Embed Size (px)
Citation preview
ContactlessSmartmicroSDCard
India
July2019
www.logomotion.eu
Introduction
2
• OurproductisacontactlesssmartmicroSDcard(LGMCard)- aproductforbanks,transitproviders,Government,serviceproviders,walletproviders,TSM
• OurproductisusedwhileinsertedinSDslotofamobilephone.Itenablestostoresensitivedataonasecurechipandtousethisdataformobilecontactlesspayments,transitaccess,inm-commerce,secureaccessandotheruse-cases
• Webelieveourpartnermayconsiderourproductmainlybecauseit:• haspotentialtosimplifyandsecurelymovecurrentfinancialservicesintomobilephones• addressescurrentlynot-addressedbase(not-connectedandfeaturephoneusers)• enablesseamlessandsecureauthenticationofthemobilephoneuser
• cansecurelystoreAadhaarorVirtualIDandthusenableKYCprocessinlinewithIndiaGovernmentrequirements
• canopennewbusinessstreams– inco-operationwithgovernment,transit,smartcities
• ImplementationofLGMCardenablestouseexistingcardissuanceprocesses,paymentsprocessingandmerchantacceptancenetworks
ProductLGMCard
33
• OurproductisastandardmicroSDmemorycardusedwhileinsertedinSDslotofuser’smobilephoneservinghimas:
• amemorycardwith4or16GB
• amultiplesmartcardandhardwaretoken- asithasembeddedoneortwosecurechips
• acontactlessenabler- asithasembeddedminiatureNFCantenna
• ItcanbeusedinsmartphoneswithOSAndroidandWindows,inJavadevicesandalsoinfeaturephones.AstheminiatureNFCantennaworksalsounderbatteriesandmetalbackcoverscustomerisnotlimitedbythephones’design
• Serviceprovider(SP)candecidetouseLGMCardforownservicesandwithinhisownpartnerships
• ThesecurechipsofLGMCardcanbepersonalizedviaastandardISO7816contactsplacedonthesurfaceoftheLGMCard.Thisenablestousecurrentpersonalizationmachines
Opportunities
4
• AddressnearlyallIndiacitizens,targetingalsonot-connectedandfeaturephoneusers-providingthemvarioussecureandsimplemobilesolutions
• Mirror(store)anyplasticcontactlesschipcardonthesecurechipoftheLGMCard-currently5-7cardscanbestoredononechipofLGMCard
• Storeclientcertificateforasimpleboth-sideauthentication(registrationandcheck-inprocesses)oftheuser- withoutenteringlogincredentialsorpassword
• EnabletolinkAadhaarnumberorVirtualIDoftheindividualuser(hisdevice)andsimplifyKYCprocess
• UsethesensitivedatastoredonsecurechipofLGMCardforcontactlessofflineandonlinemobilepayments,transitpaymentsandaccess,m-commerce,asmobileIDcard,foraccesstogovernmentalserversandmanyotheruse-cases
• Increasenumberofsecurem-commercepurchasesascustomerwillneednottoretypecardsdataonthephone’sscreenduringpayment
• Reusecurrentinfrastructuresforcardspersonalization,issuanceanddistributionandkeepcurrentrelationswithmerchantsandotherpaymentindustryplayers
• Remainafullcontrolofyourbrand,securedataandbigdata
• Beaheadofcompetition– providinghighlysecure,convenientandmulti-purposeservicesfromamobilephone
5
AddressinghugeBaseinIndia• Fromapproximately800millionphoneusersinIndia– approximately300millionsuse
smartphonesand500millionsusefeaturephones
• Globally82%ofallsmartphonesandnearly100%offeaturephoneshaveSDslot2.OurmicroSDcardsuitsbothsmartphonesandfeaturephones3
1) 2018,basedonIndianlocalvendorsinformation:67%=featurephones,34%=smartphones.2) BySDassociation2017andbySLCinternalinputsfromdiscussionswithIndianphonevendors3) videohttps://youtu.be/ybvlayTTxDc
6
AddressingUnaddressedmobileUsers• Fromapproximately800millionmobileusersinIndia– approximately100millionareactualmobile
Internetusers(usuallyalsosmartphoneusers)andthuspotentialusersformobilebanking/walletsandpaymentsthroughapps.Currentlyallprovidersfocusonthissegmentonly
• LGMCardcanservebothsmartphonesandnonsmartphonesanditenablescontactlessservicesalsofornot-connectedphones
• Forconnectedcustomers(100million)LGMCardcanextendsecurityofcurrentonlineservicesandenablecontactlessservices.Fornot-connectedcustomers(713million)LGMCardcanprovidecontactlessservices,e.g.entertransitgateorpayoncontactlessmerchant’sPOSbyatapofthephone
LGMCardcanserveallBasedonvariouspublicdata,2016-2018
AllSPfocushereonly
7
BankCardsstoredonLGMCard’sSecurechip(s)
• BankcanstoreanytypeofchipbankcardonSecureelement(SE)ofLGMCard,e.g.:• EMVCo– VISA,MasterCard,RuPay• Metroandothertransitcards• Pre-paid,loyalty,QRcardsetc.• Card(s)of3rd parties– employeecards
etc.
• Customerscanusethesecardsfromtheirmobilephones:• topurchasebyatapofthephoneatanymerchants’standardcontactlessPOS• toenterandpayforametrobyatapofthephone(usingEMVCocardorStoredvaluecard)• form-commerceusingbankcardwithoutaneedtoretypecarddataduringpayment• totop-uppre-paidcardsstoredonSEfromothercard– allfromasmartphone
• CardsstoredonLGMCardcanbepersonalizedinacontactwayorOvertheInternet(OTI)• TransactionscanbeprocessedviaexistinginfrastructureswithagreedInterchangefees(IF)
LGMCard(Gen1)canphysicallystore5-7cardsoneachSE
8
LGMCardfornotconnectedcustomers
• Notconnectedcustomersusuallydonotusesmartphones.UsuallybanksprovidemobileservicestothesecustomersusingSMSbanking- yetwithalimitednumberofservices
• LGMCardwilladdNFCcapabilityalsotobasicandfeaturephones.Bankcanoffernotconnectedcustomerscontactlesspurchasesandcontactlessmetroaccess- byatapoftheirphone
• SEofLGMCardcanstoreAadhaarnumberandthatcanbedisplayedonathephone’sscreenduringAadhaarbasedpurchases
• Tap&payfunctioncanbeintegratedinBank’smobileapplicationoritcanbeenabledfromthephone’smenu
• ConnectedcustomersusingBank’smobileapplicationcanbenefitinmoreareas– seenextslides
Tap&payoncontactlessPOSTap&goonmetroStoreAadhaaronSE
Tap&PayTap&Go
StoredCardStoredAadhaar
MobileTransit
9
• NCMCisEMVCotypeofplasticcontactlesschipcard(Q-Sparc,RuPay)thatstorescredentialsonSecurechipandthatcanbeusedalsoforcontactlessofflinetransactionsandtransitgatesaccessinIndiaSmartcities
• LGMCardisidealmobilealternativeforNCMCplasticcardsasit:• ContainsSE– soNCMCcardissecurelystored/personalizedonSEandprotectingpre-paidcredentials• ContainsNFCantennathatenablesaccesstometrogatesandtopayoncontactlessPOS• Enablescredentialsusagealsowhilethephoneisw/odataconnectivity(online&offlinetransactionson
POSortransportgate)• Doesnotchangeeco-systemusedforplasticversionofNCMC• SimilarusagetoplasticNCMC– simpletap(ofthephone)
• LGMCardcanalsostoreStoredValueCard(SVC)onitsSE• Manytop-upoptions,includingthatfromamobilephoneusingotherbankcard
storedonLGMCard.Transitoperatorcansavecostsfortop-upatkiosks
PlasticNCMC– canbemirroredonSEofmicroSDandusedviaNFCantennaofthemicroSDfromamobilephone
LGMCardusedinm-Commerce
10
WithLGMCardinsertedinamobilephonepaymentsinm-commercecanbeeasyandsecure
• PaymentwithabankcardthatisstoredonSEofLGMCard(astandardwayusingCVV/CVCcode)• Onsupportedpaymentgatespaymentcarddatacanbe
readfromtheSE,encryptedandsendtothemerchant–withoutaneedforcustomertoretypethisdataonmobilephone’sscreen
• Paymentfromabankaccount• Asaresultofboth-sideauthentication*– thecustomer
hasseamlessaccesstohisbankaccountwithoutenteringAccountnumber,CustomerID(CIF)orregisteredmobilenumber.NoneedtouseOTP
• Paymentfromawallet/usingtokens• Asaresultofboth-sideauthentication*– thecustomer
canuseasimpleMPINtoenterhiswalletapplicationanduseallcurrentservicesavailablefromMobileapplicationwithoutchanges
• Toraisethesecurity- cardsonfile(virtualcards)andtokenscanbestoredonSEofLGMCard
UseonlyMPINtoaccessMobile
application/Wallet
Noneedtoentercarddataduringpayment
Seamlessaccesstobankaccount
Raisedvolumesofm-commercepurchaseswithLGMCard
*Seedetailsofboth-sideauthenticationwithLGMCardonnextslides
11
StrongAuthenticationwithLGMCard
• SEofLGMCardcan:• Generateandstoredigitalcertificates(key,clientcertificate,ID,token,PKIcertificate)• Storebiometricsdataatclient’sside
• WithLGMCardtheserviceprovider(SP)canlaunchboth-sideauthenticationbasedonsecurekeysthataregenerated,encryptedandstoredinsideatamper-proofHWSEandtousethisSEalsotostorebiometricsdataatclient'sside(notserverside).Thishasmorebenefitsoverpassword/OTPmethods:• Highersecurity.Publickeyauthenticationprovidescryptographicstrengththatevenextremelylong
passwordscannotoffer1) andclientcertificatesneverleavetamper-proofHWSEthusofferingalayerofsecuritythatAPIkeyscannotprovide.Theprivatekeyoftheclientcertificateisusedtocreateadigitalsignatureineveryconnection,andsoevenifthecertificateissniffedmid-connection,newrequestscan’tbeinstantiatedwithit2)
• Highercomfort.Itfreestheusersfromrememberingcomplicatedpasswords(orworseyet,writingthemdown).Publickeyauthenticationalsoallowsautomated,passwordlesslogin1).
• Itallowsuserstoimplementsinglesign-onacrossthe serverstheyconnectto1)
• Publickeycryptographyisincluded• ServiceproviderhastosetupPKI(PublicKeyInfrastructure)enablingremotemanagement
OTI(OvertheInternet)
1) BySSH.com.https://www.ssh.com2) ByDaniGrant- IntroducingTLSwithclientauthentication,May2017
12
StrongAuthenticationBenefitsforusersandSP
• LGMCardstoringSP’skeyintheSEwillenableSPtocontrolattemptofanyuser(hisdevice)accessingSP’sdatabasewithanoptionforblockingaccess tonotauthorizedusers
• Itwillalsoenableseamlessprocessforcustomer– automated,passwordlessregistrationandloginandsinglesign-onacrossvariousSP’sservers/services
• Exampleofausecase:• CustomerwillenterMobileapplicationoftheparticularSPthatcanbeprotectedbyhispassword• TheMobileapplicationoftheSPwillreaddatafromtheSEofLGMCardviatheSP’sAPIandsendittoSP’sserver
toconfirmthatLGMCardwasissuedbytheSPtotheparticularcustomer• Tousetheservicecustomerwillonlyselecttheserviceonthedevicescreen.Thecustomerneedsnottoprovide
anyadditionaldata– e.g.passwordore-mailandnoneedforconfirmationSMSorOTP
• OncetheSEofLGMCardstoresindividualcustomer’ssensitivedata,e.g.biometrics,bankcarddataoratokentheSPwillneednottocollectdatabasesofsensitivedataordatabasespairingPINs,e-mailsandcustomeraccounts
• Thesecaneliminateriskofviolatingcustomer'saccountbycrackinghispasswordorsteelingdatabasescomprisingsensitivedata
PKI encrypted PKI
BothsideauthenticationRootoftrustbetweenmobiledeviceandserverEncryptionsecuresthelineofcommunication
LGMCardstoresprivate/publickeys&PKIcertificate
Remoteserverrecognizes
private/publickeys&PKIcertificate
13
MobileIDCard• OneSEofLGMCardcanstoreIDcard/Aadhaarincludingbiometrics.Thiswillenablecitizen
touseIDcardfromhismobilephone– securelyandunderfullcontrolofGovernment• IDcardcanbeissuedinthesamewaylikeplasticchipIDcards.Governmentcanpersonalize
securechipofLGMCardintheircurrentsecureinfrastructures.EachLGMCardcanbepersonalizedasIDcardforaparticularcustomer- undercontrolofGovernment
• Governmentcanofferverificationservices• VerifyeIDdatastoredonsecurechip(on-spotandremotely)• Identifyeachcustomer(hismobilephonedevice)whoisaccessinggovernmentalservers• Storeanduseelectronicsignaturefromamobiledevice• OfferGovernmentalverificationservicestocommercialentities
• Paymentsforgovernmentalservices - withbankcardstoredonSEofLGMCard• LGMCardcanaddsecuritytoGovernmentalCloudbasedsolutions
PicturesofaprototypesolutionusingLGMCard- developedforMinistryofInteriorofSlovakRepublic
AadhaarseedingwithLGMCard
14
• UsuallycustomercanlinkhisAadhaarnumbertohisexistingbankaccountorotherservicebyhimselfviamultiplechannelsincluding- InternetBankingormobileapps
• WithLGMCardcustomercaninputhisAadhaarnumberintoLGMCardbyhimselfviaexistingprocesseswhilesecurelystoringAadhaardataontheSEoftheLGMCard.Thiswillenable:• AadhaarseedingwithcustomerbankaccountorotherSPservice• UseAadhaarnumberorVirtualIDwithoutcollectingdatabasesofAadhaarbySP• SeamlessaccesstoAadhaarbasedSPservicesfromamobilephone
• CustomerswithnodataconnectivityusuallyusingbasicorfeaturephonescanbeservedatSPbranchesprovidingthemLGMCardandstoringAadhaarnumberandSPbankcardonSEattheSP’sbranch
• Not-connectedcustomerswhowillstoretheirAadhaarnumberontheSEofLGMCardcanusetheirmobilephonetodisplaytheAadhaarnumberonthescreenoftheirmobilephone– andshowitduringAadhaarbasedpaymentstoamerchant
15
SecureAccesswithLGMCard
• LGMCardcanbeusedbyemployeesasachipcontactlessemployeecardusedfrommobilephones• ToaccessemployeepremisesequippedwithNFCreaders• ToaccessemployeeIntranetandbanksystems
• TheemployeewilltaphismobilephonetoenterthedoorwhilethisfunctioncanbeintegratedinMobileapplicationoritcanbeenabledasashortcutfromthephone’smenu
• SEofLGMCardcangenerateOTPthattheemployeewillhavetoenterintohiscompany’sPCtobeabletologintoIntranetandbanksystems
PKI
encrypted
PKI
BothsideauthenticationRootoftrustbetweenmobiledeviceandserverEncryptionsecuresthelineofcommunication
SEofLGMCardstoresemployeedata
Privatekey&PKIcertificate
EmployerpersonalizesLGMCardasemployeecard.Employer’sserverknowsprivate/publickeys&PKI
certificate
16
MerchantAppwithLGMCard
• MerchantAppisusuallyacashlesspaymentsolutionenablingmerchanttoacceptpaymentsforgoods/servicesusingvariouspaymentoptions,forexample:• Transactionsinitiatedbycustomeri.e.scanningaQRcodeandmaking
paymentsinapushtransactionmode• Transactionsinitiatedbymerchanti.e.acceptingpaymentsfromthe
customerviaAccountNumber+OTP,scanningcustomerQRcard+OTP,AadhaarNumber+OTP
• LGMCardcanbeusedasMerchantcardforthemerchant’sauthentication.SEcanstoredigitalcertificateofapprovedmerchantandenablehimseamlessauthenticationintoAcquiringbanksystemsandsimpleaccesstohismerchantbankaccount
• LGMCard(insertedinsideacustomersmartphone)canalsostoreMerchantLoyaltycardincludingloyaltypointsandfinancialcredential– securelyonSEandthatcanbeusedduringpurchaseswithregisteredmerchants
MobileWalletwithLGMCard
17
• MobileWalletisusuallyapre-paidwalletorvirtualcardwallet(openorclosedloop)andthatenablesmanyuse-cases
• WithLGMCardinhisphoneMobileWalletusercanbenefitfrom:• MakeSignUpandSignInprocessessimple,secureandunified(sameaccesstoanySP
onlineservice)• Simplifiedtop-upoptionsinbuiltintheMobileWalletapp:
• frombankaccount– duetoseamlessaccesstoSP’sInternetBankingwithoutenteringInternetBankinglogincredentials
• fromdebitcard(storedonSEofLGMCard)– duetononeedtoretypecarddataduringrecharge
• UseMobileWalletalsoforcontactlessretailpurchases
LGMCardcanbeadifferentiator-enablingSPcustomersmoreconvenience&security
• Simplifym-commercewithvirtualcard(storedontheSEofLGMCard)• StoringVirtualcarddata(numberandCVV)onSE
enablesm-purchaseswithoutaneedtoretypecarddataonsupportedpaymentgates
• SPwillneednottomanageSPdatabaseofanysensitivecustomersdata
18
Back-upSlides
BasictechnicalFeatures
• AstandardmicroSDmemorycardwith4GBor16GBflashmemory
• OneortwoSecureelements(SE)• EmbeddedminiatureNFCantenna(patented)andthat
worksalsounderbatteriesandmetalbackcovers• ISO7816contactsonthesurfaceenablingcontact
personalizationoftheSE(s)• SupportforOSAndroid,JavaME,WindowsMobile• Gen2oftheproductsupportsalsofeaturephones• CertifiedbyasRuPay dualinterfacecard,in
July2019
19
Form Factor SDHC microSD card, Speed Class 10 (UHS-I)
Flash Memory 4GB (pilots), 16 GB (stock), 8GB or 16GB mass produced
Gen1– Securechips SE#1:NXPJ5C145,JCOP2.4.2R1,145KBEEPROM,MIFAREFleX®(4K)SE#2:NXPJ5D081,JCOP2.4.2R2,80KBEEPROM,MIFARE®DESFire®EV18K
Gen2– Securechip SE#1:e.g.IDEMIA,Pearlv5(availabilitybasedonbindingPO)
NFC Antenna ISO 14443A, ISO 18092, Compliant with MIFARE®
Interfaces Standard microSD interface, ISO 14443A, ISO 7816
20
• LGMCardhaspatenteddesignofISO7816contactsplacedonitssurface• Personalizationcanbedoneoptionallyas
• Contactpersonalization(microSDcardisembeddedonID-1plasticcarrier)• OnDatacardmachines• OnacontactreaderconnectedtoPC(forinstantissuing)
• OTIpersonalization(microSDisinsertedinamobilephone)• UsingTSM
• Contactlesspersonalization(microSDisinsertedinamobilephone)• UsingcontactlessreaderconnectedtoPC(forinstantissuing)
• ContactpersonalizationaccordingtoEMVCospecification• UsesISO7816contactsplacedonthe
surfaceoftheLGMCardcard(markedinagreenoval)
• Doesnotusethe8-pinnormalmicroSDcardcontactsthatconnectthemicroSDcardtoamobilephone(marketinredoval)
PersonalizationOptions
StandardID-1sizeplasticcarrier
ContactpersonalizationcanbeaconditionforSECUREloadingofsensitivedataontheSE,forexampleIDcardorAADHAARnumber
PersonalizationExamples
21
• LGMCardenablesvariousformsofpersonalization:• ContactpersonalizationusingstandardISO7816contacts;using:
1. standardpersonalizationmachines(e.g.Datacard)– videoavailableathttps://www.youtube.com/watch?v=79cvXtx2uvc
2. standardcontactreaderconnectedtoPC• Contactlesspersonalization using:
3.standardcontactlessreaderconnectedtoPCandwhilethemicroSDcardisplacedinsideamobilephone’ssdslot
1. 3.
2.
22
LGMCardActivation- Example
1. 2. 3.
LGMCardiscustomer’sdevice.WeprovideSecKeysandAPItotheIssuer/SP1. IssuerpersonalizesmicroSDcard’ssmartchipanddistributesmicroSDcardstocardholdersinplasticcarrierinthesamewaylikecurrentbankcards
2. UsertakesmicroSDcardoutoftheplasticcarrierandinsertsitintohisphone
3. UserdownloadsUserinterfaceapplication(UIA)overtheair.[Hecanbenavigatedforcardpersonalizationandactivation].Nowheisreadytousehisphoneforvariousservicessupported
4. Usercanadd3rd partyservicesgradually,astheyareavailable.Userwilldownload3rd partyapplicationintohismobilephoneandactivatetheservicebyatapto3rd partycontactlessacceptancedeviceorOver-the-Internet(OTI)usingTSMservices
123456789876
23
BasicIntegrationRequirements• LGMCardrequiresbasicintegrationwithCardmanagementsystem(CMS)and
developmentorupdateofcurrentMobileapplicationbyaddingoptions:• UsingmicroSDcard• Interfacefortap&pay/tap&gouse-cases• Interfaceform-commercepayments• Top-up
• Optionalcanbeasupportforunifiedverification/authentication/authorizationprocessesforvariousservices(PKI,Clientscertificates)
• Forseamlesspurchasesinm-commerceusingbankcardortokenstoredonSE– theonlinemerchantsorpaymentgatewayhavetosupportsuchpaymentswithLGMCard
• Nochangesarerequired:• OncontactlessPOSmachinesandPOSacceptancenetworkthatcurrentlyacceptc’lesschipbank
cards• Forpersonalisationmachines(e.g.DataCard)andincontactEMVCopersonalisationprocesses
• SPcanoptionallydevelopandofferAPIto3rd partiestointegratetheirservices
• SPcanpotentiallybecomeTSM
OTI&TSM- ExampleusedforLGMCardlife-cyclemanagement
• Overtheinternet(OTI)systemsenablesremotelife-cyclemanagementofLGMCardwithhugeflexibilityofaddingnewapplicationsandservingmanypartneringsolutions
• InthecasethatSEisusedtostoreEMVCotypeofbankcardsaTSMsystemhastobedeployed
24
SecurechanneliscreatedbetweenOTI/TSMsystemsandtheSecureelementsofLGMCard
TSM APILGM Card API
25
BenefitsforBanks• IssuingbankcanpersonalizesecurechipofLGMCardasanormalEMVbankcard.All
transactionsprocessedthroughtheexistingpaymentindustryinfrastructureandstandardinterchangefeeswillapplyinawiderangeofcard-presenttransactions,including:• ContactlesspaymentsonastandardcontactlessPOS• Card-basedinternetpayments(usingCVC,CVVcode)
• RevenuestreamsthatmaycoverthecostsofissuingcontactlesssmartmicroSD:• Typicalrevenuederivedfromservingasadepositaccount• InterchangefeesandIFrevenuecanbeusedtobuildacash-backvaluepropositiontothecustomer
- drivingsales• Increasedusageofbankcards(No.oftransactions)oncontactlessPOS– usingmobilephone
typicallyformicropurchases• Onlinepaymentscenarioswhereitcanbeusedforcard-presenttransactionsandfor3Dsecure
usinghttp(s)asanalternativetopotentiallycostlySMS
• SecureaccesstoDirectbankingservices• Internetbanking.LGMCardcangenerateOne–timepassword(OTP)anddisplayitonmobile
phonescreen.Client rewritesOTPvaluemanually
• Mobilebanking.LGMCardcanbeusedasasecurestorageofclients’certificates andenableautomate,passwordlessaccesstoMobilebanking
26
BenefitsforTokenSolutions
• AlthoughtokensbroughthighsecuritytoHCEtheSEofLGMCardcanaddsignificantvalue
• TokensandVaultserversaregreattargetforhackersas:
• tokensinmostofcurrentHCEsolutionsaredeliveredtothemobilephoneandprotectedonlybyasoftware(tokensarestoredinpartofmobilephone’scommonmemory– TrustedExecutionEnvironment,TEE).TEEsecurityhastobeproven
• togetthetokensitisnecessarytoconnecttoVaultserver.Usingtheapplicationistheweakestlinkthatcontainstheinformationtoauthenticatetotheback-endandtoaccesstolocaltokens
• Vaultserversstorehugeamountofdatathatcanbestolen.Ifbankcardsdata/tokensarestoredonSEofindividualusers– nocentraldatabasewillhavetobecreated
• LGMCardcanbevaluableforHCEandtokenizationasit:
• Providenon-repudiationandprotectionforidentitytheftandtokens(Storeclientcertificate&tokensonSE)
• Provideahardwarerootoftrustthatcouldbepreconfiguredfortheservice• EnsurestrongauthenticationtotheHCEserver,forexamplebyusingPKIandmulti-factor
authentication.Controlledaccesscanraiseprotectionagainststolendatabasesofpasswordsfromserversandeliminatingriskofviolatingacustomer'saccount
• Ensureagreatuserexperience
ControlsensitiveandbigData
27
• IncurrentmobilesolutionsCardmanagerCMkeys(enablingaccesstoSE)arenotprovidedtotheServiceProvider.InApplePayandSamsungPay–phonevendorshavecontrolofSE.TEE(TrustedExecutionEnvironment)isusedbythedevicevendortoinstallhis“networkaccessing”securekeymanagementandotherOSrelatedsecurity
• UsingLGMCardtheServiceproviderhasfullcontrolofthehardwareSEandNFCantennacapability.Cardmanager(CM)KeysenableshimtocontrolSEandto:
• StorePrivate/PublickeysinSE• StorePKIcertificateissuedbyselectedCA(CertificateAuthority)inSE• Verify/authenticate/authorizetheuserbeforeallowinghimforparticular
mobileservice• LoadsensitivedataintotheSE- alsointhemostsecure,contactway• Collectdataaboutcustomersshoppinghabits
InlinewithsecurityStandards
28
• EMVchiptechnologyusedinasecureinfrastructurecansignificantlyreducefraud.EMVsystemhasprovedtobehighlyeffective
• Sincesoftware/cloudhascertainsecurityrisks,movingtheSEintohardwareprovidesmoresecurity
• InHCE(Hostcardemulation)mobilepaymentscarddataareplacedinthecloudandHCEisanenablerthatmakesitpossibleforapplicationresidinginamobiledevicetoworkincard-emulationmode.TokenizationaddssecuritytoHCE;butHCEandTEEsecurityhastobeproven
• LGMCardhasembeddedoneortwoSecurechipsthatmeetsGlobalPlatform(GP)specifications.PresenceofHWSecurechipenablesthestrongestHWauthentication1for• PhysicalstorageoffullcarddataonSecureelement• StorageofClientscertificatesenablingmoresecureaccesstoGovernmentalCloud,
HCEorwalletserversandtostoretokens
• LGMCardisinlinewithGovernmentofIndia– UseofAadhaare-KYCserviceofUIDAI2)
1) InlinewithPCIDSSRequirement8.3,February2017andGov.ofIndia,MinistryofElectronics&InformationTechnology,ORDERNo2(94)/2017– Cert-In-Pt.I,date:12.08.2017
2) GovernmentofIndiaMinistryofCommunicationsDepartmentofTelecommunications,FileNo.:800-29/2010-VAS(Vol.1),dated12thJune,2018
