Key issues and possible solutions for creating a feasible tsm infrastructure
1 / 21

Key Issues and Possible Solutions - PowerPoint PPT Presentation

  • Uploaded on

Key Issues and Possible Solutions for Creating a Feasible TSM infrastructure . Riekus Hatzmann. Monaco Grimaldi Forum, WIMA-NFC Conference, April 29 th 2008. Introduction. Role of TSM. Security and Risk Issues. Conclusions. Atos Origin.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Key Issues and Possible Solutions ' - RoyLauris

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Key issues and possible solutions for creating a feasible tsm infrastructure l.jpg

Key Issues and Possible Solutions for Creating a Feasible TSM infrastructure

Riekus Hatzmann

Monaco Grimaldi Forum, WIMA-NFC Conference, April 29th 2008

Slide2 l.jpg


Role of TSM

Security and Risk Issues


Atos origin l.jpg
Atos Origin

A client centric company with global operations…powered by people

Our vision and mission in electronic payments l.jpg


Change capability

Enabling business goals


Achieving business value

Operational excellence

Adaptable systems

Exploit new technologies

Package integration

Our Vision and Mission in Electronic Payments

“To be the preferred technology partner in retail electronic payments through best-in-class processing, solution development and information management”


  • Best-in-class processes

  • Next generation technology

  • Cost Excellence

It is Atos Origin’s ambition to become one of the 3 to 5 large payment providers in Europe

Slide5 l.jpg


Role of TSM

Security and Risk Issues


Mobile finance trends l.jpg

mWeb 1.0

(WAP 1.0, 2000)

mWeb 2.0

(WAP 2.0, 2002-now)

mWeb 3.0

(WICD 1.0, 2008-future)

  • Simple devices

  • Limited mobile bandwidth (1G)

  • Walled-garden

  • Applications based on Wap 1.0

  • Primitive menu structure

  • Smart devices

  • Moderate mobile bandwidth (2G)

  • Open mobile internet

  • Applications based on Wap 2.0

  • Comprehensive menu structure

  • Smarter devices

  • High-speed mobile networking (3G)

  • Applications based on WICD

  • Interactive mobile internet

  • Rich media mobile applications

Mobile Banking

- SMS-based banking services.

- Financial information based on SMS-push

Mobile Banking

- WAP-based

- Financial information services

- Combination of mobile device + plastic card + secure identifier

Convergence of Mobile Banking and Mobile Payment

  • Single mobile banking and mobile payment environment on mobile device

  • Secure and Trusted by both financial institutions and consumers

  • Flexible and adjustable risk management tailored down to each financial transaction

Mobile Payment

- SMS-based payments (e.g. MobiPay, mobile PayPal)

Mobile Payment

- SMS-based payments (STK)

- Initial NFC mobile payments

Mobile Finance Trends

Tsm positioning overview l.jpg

Transport Providers





TSM Positioning: overview

Forming Entities

TSM Governance

Compliancy rules

Audit Certification

TSM Operations

Service Provider


Atos origin s view on tsm roles l.jpg

We concur with these roles


Application life cycle management

Asset management

However, following issues should be considered:

Distinctive situation with respect to UICC based or embedded SE

Inter-operability of multiple TSMs

Customer satisfaction


Memory management of SE

Security, Trust and Regulations (e.g. compliancy authorities)

Provide the single point of contact for the service providers to access their customer base through the MNOs

Execute the Security Policy of the Trust Authority: creating the derived keys and certificates for the SE

Manage the secure download and life-cycle management of the mobile NFC application on behalf of the service provider

Atos Origin’s View on TSM Roles

[email protected] Jan. 2008

  • To approve new applications for allowance of the application in the NFC Ecosystem

  • To specify requirements which application builders should comply to for introduction in NFC Ecosystem

  • To maintain an application repository

[email protected] Jan. 2008

…trust provisioning & security are essential regardless of SE positioning

Tsm positioning uicc as secure element assignment of security domains l.jpg
TSM PositioningUICC as Secure Element: assignment of security domains



Issuer Security Domain


Service Provider Security Domain 1




Service Provider

Service Provider Security Domain n

Tsm positioning interoperability l.jpg

SIM Vendor 1

TSM PositioningInteroperability?

  • Possible distinction between MNO- TSM and Service Provider-TSM

  • MNOs control the assignment of service provider security domains

  • Root keys originated from various SE vendors/owners can be distributed over many TSM’s

  • Service Providers must have {n} contracts with n x TSM


  • More interfaces between partners in the chain of trust

  • Are TSM’s still independent?

  • Is there still an open and level playing field?

Embedded SE Vendor (n) / OEM (n)

Embedded SE Vendor 1


(Service Provider) TSM


Not OK

Service Provider n

Service Provider n

Not OK





Optional chapter number (Arial 10 plain)

Tsm positioning creating interoperability l.jpg

SIM Vendor 1

TSM PositioningCreating Interoperability

Embedded SE Vendor (n) / OEM (n)

Embedded SE Vendor 1

  • Decrease business complexity

  • Ensure interoperability

  • TSMs can concentrate on their core business -> providing service to Service Providers

  • Service providers need only one contract with a preferred TSM

  • Root keys managed by an independent and trusted party: Certification Authority.

  • The Authority can be governed by an independent consortium of different parties in the NFC-ecosystem.

Certification Authority


(Service Provider) TSM


Service Provider n

Service Provider n




Optional chapter number (Arial 10 plain)

Slide13 l.jpg


Role of TSM

Security and Risk Issues


Key security aspects of mobile financial services l.jpg
Key Security Aspects of Mobile Financial Services

  • OTA Commissioning Security

    • End-to-end secure channel

    • Security domain management

  • Device Element Security Management

    • Secure Element Security (e.g. prevention of copying information from the SE)

    • Security management of applications (e.g. prevention of the access to secure application using a PIN code)

  • TSM Server Security

    • Physical security of the server (IFRS compliant data center, 3rd party verification & audit, SOX / BASEL 2)

  • Proximity Security Management

    • Security management of information exchange between a mobile device and a terminal (e.g. EMV compliant)

Mobile financial services risks and opportunities l.jpg
Mobile Financial Services: Risks and Opportunities



Slide17 l.jpg

Atos Origin

Role of TSM

Security and Risk Issues


Conclusions 1 2 l.jpg
Conclusions (1/2)

Regarding TSM

  • The TSM concept is feasible and required: security, trust and compliancy have to be dealt with

  • The TSM roles should cover not only the functionalities related the secure element, but also the functionalities related to other application levels (e.g Midlet)

  • The role of Certification Authority helps to create a level-playing field and should be positioned in a Trust Center

Conclusions 2 2 l.jpg
Conclusions (2/2)

Regarding Mobile Financial Services

  • Flexible security solutions are required to support the dynamics of mobile financial services

  • Creative security solutions require an open mind of service providers toward novel security concepts

  • Some security solutions supporting high-value online payments might be difficult to implement but these solutions are available

Slide21 l.jpg

For more information please contact:Riekus Hatzmannm +31 (0)6 [email protected] Origin B.V.3528 BJ, Utrecht, the