www.hceservice.com

HCE Service

Remy de Tonnac, Chairman

Dr Chandra Patni, CEO

NFC EMV Host Card Emulation (HCE) Mobile Payments

Dual Tokens! “Digital ID Tokens” to secure “HCE Tokens”

www.hceservice.com

www.hceservice.com

Vision, Mission, and Ambition

Our visionTo become a leading mobile HCE (Host Card Emulation) secure payments service delivery company for card issuers

Our missionTo provide market leading secure HCE payments and secure messaging solutions for physical NFC, digital and in app commerce environments.

Our ambitionTo make HCE Service one of the major secure HCE payments physical, Internet and mobile commerce solution company globally.

3

www.hceservice.com

VPN

ApplicationProcessor

SecureElement

NFC

M Payment

Till recently…a complex security architecture

• Secure Payment, but…─ MNO's control of Secure Element,─ MNOs and banks and OEMs and card

payment and Google,… all infighting ─ HW Platform and brand dependency─ Trusted Service Manager complex

deployment ─ ….

www.hceservice.com

until now it has mostly been …

www.hceservice.com

VPN

ApplicationProcessor

SecureElement NFC

M Payment

Why HCE ?

Google took the Secure Element away, so did Visa and MasterCard

─ Innovation possible─ Deployment easy

but…Security is now an issue…

Replace hardware Secure Element?

www.hceservice.com

OK, so there are lots of security issues?

Mobile App

NFC

JavaNative Code

Host Card Emulation

Data

PAYMENTNETWORKINTERNET

ACQUIRER

ISSUER CLOUD BASED PAYMENT

PLATFORM

-Vulnerable Device, Boot, and OS

- User credentials can be cloned

- Tokens can be cloned

- Local Transaction processing is vulnerable

www.hceservice.com

PKI Security for User and Device Authentication

www.hceservice.com

Our Business Objectives …Platform/Software as a Service

• HCE EMV card tokenisation and authorisation service:• Multi-brand (Visa, Mastercard, Amex,….)• HCE tokens issue and dynamic limited life parameter updates

(HCE-Tokens)• Token transaction authorisations (HCE-Payments)

• Transactional WPKI – “SWIM”:• Software Wireless Identity Module (SWIM) PKI tokens• Application level host messaging PKI secured• Non-repudiation, authentication, confidentiality and integrity

Low TCO and Risk• Minimal integration impact on legacy card issuing system

www.hceservice.com

HCE Service is an Open Layered Architecture

End User LayerPayment/Access Wallets – HCE & NFCMobile Payment Devices – Phones/Tablets

PKI Security Trust LayerRA/CA PKI ServersEnd-to-end PKI Security Servers (Android & Host)

Transaction Processing LayerHCE Tokens Payment ProcessorHCE Customer/Card Token Management

HCE Business Application Layer Card Token Accounts, M-Banking, Trading, Gaming, Leisure …..

10

HCE Service for WPKI, Payment/Messaging Processing, and APIs

www.hceservice.com

Complete ECO system

MerchantPoint of Sale

Internet

Payment Network

Public Key Infrastructure

SWIM

Card IssuerHost

SWIM App

HCE

HCE-PaymentsTokenized

Transactions

HCE-TokensToken Service

Provider Lifecycle

Management

Securely delivers limited

life data

Securely store and use limited

life data

MAPMobile Application

Platform

PAYMENTNETWORK

ACQUIRER

INTERNET

www.hceservice.com

Complete ECO system

www.hceservice.com

Complete ECO system

AcquirerHCE-Tokens VTS/MDES/ Own Token

Service

Rules DB

HCE-Payments

Authorisation

SWIM-RASWIM-CA

TxnDB

Tokens DB

SWIM-SS server

HCE SWIM mobile appUser Token

Wallet

Contactless POS

Merchant

Issuer

www.hceservice.com

HCE SWIM Software Protection Dual Tokenisation

• HCE SDK with WPKI Security Server• Dual Tokens: HCE Token and WPKI Digital ID• Integrates with SWIM cloud WPKI Infrastructure• Integrates with Visa & Mastercard Token servers• Enhanced data protection• Secure Crypto generation using Whitebox• Tamper proofing• Code Obfuscation & Data Protection• Personalizes Mobile App• Dynamically updates app security

Mobile App Client Solution

www.hceservice.com

Dual HCE & SWIM Mobile Apps -• Protects against reverse engineering & code

modification• Secure Processing including cryptographic

functions using Whitebox• Protect sensitive data secrets• Detects device & code integrity

INTRINSIC SECURITY IN OUR MOBILE APP

Code Obfuscation

Tamper Proof

Secure Crypto

Processing

Rooting detection

www.hceservice.com

|

HCE SWIM

Whitebox

2 Tokens

NFC

SWIM WPKI SECURED CLOUD

PAYMENT PLATFORM

POS

HCE SWIM secure mobile payment SDK:

Built-in support for Visa & Mastercard payment transaction

Pre-integrated with Visa & Mastercard Token servers for faster deployment

Pre-tested for PKI security compliance

Secure HCE Payment SDK

www.hceservice.com

HCE SWIM WPKI Integrated with Visa/MC– KEY DIFFERENTIATOR

HCE Secure - key integrator partner for Visa HCE based mobile payment deployments Issuers benefits from program & resources Issuers inherit functional & security compliance

results

Pre-integrated with both Visa and Mastercard token service platforms Allows issuers to go with low investment

options by utilizing existing HCE & Visa/MC infrastructure

reduces time-to-market

MDES

VDEP

MasterCard DigitalEnablement Service

Visa Digital Enablement Program

www.hceservice.com

Summary – Focus on Security BenefitsWorking with payments/security experts…

Wireless PKI Security integrated with HCE Tokenisation• User/Device Authentication, Token Confidentiality and Non-repudiation• E.g. our HCE & SWIM twin tokens provisioning model

Issuer Phased approach: • VTS/MDES in Phase 1 • In-house Tokenisaiton in Phase 2

HCE payments authorisation module - easy integration with CMS

Software as a Service security knowledge• PCI-DSS• Transactional WPKI• Whitebox Host Security Module (HSM) knowhow`

www.hceservice.com

Any questions?

www.hceservice.com