nfc emv host card emulation (hce) mobile payments dual ...€¦ · • hce emv card tokenisation...
TRANSCRIPT
www.hceservice.com
HCE Service
Remy de Tonnac, Chairman
Dr Chandra Patni, CEO
NFC EMV Host Card Emulation (HCE) Mobile Payments
Dual Tokens! “Digital ID Tokens” to secure “HCE Tokens”
www.hceservice.com
www.hceservice.com
Vision, Mission, and Ambition
Our visionTo become a leading mobile HCE (Host Card Emulation) secure payments service delivery company for card issuers
Our missionTo provide market leading secure HCE payments and secure messaging solutions for physical NFC, digital and in app commerce environments.
Our ambitionTo make HCE Service one of the major secure HCE payments physical, Internet and mobile commerce solution company globally.
3
www.hceservice.com
VPN
ApplicationProcessor
SecureElement
NFC
M Payment
Till recently…a complex security architecture
• Secure Payment, but…─ MNO's control of Secure Element,─ MNOs and banks and OEMs and card
payment and Google,… all infighting ─ HW Platform and brand dependency─ Trusted Service Manager complex
deployment ─ ….
www.hceservice.com
until now it has mostly been …
www.hceservice.com
VPN
ApplicationProcessor
SecureElement NFC
M Payment
Why HCE ?
Google took the Secure Element away, so did Visa and MasterCard
─ Innovation possible─ Deployment easy
but…Security is now an issue…
Replace hardware Secure Element?
www.hceservice.com
OK, so there are lots of security issues?
Mobile App
NFC
JavaNative Code
Host Card Emulation
Data
PAYMENTNETWORKINTERNET
ACQUIRER
ISSUER CLOUD BASED PAYMENT
PLATFORM
-Vulnerable Device, Boot, and OS
- User credentials can be cloned
- Tokens can be cloned
- Local Transaction processing is vulnerable
www.hceservice.com
PKI Security for User and Device Authentication
www.hceservice.com
Our Business Objectives …Platform/Software as a Service
• HCE EMV card tokenisation and authorisation service:• Multi-brand (Visa, Mastercard, Amex,….)• HCE tokens issue and dynamic limited life parameter updates
(HCE-Tokens)• Token transaction authorisations (HCE-Payments)
• Transactional WPKI – “SWIM”:• Software Wireless Identity Module (SWIM) PKI tokens• Application level host messaging PKI secured• Non-repudiation, authentication, confidentiality and integrity
Low TCO and Risk• Minimal integration impact on legacy card issuing system
www.hceservice.com
HCE Service is an Open Layered Architecture
End User LayerPayment/Access Wallets – HCE & NFCMobile Payment Devices – Phones/Tablets
PKI Security Trust LayerRA/CA PKI ServersEnd-to-end PKI Security Servers (Android & Host)
Transaction Processing LayerHCE Tokens Payment ProcessorHCE Customer/Card Token Management
HCE Business Application Layer Card Token Accounts, M-Banking, Trading, Gaming, Leisure …..
10
HCE Service for WPKI, Payment/Messaging Processing, and APIs
www.hceservice.com
Complete ECO system
MerchantPoint of Sale
Internet
Payment Network
Public Key Infrastructure
SWIM
Card IssuerHost
SWIM App
HCE
HCE-PaymentsTokenized
Transactions
HCE-TokensToken Service
Provider Lifecycle
Management
Securely delivers limited
life data
Securely store and use limited
life data
MAPMobile Application
Platform
PAYMENTNETWORK
ACQUIRER
INTERNET
www.hceservice.com
Complete ECO system
www.hceservice.com
Complete ECO system
AcquirerHCE-Tokens VTS/MDES/ Own Token
Service
Rules DB
HCE-Payments
Authorisation
SWIM-RASWIM-CA
TxnDB
Tokens DB
SWIM-SS server
HCE SWIM mobile appUser Token
Wallet
Contactless POS
Merchant
Issuer
www.hceservice.com
HCE SWIM Software Protection Dual Tokenisation
• HCE SDK with WPKI Security Server• Dual Tokens: HCE Token and WPKI Digital ID• Integrates with SWIM cloud WPKI Infrastructure• Integrates with Visa & Mastercard Token servers• Enhanced data protection• Secure Crypto generation using Whitebox• Tamper proofing• Code Obfuscation & Data Protection• Personalizes Mobile App• Dynamically updates app security
Mobile App Client Solution
www.hceservice.com
Dual HCE & SWIM Mobile Apps -• Protects against reverse engineering & code
modification• Secure Processing including cryptographic
functions using Whitebox• Protect sensitive data secrets• Detects device & code integrity
INTRINSIC SECURITY IN OUR MOBILE APP
Code Obfuscation
Tamper Proof
Secure Crypto
Processing
Rooting detection
www.hceservice.com
|
HCE SWIM
Whitebox
2 Tokens
NFC
SWIM WPKI SECURED CLOUD
PAYMENT PLATFORM
POS
HCE SWIM secure mobile payment SDK:
Built-in support for Visa & Mastercard payment transaction
Pre-integrated with Visa & Mastercard Token servers for faster deployment
Pre-tested for PKI security compliance
Secure HCE Payment SDK
www.hceservice.com
HCE SWIM WPKI Integrated with Visa/MC– KEY DIFFERENTIATOR
HCE Secure - key integrator partner for Visa HCE based mobile payment deployments Issuers benefits from program & resources Issuers inherit functional & security compliance
results
Pre-integrated with both Visa and Mastercard token service platforms Allows issuers to go with low investment
options by utilizing existing HCE & Visa/MC infrastructure
reduces time-to-market
MDES
VDEP
MasterCard DigitalEnablement Service
Visa Digital Enablement Program
www.hceservice.com
Summary – Focus on Security BenefitsWorking with payments/security experts…
Wireless PKI Security integrated with HCE Tokenisation• User/Device Authentication, Token Confidentiality and Non-repudiation• E.g. our HCE & SWIM twin tokens provisioning model
Issuer Phased approach: • VTS/MDES in Phase 1 • In-house Tokenisaiton in Phase 2
HCE payments authorisation module - easy integration with CMS
Software as a Service security knowledge• PCI-DSS• Transactional WPKI• Whitebox Host Security Module (HSM) knowhow`
www.hceservice.com
Any questions?
www.hceservice.com