1 / 30

Survey on Smart Card & Mobile Payment

Survey on Smart Card & Mobile Payment. Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes. Contents. Introduction Methodology of Study Existing Payments Schemes Business Drivers Relation between SIM card & Smart Card Technological Trends Business Trends Conclusion. Introduction .

lihua
Télécharger la présentation

Survey on Smart Card & Mobile Payment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survey onSmart Card & Mobile Payment Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes KReSIT IIT Bombay

  2. Contents • Introduction • Methodology of Study • Existing Payments Schemes • Business Drivers • Relation between SIM card & Smart Card • Technological Trends • Business Trends • Conclusion KReSIT IIT Bombay

  3. Introduction Motivation • To understand the existing payment schemes. • To understand the role of smart card in retail payment. • To understand the security issues. Goal • To understand the future of retail payment. KReSIT IIT Bombay

  4. Methodology of Study • Collected the details about the existing payment schemes. • Surveyed Industry Standards for Payments. • Collected responses to questionnaire from focus groups. • Studied various types of smart cards. • Analyzed the relationship between smart card and SIM card. • Surveyed the Business Trends of M-Commerce and its future. KReSIT IIT Bombay

  5. Existing Payment Scheme Based on Value • Micro payments – less than 5$ • Medium Payments – Between 5$ - 25$ • Macro payments - above 25$ Based on Location • Remote Transaction – SMS, GPRS • Proximity Transaction – Bluetooth, RFID Based on Technology • Magnetic Strip card • Smart Card KReSIT IIT Bombay

  6. Smart card Payments • What is smart card? Smart card is a tamper proof plastic card with an embedded microchip that can be loaded with data. • Why smart card? • Security • Processing power • Memory KReSIT IIT Bombay

  7. Smart Card Security • OS and File Security File hierarchy – MF,DF,EF File security attributes • Access Rights Always(ALW) Card holder Verification 1 (CHV1) Card holder Verification 2 (CHV2) Administrative (ADM) KReSIT IIT Bombay

  8. Smart Card Security Hardware Security • All the data are store in EEPROM, so can be erased using unusual voltage • Data can be erased by exposure to UV rays • Heating the card in high temperature • Statistical Attack like Differential power analysis (DPA) KReSIT IIT Bombay

  9. Java Card The Java Card platform was designed and developed from the beginning specifically to enhance the security of smart cards. Advantages • Open Architecture Designed with Industry Experts • Java runtime environment (JRE) • Security Enhancements – transaction atomicity, Cryptography, Applet firewall • Code reusability (OOPS) & data integrity • Proven platform - Passed security evaluation by financial agencies, US Dept of Defense and US national security Agency. KReSIT IIT Bombay

  10. Mobile Commerce Definition: “Mobile commerce is the use the of mobile hand held devices to communicate, inform, transact and entertain using text and data via connection to public and private networks” (Lehman Brothers) “Mobile Commerce refers to any transaction with monetary value that is conducted via a mobile telecommunications network.” (Durlacher) KReSIT IIT Bombay

  11. Scheme of Mobile Payments • SMS Based Payments • WAP/GPRS • Reverse SMS Billing • Proximity Payments KReSIT IIT Bombay

  12. SMS Based Payments • Secure message in the form of SMS are used to transfer money from one user account to another • Use of PKI • Implementation e.g.: mCheque • Advantage: No account information is revealed KReSIT IIT Bombay

  13. WAP/GPRS based payments • Wireless Application Protocol (WAP) over GPRS mobiles are used • Similar to e commerce • Less risk involved • Cost for GPRS connectivity is reducing. • No changes in the existing business model KReSIT IIT Bombay

  14. Reverse SMS Billing • Definition: Provider over charge SMS from special numbers -(Premium SMS) • Separate Business Models are to be realized • Only small change in the existing set up • Advantage: No additional infra structure is required. • Applications: Digital contents like ring tones, music , video...etc KReSIT IIT Bombay

  15. Proximity Payments Definition: The trading parties are in the same vicinity. • Standardized interfacese.g. Infra red , Blue tooth • Supported Offline transaction • Cheaper solution for micro payments • High Risk • Separate Business Models & Infrastructure need to be implemented KReSIT IIT Bombay

  16. Business Drivers • Wider acceptance for GPRS/WAP enabled mobile devices • Mobile operators are looking for new revenue streams • Population of mobiles devices over PC • Average time to detect a mobile theft is 68 min over 26 hours for credit cards • More secure than conventional credit cards KReSIT IIT Bombay

  17. Relationship between SIM card and smart card • GSM specification11.11 defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM. • Any implementation of this standard can act as a SIM card in Mobiles. Implementation: • Java Card • Native Card KReSIT IIT Bombay

  18. Technology Trends • Research organizations & Focus groups are working on the effective standards. • Different Business Models (OSS & BSS) are being evaluated for its feasibility. • Emerging Wireless Technology - 3G, 2.5G • Advancement Mobile Phone Technology KReSIT IIT Bombay

  19. Business Trends Taken from “Towards A Holistic Analysis of Mobile Payments: A Multiple Perspectives Approach” by Jan Ondrus &Yves Pigneur KReSIT IIT Bombay

  20. Business Trends • Research reveals high potential market • New revenue stream for MNO’s • Opportunity for new comers - application developer, content providers …etc • High Penetration of mobile device • Lack of security in existing credit/debit card system KReSIT IIT Bombay

  21. Conclusion High Potential Market High Demand for “Killer Applications” MNO are looking for new revenue stream Customers willingness to experiment Merchants are looking for a standard OSS and standard based products Opportunity for new comers KReSIT IIT Bombay

  22. Thank You KReSIT IIT Bombay

  23. GSM Specifications KReSIT IIT Bombay

  24. GSM Specification • Defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM. • Any implementation of this standard can act as a SIM card in Mobiles KReSIT IIT Bombay

  25. GSM Characteristics • Physical Characteristics-electronic signals, supply voltage, transition protocol • Logical Model-logical structure of SIM, file structure. • Security Feature • File access condition • Description of Functionalities-functional description of commands and respective response, status condition, error code • Description of Commands-mapping the functions to APDU • Contents of Elementary files- elementary files for GSM session, access condition..etc • Application Protocol-list of standard operation between SIM and ME. KReSIT IIT Bombay

  26. GSM SIM Security Subscriber Identity Authentication • authenticate the identity of the mobile subscriber • The network issues a random challenge • Mobile Subscriber (MS) computes the response–using a one-way hash fn (A3 algo) using a authentication key which is unique to each subscriber • The Network also compute the response and compare with the response it receive from MS • The same mechanism is used to establish a cipher key Kc • This key is used to encrypt data and radio signal. (A8 Algo) • The two algorithms are combined into single algorithm called A38 KReSIT IIT Bombay

  27. GSM SIM Security User Signalling Data Confidentiality • The data is exclusive-or’d with the key Kc and transferred over the radio path. Subscriber Identity Confidentiality • This service is to hide the International Mobile Subscriber Identity (IMSI) • The service is based on Temporary MSI (TMSI) • The IMSI is mapped to TMSI • The TMSI is then encrypted with the cipher key Kc and send KReSIT IIT Bombay

  28. Smart Card Standards KReSIT IIT Bombay

  29. Smart card Standards • International Standards • ISO 7816:physical and elecrical characteristics as well as format and protocol for information exchange between the smartcard and reader. • European Telecommunication Standards Institute (ETSI): Standard for the GSM SIM to communicate with the mobile device KReSIT IIT Bombay

  30. Smart card Standards • Industry Standards • EMV:Euro pay, Master Cards & Visa defines a standard to allow safe ,easy electronic commerce standard • Mobile 3D:Visas international new global specification that ensure security of internet payments made over mobile phones. • Open card Framework: Provides an architecture and a set of API that enable application developer to build application in java which use smart card reader. • PC/SC: Personal computer/ Smartcard is a win 32 based specification to allow the manufactures to develop products independently. • CEPS : Common Electronic Purse Standard • Java Card KReSIT IIT Bombay

More Related