survey on smart card mobile payment n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Survey on Smart Card & Mobile Payment PowerPoint Presentation
Download Presentation
Survey on Smart Card & Mobile Payment

Loading in 2 Seconds...

play fullscreen
1 / 30

Survey on Smart Card & Mobile Payment - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

Survey on Smart Card & Mobile Payment. Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes. Contents. Introduction Methodology of Study Existing Payments Schemes Business Drivers Relation between SIM card & Smart Card Technological Trends Business Trends Conclusion. Introduction .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Survey on Smart Card & Mobile Payment


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
survey on smart card mobile payment

Survey onSmart Card & Mobile Payment

Tijo Thomas ( 03229401)

Guided by Prof: Bernard Menezes

KReSIT IIT Bombay

contents
Contents
  • Introduction
  • Methodology of Study
  • Existing Payments Schemes
  • Business Drivers
  • Relation between SIM card & Smart Card
  • Technological Trends
  • Business Trends
  • Conclusion

KReSIT IIT Bombay

introduction
Introduction

Motivation

  • To understand the existing payment schemes.
  • To understand the role of smart card in retail payment.
  • To understand the security issues.

Goal

  • To understand the future of retail payment.

KReSIT IIT Bombay

methodology of study
Methodology of Study
  • Collected the details about the existing payment schemes.
  • Surveyed Industry Standards for Payments.
  • Collected responses to questionnaire from focus groups.
  • Studied various types of smart cards.
  • Analyzed the relationship between smart card and SIM card.
  • Surveyed the Business Trends of M-Commerce and its future.

KReSIT IIT Bombay

existing payment scheme
Existing Payment Scheme

Based on Value

  • Micro payments – less than 5$
  • Medium Payments – Between 5$ - 25$
  • Macro payments - above 25$

Based on Location

  • Remote Transaction – SMS, GPRS
  • Proximity Transaction – Bluetooth, RFID

Based on Technology

  • Magnetic Strip card
  • Smart Card

KReSIT IIT Bombay

smart card payments
Smart card Payments
  • What is smart card?

Smart card is a tamper proof plastic card with an embedded microchip that can be loaded with data.

  • Why smart card?
    • Security
    • Processing power
    • Memory

KReSIT IIT Bombay

smart card security
Smart Card Security
  • OS and File Security

File hierarchy – MF,DF,EF

File security attributes

  • Access Rights

Always(ALW)

Card holder Verification 1 (CHV1)

Card holder Verification 2 (CHV2)

Administrative (ADM)

KReSIT IIT Bombay

smart card security1
Smart Card Security

Hardware Security

  • All the data are store in EEPROM, so can be erased using unusual voltage
  • Data can be erased by exposure to UV rays
  • Heating the card in high temperature
  • Statistical Attack like Differential power analysis (DPA)

KReSIT IIT Bombay

java card
Java Card

The Java Card platform was designed and developed from the beginning specifically to enhance the security of smart cards.

Advantages

  • Open Architecture Designed with Industry Experts
  • Java runtime environment (JRE)
  • Security Enhancements – transaction atomicity, Cryptography, Applet firewall
  • Code reusability (OOPS) & data integrity
  • Proven platform - Passed security evaluation by financial agencies, US Dept of Defense and US national security Agency.

KReSIT IIT Bombay

mobile commerce
Mobile Commerce

Definition:

“Mobile commerce is the use the of mobile hand held devices to communicate, inform, transact and entertain using text and data via connection to public and private networks”

(Lehman Brothers)

“Mobile Commerce refers to any transaction with monetary value that is conducted via a mobile telecommunications network.” (Durlacher)

KReSIT IIT Bombay

scheme of mobile payments
Scheme of Mobile Payments
  • SMS Based Payments
  • WAP/GPRS
  • Reverse SMS Billing
  • Proximity Payments

KReSIT IIT Bombay

sms based payments
SMS Based Payments
  • Secure message in the form of SMS are used to transfer money from one user account to another
  • Use of PKI
  • Implementation e.g.: mCheque
  • Advantage: No account information is revealed

KReSIT IIT Bombay

wap gprs based payments
WAP/GPRS based payments
  • Wireless Application Protocol (WAP) over GPRS mobiles are used
  • Similar to e commerce
  • Less risk involved
  • Cost for GPRS connectivity is reducing.
  • No changes in the existing business model

KReSIT IIT Bombay

reverse sms billing
Reverse SMS Billing
  • Definition:

Provider over charge SMS from special numbers -(Premium SMS)

  • Separate Business Models are to be realized
  • Only small change in the existing set up
  • Advantage: No additional infra structure is required.
  • Applications: Digital contents like ring tones, music , video...etc

KReSIT IIT Bombay

proximity payments
Proximity Payments

Definition:

The trading parties are in the same vicinity.

  • Standardized interfacese.g. Infra red , Blue tooth
  • Supported Offline transaction
  • Cheaper solution for micro payments
  • High Risk
  • Separate Business Models & Infrastructure need to be implemented

KReSIT IIT Bombay

business drivers
Business Drivers
  • Wider acceptance for GPRS/WAP enabled mobile devices
  • Mobile operators are looking for new revenue streams
  • Population of mobiles devices over PC
  • Average time to detect a mobile theft is 68 min over 26 hours for credit cards
  • More secure than conventional credit cards

KReSIT IIT Bombay

relationship between sim card and smart card
Relationship between SIM card and smart card
  • GSM specification11.11 defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM.
  • Any implementation of this standard can act as a SIM card in Mobiles.

Implementation:

    • Java Card
    • Native Card

KReSIT IIT Bombay

technology trends
Technology Trends
  • Research organizations & Focus groups are working on the effective standards.
  • Different Business Models (OSS & BSS) are being evaluated for its feasibility.
  • Emerging Wireless Technology - 3G, 2.5G
  • Advancement Mobile Phone Technology

KReSIT IIT Bombay

business trends
Business Trends

Taken from “Towards A Holistic Analysis of Mobile Payments: A Multiple Perspectives Approach”

by Jan Ondrus &Yves Pigneur

KReSIT IIT Bombay

business trends1
Business Trends
  • Research reveals high potential market
  • New revenue stream for MNO’s
  • Opportunity for new comers - application developer, content providers …etc
  • High Penetration of mobile device
  • Lack of security in existing credit/debit card system

KReSIT IIT Bombay

conclusion
Conclusion

High Potential Market

High Demand for “Killer Applications”

MNO are looking for new revenue stream

Customers willingness to experiment

Merchants are looking for a standard OSS and standard based products

Opportunity for new comers

KReSIT IIT Bombay

slide22
Thank You

KReSIT IIT Bombay

slide23
GSM Specifications

KReSIT IIT Bombay

gsm specification
GSM Specification
  • Defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM.
  • Any implementation of this standard can act as a SIM card in Mobiles

KReSIT IIT Bombay

gsm characteristics
GSM Characteristics
  • Physical Characteristics-electronic signals, supply voltage, transition protocol
  • Logical Model-logical structure of SIM, file structure.
  • Security Feature
  • File access condition
  • Description of Functionalities-functional description of commands and respective response, status condition, error code
  • Description of Commands-mapping the functions to APDU
  • Contents of Elementary files- elementary files for GSM session, access condition..etc
  • Application Protocol-list of standard operation between SIM and ME.

KReSIT IIT Bombay

gsm sim security
GSM SIM Security

Subscriber Identity Authentication

  • authenticate the identity of the mobile subscriber
  • The network issues a random challenge
  • Mobile Subscriber (MS) computes the response–using a one-way hash fn (A3 algo) using a authentication key which is unique to each subscriber
  • The Network also compute the response and compare with the response it receive from MS
  • The same mechanism is used to establish a cipher key Kc
  • This key is used to encrypt data and radio signal. (A8 Algo)
  • The two algorithms are combined into single algorithm called A38

KReSIT IIT Bombay

gsm sim security1
GSM SIM Security

User Signalling Data Confidentiality

  • The data is exclusive-or’d with the key Kc and transferred over the radio path.

Subscriber Identity Confidentiality

  • This service is to hide the International Mobile Subscriber Identity (IMSI)
  • The service is based on Temporary MSI (TMSI)
  • The IMSI is mapped to TMSI
  • The TMSI is then encrypted with the cipher key Kc and send

KReSIT IIT Bombay

slide28
Smart Card Standards

KReSIT IIT Bombay

smart card standards
Smart card Standards
  • International Standards
    • ISO 7816:physical and elecrical characteristics as well as format and protocol for information exchange between the smartcard and reader.
    • European Telecommunication Standards Institute (ETSI): Standard for the GSM SIM to communicate with the mobile device

KReSIT IIT Bombay

smart card standards1
Smart card Standards
  • Industry Standards
    • EMV:Euro pay, Master Cards & Visa defines a standard to allow safe ,easy electronic commerce standard
    • Mobile 3D:Visas international new global specification that ensure security of internet payments made over mobile phones.
    • Open card Framework: Provides an architecture and a set of API that enable application developer to build application in java which use smart card reader.
    • PC/SC: Personal computer/ Smartcard is a win 32 based specification to allow the manufactures to develop products independently.
    • CEPS : Common Electronic Purse Standard
    • Java Card

KReSIT IIT Bombay