slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Co PowerPoint Presentation
Download Presentation
Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Co

Loading in 2 Seconds...

play fullscreen
1 / 17

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Co - PowerPoint PPT Presentation


  • 59 Views
  • Uploaded on

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Computing and Mathematics Brunel University London, UK UB8 3PH pardis.pourghomi@brunel.ac.uk. Introduction to NFC.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Ecosystem Scenarios for Cloud-based NFC Payments Pardis Pourghomi and George Ghinea School of Information Systems, Co


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Ecosystem Scenarios for Cloud-based NFC Payments

Pardis Pourghomi and George Ghinea

School of Information Systems, Computing and Mathematics

Brunel University

London, UK

UB8 3PH

pardis.pourghomi@brunel.ac.uk

introduction to nfc
Introduction to NFC
  • NFC is designed for short distance wireless communication
  • NFC is complementary to Bluetooth and 802.11 with their long distance capabilities
  • Easy and simple connection method
  • Enables the exchange of data between devices over the distance of up to 20 centimetres
  • Provides communication method to non-self powered devices

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

examples of using nfc enabled mobile phones
Examples of using NFC enabled mobile phones
  • Download music or video from a smart poster
  • Exchange business cards, Pay bus or train fair, Parking tickets, Pay at Kiosks, Pay and purchase at Point of Sale Terminals
  • Access controls in office, hotels, airports, print receipts to printer

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

what is a secure element se
What is a Secure Element (SE)?
  • SE is intended as an attack resistant microcontroller
  • Combination of hardware, software, interfaces and protocols embedded in a mobile handset that enable secure storage
  • Provides a secure area for the execution of the applications and protection of the payment assets (i.e. payment keys, application codes, payment data)
  • Can also be involved in authentication process

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

what is a secure element se1
What is a Secure Element (SE)?
  • Operating system running on the SE must be able to install, personalize and manage multiple applications
  • The SE is essential in NFC transactions and ownership/control of it may yield commercial or strategic advantage
  • SE types: Stickers, removable Secure Memory Card (SMC), Universal Integrated Circuit Card is (UICC), Embedded SE (eSE)

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

nfc ecosystem players
NFC ecosystem players
  • Consumer: is the party that is considered as the end user in an NFC ecosystem.
  • Merchant: is considered as the consumer matching part.
  • Secure Element issuer (SEI): is the party that issues the SE in an NFC ecosystem. It is also controlling the SE in which it decides how the storage of an SE should be used.
  • Secure Element provider: SE provider is the manufacturer of the SE. It has a direct relationship with SE issuer and service provider.
  • Service Provider (SP): is the party that issues the payment application and deploys data element to consumer. SP is also responsible for managing the payment application which is stored in SE.

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

nfc ecosystem players1
NFC ecosystem players
  • Mobile Network Operator (MNO): is responsible for providing the GSM network for data transmission. In our case, the MNO is the SE issuer (SE in the form of UICC).
  • Trusted Service Manager (TSM): The role of TSM is to integrate several SEs and SPs.
  • Acquirer: The main role of the acquirer is handling financial payments by clearing and settling transactions through the financial institutions.

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

se management
SE management
  • SE management in a mobile multi-application environment is very challenging
  • SP and SE issuers have ‘n’ to ‘n’ active relationship
  • Partners may have limited control over the service environment
  • Current card issuance models cannot support the dynamic post issuance personalization process (lack of SP’s control on SE)

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

mobile wallet cloud computing
Mobile wallet + Cloud computing
  • Is there a need for cloud?
  • Would NFC do the job on its own?
  • There is a need for a clear right to go market strategy for mobile payments
  • There is not much agreement in the minds of mobile wallet stakeholders
  • Which technology will finally get accepted by consumers and merchants?
  • PayPal, Telefonica/O2, and Best Buy have announced wallets that are using cloud technology – “cloud wallets”

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

nfc wallet cloud wallet
NFC wallet & Cloud wallet

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

nfc cloud wallet model overview
NFC Cloud Wallet model – Overview
  • Customer scans his NFC enabled phone on the POS to make the payment
  • The payment application is downloaded into customer’s mobile phone SE
  • The POS communicates with the cloud provider to check whether the customer has enough credit
  • Cloud provider transfers the required information to the POS
  • The merchant either authorizes the transaction or rejects customer’s request
  • The merchant communicates with the cloud to update customer’s balance

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

nfc cloud wallet model g eneral idea
NFC Cloud Wallet model – General idea

Additional Security (optional)

  • When NFC enabled phone sends a request to the cloud provider to get permission to make a payment (step 1), the cloud provider sends a SMS requesting a PIN number to identify the user of the phone
  • Customer sends the PIN back to the cloud provider as an SMS – Verification

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

e cosystem scenarios direct link between pos and mno
Ecosystem scenarios: Direct Link between POS and MNO

Extension to NFC cloud wallet model

Assumptions:

  • The SE is part of the SIM (UICC)
  • The cloud is part of the MNO
  • The MNO manages the SE/SIM (GSM)
  • Banks, etc. are linked with the MNO
  • MNO is the only party which manages confidential data stored in the cloud
  • More info: Pourghomi, P., Saeed, M., Q., and Ghinea, G. A Proposed NFC Payment Application, In International Journal of Advanced Computer Science and Applications (IJACSA), volume 4, Number 8/2013, pages 173-181. The Science and Information Organization Ltd, 2013.

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

ecosystem scenarios u nlinked pos and mno
Ecosystem scenarios: Unlinked POS and MNO

Assumptions:

  • The main SE (virtual SE) is part of cloud – managed by MNO
  • A secure tamper resistant component is in mobile device used for authentication (phone’s SE)
  • The MNO manages the SE/SIM (UICC)
  • Banks, etc. have connections with MNO
  • Vendor trusts MNO

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

the virtual se v s phone s se
The virtual SE V.S. phone’s SE

Virtual SE (stored in cloud):

Securely store personal data such as debit and credit card information, user identification number, loyalty program data, payment applications, PINs and networking contacts

Phone’s SE:

Stores authentication data such as keys, certificates, protocols and cryptographic mechanisms

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

research challenges
Research challenges
  • Integration of financial institution(s) with MNO
  • Integration of cloud with MNO
  • Design secure transaction protocols according to payment scenarios
  • Further exploration of cloud architecture (SP perspective)

pardis.pourghomi@brunel.ac.uk - Brunel University, UK

thank you for your attention question time c ontact pardis pourghomi@brunel ac uk
Thank you for your attention!Question timeContact: pardis.pourghomi@brunel .ac.uk

pardis.pourghomi@brunel.ac.uk - Brunel University, UK