Gemalto and Managing Secure Elements · 2015-10-07 · Gemalto and Managing Secure Elements ....
Transcript of Gemalto and Managing Secure Elements · 2015-10-07 · Gemalto and Managing Secure Elements ....
[email protected] Director of Mobile Financial Services Sales NORAM Mobile 1 512 2218778 Mobile NFC Mobile Money Mobile Payment Mobile Banking Mobile Wallet
Gemalto and Managing Secure Elements
Gemalto- Leader in Innovation and #1 in the world in SIM cards and OTA management
ª Over € 2 billion revenue 2011
ª Innovation:
§ 14 R&D centers worldwide § 1,500 digital scientists § 107 inventions first filed in 2011 § Over 4,200 patents and patent applications
ª Global footprint: § 18 production centers § 30 personalization facilities § 87 sales & marketing offices
ª Experienced team: § 10,000 employees § 90 nationalities § 45 countries
2
Mobile Communication
Secure Transactions
Security (IAM & Gov’t Programs)
27%
15%
58%
Gemalto’s Vision is to be Leader in Digital Security
3
Smart card technology uses a small computer and software with 100s of built-in security features...
... to create personal, portable security devices...
It can be used in contactless situations
It can be used in contact situations
Key Market Drivers § LTE (4G Network) § Mobile Financial Services
§ Mobile NFC § Mobile Payment § Mobile Money § Mobile Banking
§ EMV migration § Electronic Identities § Machine to Machine
Mobile NFC
(Provisioning Platform)
4
Two different Payment Solutions in the Market Cloud and non Cloud based. Gemalto is a Market leader in both solutions……
SE, SE management platform (MNO TSM), SE Applications
Issuance and lifecycle management (SP TSM)
Mobile Payment Platform
(Transaction Platform)
Mobile Wallet and Wallet Server (User Interface)
Cloud Based Proximity and Remote Payments
NFC Secure Element based Proximity Payments (non Cloud)
Focus of today’s presentation
Gemalto’s Holistic MFS Solution Converged at the Mobile Wallet Level
5
Gemalto NFC SIM
Gemalto Secure NFC applica4on
Visa / MasterCard Networks,
open loop payments
Issuance and post-‐issuance
MNO TSM
NFC Payment
Payment Transac4ons
Mobile Payment PlaCorm
MNO
SP TSM
Gemalto Mobile Wallet
e/m-‐Commerce
Peer-‐to-‐Peer
NFC ecosystem and Gemalto
6 6
NFC Phone Contactless Infrastructure
Service providers: Bank, transit, merchants…
Banking TSM Services (EMV)
UICC & SEs
Mobile Wallet
SE Applications
Mobile Network
TSM: Secure element and service management
Transit TSM Services (MF4M)
SE Mgmt (eSE, UICC, uSD)
Access (PIV, MiFare)
OTA (SMS, IP, CDMA, GSM, LTE)
Notion of Secure Element (SE)
" SE is a piece of hardware that hosts any NFC applications: mobile ticketing for transport, mobile payment, loyalty, P2P, etc.
" SE role is to guarantee that security is present during the whole NFC transaction
" SE can have different form factors: • SIM card • µSD card • EmbeddedSE (eSE) in the handset
7
Global Platform standard makes it possible for contactless applications !
8
Transport SD – SP SD
Ticket Subscription
User Info
Bank SD – SP SD
Credit Card
E purse Loyalty
TRANSPORT MNO BANK …
Issuer Security Domain - ISD
GSM USIM
MNO Servic
es
Events Ticketing
Smart Poster
Global Platform standard enables all applications to be managed securely on the single SIM card!
…
Current Release GP 2.2
TSM Classical Architecture
9
Public API
Custom Integration based on the APIs of
MNO components
SE allocation, lifecycle, and integration point
MNO-TSM NFC service provisioning and management
SP TSM
SP SP TSM 2
SP 1 Backend System
SP 2 Backend System
SP TSM MNO TSM
SE Issuer back-end
OTA
MNO MNO TSM 2
SP TSM Managed multiple services, Interface multiple MNOs
Gemalto Operation center
GP TSM Messaging / AFSCM API
Banking Security Zone
Credit / Debit
Pre-Paid
Mifare /DesFire
Loyalty Digital ID Digital ID
Coupon One Time Password
Calypso
SP TSM
10
Pay
men
t TS
M
SP Security Domain management
Lock & unlock
End of life
Post-perso (top-up, counter reset …)
SE & handset replacement
SP subscriber view
SDSP
012...012
X
Application provisioning and personalization
MNO TSM
Gem Operation center
TSM Messaging / AFSCM API MNO
Backend systems
MNO TSM
Banking Security Zone
Core TSM
11
MN
O TS
M (B
usiness Enabler)
Global SE control
MNO subscriber view
Single entry point for any TSM
Notifications
Token management
" Simple mode • The application download/install is managed by the MNO TSM • SP TSM manages the ordering of the applications being
downloaded, installed by MNO TSM
" Authorized mode • SP TSM is authorized to download/install the applications • Sends the notification to the MNO TSM for tasks performed
" Delegated mode • SP TSM takes care of the download/install of application in SE • Requires permission from MNOTSM for each task (Token)
" Personalization and post issuance use-cases are always
managed by SP TSM.
12
‘Card’ Deployment Modes
Card content management use cases
13
ª Service delivery (Simple mode) § SP TSM asks to MNO for Service application(s) Load § SP TSM asks to MNO for Service application(s) Install § SP TSM asks to MNO for Service application(s) Activate § SP TSM asks to MNO for Service application(s) Removal
ª Service delivery (Delegated management mode) § SP TSM asks to MNO for Tokens issuance and receipt verification
for Service application(s) Load § SP TSM asks to MNO for Tokens issuance and receipt verification
for Service application(s) Install (install and extradite) § SP TSM asks to MNO for Tokens issuance and receipt verification
for Service application(s) Activate (make selectable and update registry)
§ SP TSM asks to MNO for Tokens issuance and receipt verification for Service application(s) Removal
ª Service delivery (Dual mode management ) § TSM informs MNO is Starting to deliver a service § TSM informs MNO has finished to deliver a service
Notifications of SE and devices life cycle events
14
ª I have lost my handset with my SE § I would block all services on my current handset/SE and have
everything on my new handset/SE § Please notify also all my SP for which I have subscribed a
NFC service
ª My UICC has changed § Because I upgraded my old SIM § Because I accidentally locked my current one § Because I received a new UICC from my MNO
ª I want to change my handset § Update Midlet certificate * § Midlet re-install
ª My MSISDN has changed § Because I changed my account § Because I received a new UICC from my MNO
15 Confidential and Proprietary 5/23/12
Thank You