1 / 17

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Co

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Computing and Mathematics Brunel University London, UK UB8 3PH pardis.pourghomi@brunel.ac.uk. Introduction to NFC.

tegan
Download Presentation

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Co

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Computing and Mathematics Brunel University London, UK UB8 3PH pardis.pourghomi@brunel.ac.uk

  2. Introduction to NFC • NFC is designed for short distance wireless communication • NFC is complementary to Bluetooth and 802.11 with their long distance capabilities • Easy and simple connection method • Enables the exchange of data between devices over the distance of up to 20 centimetres • Provides communication method to non-self powered devices pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  3. Examples of using NFC enabled mobile phones • Download music or video from a smart poster • Exchange business cards, Pay bus or train fair, Parking tickets, Pay at Kiosks, Pay and purchase at Point of Sale Terminals • Access controls in office, hotels, airports, print receipts to printer pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  4. What is a Secure Element (SE)? • SE is intended as an attack resistant microcontroller • Combination of hardware, software, interfaces and protocols embedded in a mobile handset that enable secure storage • Provides a secure area for the execution of the applications and protection of the payment assets (i.e. payment keys, application codes, payment data) • Can also be involved in authentication process pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  5. What is a Secure Element (SE)? • Operating system running on the SE must be able to install, personalize and manage multiple applications • The SE is essential in NFC transactions and ownership/control of it may yield commercial or strategic advantage • SE types: Stickers, removable Secure Memory Card (SMC), Universal Integrated Circuit Card is (UICC), Embedded SE (eSE) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  6. NFC ecosystem players • Consumer: is the party that is considered as the end user in an NFC ecosystem. • Merchant: is considered as the consumer matching part. • Secure Element issuer (SEI): is the party that issues the SE in an NFC ecosystem. It is also controlling the SE in which it decides how the storage of an SE should be used. • Secure Element provider: SE provider is the manufacturer of the SE. It has a direct relationship with SE issuer and service provider. • Service Provider (SP): is the party that issues the payment application and deploys data element to consumer. SP is also responsible for managing the payment application which is stored in SE. pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  7. NFC ecosystem players • Mobile Network Operator (MNO): is responsible for providing the GSM network for data transmission. In our case, the MNO is the SE issuer (SE in the form of UICC). • Trusted Service Manager (TSM): The role of TSM is to integrate several SEs and SPs. • Acquirer: The main role of the acquirer is handling financial payments by clearing and settling transactions through the financial institutions. pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  8. SE management • SE management in a mobile multi-application environment is very challenging • SP and SE issuers have ‘n’ to ‘n’ active relationship • Partners may have limited control over the service environment • Current card issuance models cannot support the dynamic post issuance personalization process (lack of SP’s control on SE) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  9. Mobile wallet + Cloud computing • Is there a need for cloud? • Would NFC do the job on its own? • There is a need for a clear right to go market strategy for mobile payments • There is not much agreement in the minds of mobile wallet stakeholders • Which technology will finally get accepted by consumers and merchants? • PayPal, Telefonica/O2, and Best Buy have announced wallets that are using cloud technology – “cloud wallets” pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  10. NFC wallet & Cloud wallet pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  11. NFC Cloud Wallet model – Overview • Customer scans his NFC enabled phone on the POS to make the payment • The payment application is downloaded into customer’s mobile phone SE • The POS communicates with the cloud provider to check whether the customer has enough credit • Cloud provider transfers the required information to the POS • The merchant either authorizes the transaction or rejects customer’s request • The merchant communicates with the cloud to update customer’s balance pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  12. NFC Cloud Wallet model – General idea Additional Security (optional) • When NFC enabled phone sends a request to the cloud provider to get permission to make a payment (step 1), the cloud provider sends a SMS requesting a PIN number to identify the user of the phone • Customer sends the PIN back to the cloud provider as an SMS – Verification pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  13. Ecosystem scenarios: Direct Link between POS and MNO Extension to NFC cloud wallet model Assumptions: • The SE is part of the SIM (UICC) • The cloud is part of the MNO • The MNO manages the SE/SIM (GSM) • Banks, etc. are linked with the MNO • MNO is the only party which manages confidential data stored in the cloud • More info: Pourghomi, P., Saeed, M., Q., and Ghinea, G. A Proposed NFC Payment Application, In International Journal of Advanced Computer Science and Applications (IJACSA), volume 4, Number 8/2013, pages 173-181. The Science and Information Organization Ltd, 2013. pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  14. Ecosystem scenarios: Unlinked POS and MNO Assumptions: • The main SE (virtual SE) is part of cloud – managed by MNO • A secure tamper resistant component is in mobile device used for authentication (phone’s SE) • The MNO manages the SE/SIM (UICC) • Banks, etc. have connections with MNO • Vendor trusts MNO pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  15. The virtual SE V.S. phone’s SE Virtual SE (stored in cloud): Securely store personal data such as debit and credit card information, user identification number, loyalty program data, payment applications, PINs and networking contacts Phone’s SE: Stores authentication data such as keys, certificates, protocols and cryptographic mechanisms pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  16. Research challenges • Integration of financial institution(s) with MNO • Integration of cloud with MNO • Design secure transaction protocols according to payment scenarios • Further exploration of cloud architecture (SP perspective) pardis.pourghomi@brunel.ac.uk - Brunel University, UK

  17. Thank you for your attention!Question timeContact: pardis.pourghomi@brunel .ac.uk pardis.pourghomi@brunel.ac.uk - Brunel University, UK

More Related