Key Issues and Possible Solutions for Creating a Feasible TSM infrastructure - PowerPoint PPT Presentation

Key issues and possible solutions for creating a feasible tsm infrastructure l.jpg
Download
1 / 21

Key Issues and Possible Solutions for Creating a Feasible TSM infrastructure . Riekus Hatzmann. Monaco Grimaldi Forum, WIMA-NFC Conference, April 29 th 2008. Introduction. Role of TSM. Security and Risk Issues. Conclusions. Atos Origin.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Key Issues and Possible Solutions for Creating a Feasible TSM infrastructure

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Key issues and possible solutions for creating a feasible tsm infrastructure l.jpg

Key Issues and Possible Solutions for Creating a Feasible TSM infrastructure

Riekus Hatzmann

Monaco Grimaldi Forum, WIMA-NFC Conference, April 29th 2008


Slide2 l.jpg

Introduction

Role of TSM

Security and Risk Issues

Conclusions


Atos origin l.jpg

Atos Origin

A client centric company with global operations…powered by people


Our vision and mission in electronic payments l.jpg

Outsourcing

Change capability

Enabling business goals

&

Achieving business value

Operational excellence

Adaptable systems

Exploit new technologies

Package integration

Our Vision and Mission in Electronic Payments

“To be the preferred technology partner in retail electronic payments through best-in-class processing, solution development and information management”

Through

  • Best-in-class processes

  • Next generation technology

  • Cost Excellence

It is Atos Origin’s ambition to become one of the 3 to 5 large payment providers in Europe


Slide5 l.jpg

Introduction

Role of TSM

Security and Risk Issues

Conclusions


Mobile finance trends l.jpg

mWeb 1.0

(WAP 1.0, 2000)

mWeb 2.0

(WAP 2.0, 2002-now)

mWeb 3.0

(WICD 1.0, 2008-future)

  • Simple devices

  • Limited mobile bandwidth (1G)

  • Walled-garden

  • Applications based on Wap 1.0

  • Primitive menu structure

  • Smart devices

  • Moderate mobile bandwidth (2G)

  • Open mobile internet

  • Applications based on Wap 2.0

  • Comprehensive menu structure

  • Smarter devices

  • High-speed mobile networking (3G)

  • Applications based on WICD

  • Interactive mobile internet

  • Rich media mobile applications

Mobile Banking

- SMS-based banking services.

- Financial information based on SMS-push

Mobile Banking

- WAP-based

- Financial information services

- Combination of mobile device + plastic card + secure identifier

Convergence of Mobile Banking and Mobile Payment

  • Single mobile banking and mobile payment environment on mobile device

  • Secure and Trusted by both financial institutions and consumers

  • Flexible and adjustable risk management tailored down to each financial transaction

Mobile Payment

- SMS-based payments (e.g. MobiPay, mobile PayPal)

Mobile Payment

- SMS-based payments (STK)

- Initial NFC mobile payments

Mobile Finance Trends


Mastering technical complexities and compliancy challenges l.jpg

Mastering Technical Complexities and Compliancy Challenges

bank driven

telco driven


Tsm positioning overview l.jpg

Transport Providers

Banks

MNO’s

Government

Retailers

TSM Positioning: overview

Forming Entities

TSM Governance

Compliancy rules

Audit Certification

TSM Operations

Service Provider

Customer


Atos origin s view on tsm roles l.jpg

We concur with these roles

Key-management

Application life cycle management

Asset management

However, following issues should be considered:

Distinctive situation with respect to UICC based or embedded SE

Inter-operability of multiple TSMs

Customer satisfaction

Level-playing-field

Memory management of SE

Security, Trust and Regulations (e.g. compliancy authorities)

Provide the single point of contact for the service providers to access their customer base through the MNOs

Execute the Security Policy of the Trust Authority: creating the derived keys and certificates for the SE

Manage the secure download and life-cycle management of the mobile NFC application on behalf of the service provider

Atos Origin’s View on TSM Roles

NXP@MobeyForum Jan. 2008

  • To approve new applications for allowance of the application in the NFC Ecosystem

  • To specify requirements which application builders should comply to for introduction in NFC Ecosystem

  • To maintain an application repository

LogicaCMG@MobeyForum Jan. 2008

…trust provisioning & security are essential regardless of SE positioning


Tsm positioning uicc as secure element assignment of security domains l.jpg

TSM PositioningUICC as Secure Element: assignment of security domains

UICC SIM

(MNO) TSM

Issuer Security Domain

(SP) TSM

Service Provider Security Domain 1

Application

Application

Application

Service Provider

Service Provider Security Domain n


Tsm positioning interoperability l.jpg

SIM Vendor 1

TSM PositioningInteroperability?

  • Possible distinction between MNO- TSM and Service Provider-TSM

  • MNOs control the assignment of service provider security domains

  • Root keys originated from various SE vendors/owners can be distributed over many TSM’s

  • Service Providers must have {n} contracts with n x TSM

    Issues:

  • More interfaces between partners in the chain of trust

  • Are TSM’s still independent?

  • Is there still an open and level playing field?

Embedded SE Vendor (n) / OEM (n)

Embedded SE Vendor 1

(MNO) TSM 1

(Service Provider) TSM

{…}

Not OK

Service Provider n

Service Provider n

Not OK

UICC1 / SE1

SEn

UICC1 / SE1

SEn

Optional chapter number (Arial 10 plain)


Tsm positioning creating interoperability l.jpg

SIM Vendor 1

TSM PositioningCreating Interoperability

Embedded SE Vendor (n) / OEM (n)

Embedded SE Vendor 1

  • Decrease business complexity

  • Ensure interoperability

  • TSMs can concentrate on their core business -> providing service to Service Providers

  • Service providers need only one contract with a preferred TSM

  • Root keys managed by an independent and trusted party: Certification Authority.

  • The Authority can be governed by an independent consortium of different parties in the NFC-ecosystem.

Certification Authority

(MNO) TSM 1

(Service Provider) TSM

{…}

Service Provider n

Service Provider n

UICC1 / SE1

UICC1 / SE1

SEn

Optional chapter number (Arial 10 plain)


Slide13 l.jpg

Introduction

Role of TSM

Security and Risk Issues

Conclusions


Key security aspects of mobile financial services l.jpg

Key Security Aspects of Mobile Financial Services

  • OTA Commissioning Security

    • End-to-end secure channel

    • Security domain management

  • Device Element Security Management

    • Secure Element Security (e.g. prevention of copying information from the SE)

    • Security management of applications (e.g. prevention of the access to secure application using a PIN code)

  • TSM Server Security

    • Physical security of the server (IFRS compliant data center, 3rd party verification & audit, SOX / BASEL 2)

  • Proximity Security Management

    • Security management of information exchange between a mobile device and a terminal (e.g. EMV compliant)


Mobile financial services risks and opportunities l.jpg

Mobile Financial Services: Risks and Opportunities

Risks?

Opportunity!


Possible stepwise approach for mobile financial services l.jpg

Possible Stepwise Approach for Mobile Financial Services


Slide17 l.jpg

Atos Origin

Role of TSM

Security and Risk Issues

Conclusions


Conclusions 1 2 l.jpg

Conclusions (1/2)

Regarding TSM

  • The TSM concept is feasible and required: security, trust and compliancy have to be dealt with

  • The TSM roles should cover not only the functionalities related the secure element, but also the functionalities related to other application levels (e.g Midlet)

  • The role of Certification Authority helps to create a level-playing field and should be positioned in a Trust Center


Conclusions 2 2 l.jpg

Conclusions (2/2)

Regarding Mobile Financial Services

  • Flexible security solutions are required to support the dynamics of mobile financial services

  • Creative security solutions require an open mind of service providers toward novel security concepts

  • Some security solutions supporting high-value online payments might be difficult to implement but these solutions are available


Thank you l.jpg

Thank you.


Slide21 l.jpg

For more information please contact:Riekus Hatzmannm +31 (0)6 51304145riekus.hatzmann@atosorigin.comAtos Origin B.V.3528 BJ, Utrecht, the Netherlandswww.atosorigin.com


  • Login