massively deployed
• Premium content protection is currently a major use case
6
Hardware Platform
Rich OS Application Environment
Rich OS
Trusted Execution Environment
Trusted CoreEnvironment
GlobalPlatformTEEInternalAPI
TrustedFunctions
Payment Corporate
Client Applications
TrustedApplication
DRM
TrustedApplication
Payment
TrustedApplicationCorporate
HW Secure Resources
GlobalPlatformTEE Internal
TEE Kernel
API
GlobalPlatform TEE Client API
Open to malware and rooting / jailbreaking
Isolation of sensitive assets
![Page 7: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/7.jpg)
TM
GlobalPlatform TEE Functions
• Code and data isolation• Secure cryptography• Secure storage• Secure clock• Trusted user interface• Secure element (SE)
interface• Administration scheme
Hardware-based TEE Functions = ToolBox • Device authentication
• User authentication• Protection of any
sensitive software engine
• Digital signature and encryption
• Secure communication to server and / or SE
• Upgradable environment
Value for Secure App Providers includes
![Page 8: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/8.jpg)
TM
Unique Feature for mPOS : Trusted User Interface (UI)
Message to be signed▪ Transaction summary displayed by
TEE▪ Rich OS environment cannot tamper
with the message▪ The user signs exactly what s/he is
seeing
Explicit Validation Means▪ PIN / password entry rich OS
environment cannot have access to entered credential
Security Indicator▪ Text or image
▪ ‘Sign-in seal concept’
▪ Information securely configured by the user and securely controlled by the TEE
▪ Prove to the user that the screen is TRUSTED by seeing this known information
Tools to build ‘what you see is what you sign’, anti-phishing and non repudiation
![Page 9: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/9.jpg)
TM
• Near field communication (NFC) smartphone can be used as card reader
• A trusted channel is opened between the card and the mPOS
Trusted mPOS (1/3)
Secure Channel
Rich OS
My Store
![Page 10: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/10.jpg)
TM
• When needed the end user enters a PIN to confirm a contactless transaction
• A trusted application will use the trusted UI feature to protect the PIN from any rich OS application
Trusted mPOS (2/3)
PIN
![Page 11: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/11.jpg)
TM
• mPOS needs to be integrated with back and front office applications
• TEE protects the credential required to ensure a trusted channel is opened between the mPOS and the server
Trusted mPOS (3/3)
Rich OS
My Store
Secure Channel
![Page 12: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/12.jpg)
TM
• Thanks to the GlobalPlatform open architecture supporting multiple applications, a smartphone with a qualified TEE is able to support different mPOS applications – Such as mPOS APPs world, mobile,
loyalty programs, actionable intelligence, cross-channel and in-store marketing programs.
• But also barcode scanning, LBS, eReceipts, coupons, QR codes, wallets, click & collect, geo-targeted mobile advertising and alternative in-store payments.
TEE Supports Value Added Services on mPOS
Rich OS
My Bank
![Page 13: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/13.jpg)
TM
• Thanks to the GlobalPlatform open architecture supporting multiple applications from multiple actors, a smartphone with a qualified TEE is able to support different POS
• TEE security certification offers a real insurance for the mPOS deployment
• TEE administration will provide a standard language to manage a mPOS application – Load, install, delete– Update
TEE Supports Multiple mPOS Model
Rich OS
My Bank
![Page 14: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/14.jpg)
TM
Support Different Use Cases
14
eCommerce
• mPOS installed in end-user smartphone
• End-user enters his PIN on his mobile
Commerce
• mPOS installed in merchant smartphone
• End-user enters his PIN on merchant mobile
Hybrid
• mPOS installed in merchant smartphone BUT
• End-user enters his PIN onhis mobile
![Page 15: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/15.jpg)
TM
Summary
• Collaboration between TEE and card allows the best of both worlds– High level security of smart card/SEs and usability of smartphone
• The massive deployment of GlobalPlatform SE and TEE generates a standardized infrastructure for: – Enhancing the usability and security of today’s services– Deploying new payment services (peer-to-peer, remote payment)
• Compliancy is needed to deploy a mobile service across different devices from different providers
• Security across different device and suppliers is a must that is central to the GlobalPlatform technology
15
![Page 16: TM @GlobalPlatform_ 1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649ca55503460f94965fe7/html5/thumbnails/16.jpg)
TM
More @ www.globalplatform.org
16