SlideShare uma empresa Scribd logo

2012 Accumulate Mobile Everywhere - Standard Product Description

Szymon Dowgwillowicz-Nowicki
Szymon Dowgwillowicz-Nowicki

Podstawowy opis produktu dla platformy uwierzyteniania płatności mobilnych Accumulate ME.

TecnologiaEconomia e finançasNegócios
1 de 46
Baixar para ler offline
Mobile Everywhere Standard product description – light version Accumulate 2011 Copyright 2011 Accumulate AB ME Standard Product Description
!"#$%$&'()$%*&+,( Date Version Status Description Author 2011-01-31 1.0 Final First Edition ( -..+&#"/(0,( Name Role Date Magnus Westling CTO 2011-02-01 ( ( ME Standard Product Description
1203"(&4(5&'*"'*% 1! Introduction to document 2! 1.1! About Accumulate 2! 1.2! Secure Mobile transactions 2! 1.3! Mobile Banking 3! 1.4! Mobile Payment 3! 1.5! Mobile security 4! 2! Mobile Everywhere 5! 2.1! Overview 5! 2.1.1! PDI and OTT processes 6! 2.1.2! Secure transaction system 6! 2.1.3! Transaction system 7! 2.1.4! Multi-tier system 7! 2.1.5! Ecosystem 7! 2.2! ME Services 7! 2.2.1! Service overview 7! 2.2.2! Mobile banking 7! 2.2.3! Secure credit card 8! 2.2.4! Mobile Payments 9! 2.2.5! Mobile security 11! 2.2.6! E-ID 11! 2.3! ME client 12! 2.4! ME core server 13! 2.5! ME ecosystem server 13! 3! ME system description 14! 3.1! Logical view 14! 3.2! Function description 14! 3.2.1! Enrolment 15! 3.2.2! Mobile banking 16! 3.2.3! Secure credit card 17! 3.2.4! Point of sale 19! 3.2.5! Online 21! 3.2.6! Person-to-person 23! 3.2.7! Man-to-machine 26! 3.2.8! Remittance 28! 3.2.9! Secure login 30! 3.2.10! Secure signature 32! 3.2.11! e-ID 34! 3.2.12! 3 factor authentication 38! 4! Security 40! 4.1! Threat and mitigation 41! 4.2! Mobile client security 41! 5! Scalability 43! ME Standard Product Description 1(44)
6 7'*+&/85*$&'(*&(/&589"'*( The purpose of this documentation is to give a complete overview of the company Accumulate, its solution Mobile Everywhere and the services that can be launched using Mobile Everywhere as the platform. This documentation begins with a presentation of the company. Thereafter follows an overview of the different mobile payment/banking services that exists in the marketplace today and a description of the services that can be launched using Accumulate’s solution for secure mobile transactions. The different functions and processes that make Accumulate’s solution unique will be described in detail. The last chapters of this documentation contain through descriptions of the architecture, the components and the system of Accumulate’s solution as a whole. 6:6 -0&8*(-5589832*"( Accumulate core business is development of online security solutions for mobile devices. The mission is to be a technology leader in secure mobile authentication and mobile financial services by using a mobile device. All development within Accumulate is performed with focus on highest security, ease-of-use, flexibility and lowest TCO for the customer. Accumulate currently holds 8 patents in securing mobile transactions. Milestones • Start 2004 • First mobile transaction platform (Flexion) commercial launch, 2004 • Consolidated to Accumulate 2005 • First pilot 2005 • Opening of UK office 2005 • Reaches 100 000 unique installations 2006 • Second mobile security platform (ME) commercial launch, 2007 • Reaches 1 000 000 unique installations 2007 • First in the world to go live with a 360 degree mobile payment service (June 2009) • Reaches 10 000 000 unique installations 2009 • Reaches 20 000 000 unique installations 2010 Accumulate is head quartered in Stockholm, Sweden, from where most of the operations and business development is run. Furthermore, Accumulate has offices in London and Beijing. 6:; <"58+"(=&0$3"(*+2'%25*$&'%( Accumulate’s solution is a multi-factor public key infrastructure (PKI) authentication platform where a thin smart security client application is installed on a verified client’s mobile device. The security client application communicates securely over tcp/ip with ME Standard Product Description 2(44)
a transaction server that in turn communicates with external systems through standard API’s. When a user starts the application a connection to the transaction server is established and the user’s identity is verified. Once verified, the user can perform various kinds of secure authentications. 6:> =&0$3"(?2'@$'A( The term mobile banking is widely interpreted, as there is no universal standard for what is included within the terminology. However, mobile banking is often synonymous with informational services (mobile banking 1.0). Accumulate sees mobile banking as an additional access channel to the traditional banking services whether they are informational or transactional (mobile banking 2.0). Accumulate’s solution enables an optimized security allowing the implementation of transactional services. With Accumulate’s Mobile Banking solution, banks can provide a more secure, flexible and feature rich communication/transaction channel and by that providing its customers with offers like: • Informational services • Money transfer (inter/intra bank) • Invoice payment • Additional services (notifications, branch/ATM locator, etc) The authentication method and the very high security features of Accumulate’s solution makes it a perfect companion for people on the move, providing the same functionalities as the banks Internet channel but without the need of a computer or hardware token. 6:B =&0$3"(C2,9"'*( Mobile payment has commonly been known as SMS payments or different person-to- person solutions generally covering only one payment situation (mobile payment 1.0). Accumulate’s solution moves mobile payment to a complete 360 degree mobile payment service, meaning that it covers all payment situations and this using one platform with the highest security foundation (mobile payment 2.0). • Contactless mobile payment - using RFID, Accumulate OTT, NFC stickers or NFC integrated phones • Person to person money transfers - secure, fast and easy way to perform money transfers transactions • Money remittance • Online payments • Vending machine payment ME Standard Product Description 3(44)
• Payment information services - get info direct on the mobile, balance, transaction history and even receipts of purchases • Other services - mobile ticketing, coupons and mobile loyalty card are examples of new and future services that can be enabled using Accumulate’s solution This illustration specifies the different components that Accumulate can provide to a mobile payment ecosystem. 6:D =&0$3"(%"58+$*,( Accumulate’s solution is based on industry security standards PKI. Adding unique and patented technology and processes and multi-factor authentication in combination with dual line communication gives Accumulate’s solution unparalleled security. By using Accumulate’s solution, banks can avoid many of the security issues in today’s transaction environment such as data integrity online, man-in-the- middle issues and phishing. ME Standard Product Description 4(44)
; =&0$3"(E#"+,F)"+"( ;:6 G#"+#$"F( Mobile Everywhere (hereafter ME) is the name of Accumulate’s solution and is a complete platform for mobile secure transactions. ME is a multi-tier solution for multiple services built upon a generic secure transaction and security basics. The basic concept is a connected mobile client that holds a secure and identified connection to a transaction server. The client (an application downloaded over the air, OTA) with its secure channels to the server becomes a Safe Frame in which secure transactions can be executed. The flexibility of ME makes it possible for the service provider at the server side to add and revoke services. The client is an important security entity but regarding services and graphic user interface (GUI), it is just a thin client displaying server side services and GUI. Services can be of two generic types: local services or eco system services. Local services are directly integrated in the ME core and global eco system services are integrated to an eco system component. ME is composed of a client application, local server side components and global server side eco system components. ME has several advantages; • Security – ME has many security advantages over other solutions such as dual line communication and the “sign what you see” functionality. ME also abolish many of the security issues in today’s transaction environment such as data integrity online, man-in-the-middle issues and phishing of id & password. • User friendliness – All services are focused on being easy to use and minimizing the procedure for the end user to execute transactions and other actions • Independency – ME works independently of operator, SIM-card, network type, subscription type or make- and model of handset. • Cost efficiency – Cost savings in hardware and distribution compared to current solutions. Furthermore there is no transaction cost (example. compared with OTP via SMS or scratch card). Using ME, cost associated with fraud attacks can be decreased. • Speed – ME qualifies for a transaction environment where speed is of essence for instance in a point of sales environment. • Flexibility - Within the ME platform many services in mobile payment, mobile banking and other mobile security transactions can be enabled. ME virtually supports all mobile phones released since 2004, the minimum requirement is Java MIDP2 phones since the application always connect to the Internet using a socket. The terminal database currently holds more than 4500 ME Standard Product Description 5(44)
different mobile phone models and is continuously being updated as new models are released. Supported platforms are: ! iPhone ! Android ! BlackBerry ! Symbian ! Windows Mobile ! Java ME ;:6:6 CH7(2'/(G11(.+&5"%%"%( Accumulate uses two different patented processes for authentication; One-Time- Ticket (OTT), or a process defined as Predefined Identity (PDI). The server sends an OTT to the mobile security application. Authentication is executed by communicating the one time ticket to the authentication party. An authentication party could be a web service, a point of sales terminal or a login page. The authentication party is connected back-end to the transaction server, which matches the OTT from the authentication party with the stock of valid OTT’s at that time. When the transaction server finds a match, it sends the details of the transaction to the mobile device for confirmation. An OTT is only valid for a short period of time. The other process is the PDI where the authentication is executed by the user entering a pre-defined identity at the authentication party. The identity is already predefined at the server. The authentication party is connected back-end to the transaction server, which matches the PDI with the PDI’s defined at the server. When a valid PDI is matched, a confirmation request is sent to the users’ mobile device with the details of the transaction. ;:6:; <"58+"(*+2'%25*$&'(%,%*"9( ME is specially designed to handle secure transactions; the high security level is accomplished through the ME client that communicates in a secure way with the ME Transaction Server. By having a secure and identified enrolment process where the user is identified and the two-factor authentication (2FA) in the authentication process, the integrity of the user is kept. Several layers of secure methods help to retain this integrity and further strengthen that the system ensures that only the person that is registered to the service and the owner of the mobile device can access and use the functionality of the service. ME Standard Product Description 6(44)
;:6:> 1+2'%25*$&'(%,%*"9( ME is apart from a secure transaction system also a high capacity transaction system. This is accomplished by having a layered and multi- threaded architecture with maximum possibilities to scale. The high performance transaction system means that it is built for large scale expansion and scaling without limitations, but at the same time withholding the transaction integrity. ;:6:B =83*$I*$"+(%,%*"9( ME is designed with the allowance of interaction between multiple instances. This facilitates the creation of an eco-system consisting of different services and service providers. This means that ME is prepared as a multi-tier system where more instances can be added. This makes the ME extremely scalable and flexible in its design. ;:6:D E5&%,%*"9(( The ME solution is prepared with an Inter Transaction Router (ITSR) that can route transactions between different issuers and acquirers, an Other Service Router (OSR) that routes transactions to different service providers and an e-ID router to direct signatures and authentications. This means that all mobile payment services, other services and the e-ID service can be used both as proprietary services and as ecosystem services. ;:; =E(<"+#$5"%( ME Services cover all the different services that can be performed within the ME platform. Furthermore, ME Services describe the client and different types of servers along with the security features. ;:;:6 <"+#$5"(&#"+#$"F( Mobile banking Secure credit card Point of sale (POS) Person-to-person money transfer Online payments Man-to-machine Remittance Other services Login Signature e-ID ;:;:; =&0$3"(02'@$'A( Using ME, banks can provide its customers with a more secure, flexible and feature ME Standard Product Description 7(44)
rich mobile banking service that can be used as a communication/transaction channel. Due to the security features of the security client application it is possible to securely provide traditional mobile banking services (informational services) but the provision of transactional servicers that requires a higher security is also possible. Accumulate’s mobile banking solution empowers financial institutions to provide all Internet banking services in the mobile channel. !"!"!"# $%&'()*+,'%-./(0,1/.- Informational services is divided into account information which is information regarding the account holders specific account and general information which is universal information regarding the bank. All these informational services are today widely regarded as mobile banking. !"!"!"#"# $%%&'()*+(,&-./)+&(* • Balance statement • Transaction history • Payment notifications • Online purchase notifications • Abroad purchase notifications • Withdrawals notifications • Transactions notifications • Fraud alerts • Bonus/loyalty points • Access to loan statements • Access to card statements • Real-time stock quotes • PIN provision, change of PIN • Blocking of (lost, stolen) card !"!"!"#"! 01(1-/2*+(,&-./)+&(* • Offers • Current bank related news • ATM locator • Branch locator !"!"!"! 2(*%.*1+,'%*3-./(0,1/.- Transactional services are services that allow the user to execute monetary transactions within the mobile banking solution. Examples of transactional services are: • Inter/intra bank transfers • Bill payment • Stock/fund trading ;:;:> <"58+"(5+"/$*(52+/( The services within Secure Credit Card are aiming to increase the security of online ME Standard Product Description 8(44)
card purchases while simplifying the procedure for the end user. !"!"4"# 456-./17(/- Verification of the online purchase in the mobile phone, the 3-D secure service eliminates the need of a 3-D secure hardware token. Not only does this service reduce cost in hardware and distribution it also simplifies the purchase procedure for the end user since the verification device is the mobile phone: a device that is always available to the user. !"!"4"! 8%/-+,)/-1(/9,+-1*(9-:82;;<- The OTCC is a service that generates a one time card number for online purchases. This service drastically decreases fraud as the card number becomes obsolete after the purchase. The OTCC number is generated in the mobile application consisting of the issuer identifying number along with a one-time ticket. When the purchase is being processed the verification of the purchase is executed in the mobile application allowing the user only to have the phone as a device for the online purchase. !"!"4"4 8%/-+,)/-+,1=/+-5-1(/9,+-1*(9- The OTT service is a service that completely eliminates the need of sensitive information being entered at the online merchant site. The only information being given at the online merchant is the one time ticket generated in the application. When the purchase is being processed the verification of the purchase is also executed in the application. In order to be able to introduce the OTT service, merchants needs to complete minor modifications to its checkout page to be able to accept OTT payments and a credit card or account needs to be linked to the application. ;:;:B =&0$3"(C2,9"'*%( Using ME as the platform, a 360° mobile payment service can be provided. This means that all the different payment situations including point of sale purchases, online payments, person-to-person transfers and man-to-machine payments are supported. Additionally, ME’s mobile payment solution supports a great variety of other services ranging from ticketing to purchase codes etc. In other words, ME can be used to provide three different areas within the scope of mobile payments: proximity payments, remote payments and other services. !"!">"# ?('@,),+A-B*A)/%+.- Proximity payments are transactions being executed in nearness of the payee and with an interaction between the payer and the payee. !"!"3"#"# 4&+()*&,*5/21* A point of sale transaction can be executed either via integrated NFC, NFC sticker1 or via one-time-ticket. Since ME supports the OTT process, it is enabled to serve as a bridging solution for NFC point of sale purchases until the roll out of NFC handsets and point of sale terminals has been completed. 1 Integrated NFC and NFC stickers are different forms of predefined identity authentications. Please see section 2.1.1 ME Standard Product Description 9(44)
!"!"3"#"! 6(2+(1* The online payment service enables the end user to pay at online merchants. This transaction is based on the OTT process. Today, online purchases are often done by providing the payment receiver with sensitive credit card information. By using OTT, this information sharing and the associated risks are eliminated. !"!"3"#"7 41-5&(8)&891-5&(*)-/(5,1-* The P2P service enables end users to execute monetary transfers between accounts only using the telephone number or an OTT as the identifier. The sender as well as the recipient needs be in active state (initiated payment) in order to execute the transfer, this in order to eliminate transfers to the wrong recipient. !"!"3"#"3 :/(8)&8./%;+(1* The man-to-machine service allows end users to execute payments to different types of machines i.e. vending machines, parking meters, charging poles etc. The OTT process is used to complete the payment. The machine only needs to be equipped with embedded connected software, to be able to receive online transactions. !"!">"! C/)'+/-?*A)/%+.- !"!"3"!"# <1.+))/(%1* The remittance service enables end users the opportunity to send monetary transfers. The service can be applied for internal as well as cross border remittance. This service is very similar to the person-to-person service with the difference being that the sender and the receiver are at different locations and that the receiver does not need to be in an active state. !"!">"4 8+D/(-./(0,1/.- The area other services is composed of non-traditional payment services along with additional features. Other services eco systems where a service provider (SP) can enter are presented below. !"!"3"7"# =+%>1)+(?* The ticketing service is an in-application2 payment method where the end user buys and receives the ticket within the application. This does not only simplify the purchase procedure for the end user but also enhances the validation possibilities for the seller due to the possible incorporation of barcode and OTT verification. Examples of tickets can be public transportation, events and more. !"!"3"7"! @&)+(?* Voting is an in-application payment method where the end user can purchase votes for TV shows such as Idol (or other similar shows where voting from the audience and the viewers is common). The service also has the possible to use dimension voting, where the voter can grade its vote i.e. on a scale 1-5, which generates more votes and therefore also revenue streams. 2 In-application is defined as an application that is downloaded to the users phone with all the functionalities embedded ME Standard Product Description 10(44)
!"!"3"7"7 A&B/2)B* The loyalty feature is an in-application that the end user can connect their different loyalty programs to, in order to earn points on purchases. It is also possible to use points to complete purchases. !"!"3"7"3 4'-%;/51*%&C15* The purchase code payment method allows the user to, within an in-application, purchase merchandise that has been promoted with a certain purchase code in for example magazines, billboards, TV commercial etc. The end user simply enters the purchase code in the application and the merchandise will be sent to the registered address. !"!"3"7"D E&'9&(5* The coupon feature enables the user to consume its digital coupons received trough different loyalty programs or special hand-out offers. ;:;:D =&0$3"(%"58+$*,( !"!"E"# F/17(/-3'G,%- The secure login service replaces security solutions, such as security tokens, one- time pass codes and digital certificates and gives banks a secure and cost efficient authentication solution. The secure login service enables the end user to use its mobile phone as the security device: Since the mobile phone is a device that the end user carries with him/her at all times, using the mobile phone as a security device will increase the accessibility to the internet bank and also eliminate costs associated with manufacturing and distribution of hardware. . !"!"E"! F/17(/-.,G%*+7(/-- The signature service allows the end user to sign different actions taken within the mobile application. Actions that can be used for signing is different types of transactions, increasing/decreasing credit limits, loan applications etc. The service provides a complete “Sign what you see” experience and is compliant with EU Directive 1999/93/EC of advanced electronic signature giving the end user a complete overview of the exact data he/she is signing. ;:;:J EI7H( The e-ID solution basically consists of secure login and secure signature but with the addition of eco-system components in order to be able to function in a global eco- system. ME Standard Product Description 11(44)
;:> =E(53$"'*( The ME client is a thin application (previously in this documentation defined as a security client application but from now on defined as the “safe frame”) consisting of different security features that creates a safe frame which is a connected security application that is installed on the end users mobile device. The client safe frame is a thin client with sophisticated security features which connects to the ME core server. The safe frame enables the user to perform transactions in a secure way. Key features • Security application installed over the air • True PKI secure client • Thin client • Advanced security features • Pin code protected • Connects to transaction server when started • Instant provisioning • GUI controlled from server • Flexibility in terms of branding • Supports most handsets The Safe Frame can also be implemented as a library on to existing mobile banking applications. By doing so, a security layer on the existing mobile banking solution is attached, allowing for the execution of transactional services. ME Standard Product Description 12(44)
;:B =E(5&+"(%"+#"+( The ME core server manages the integrity of each user and each client safe frame. It is an integral part of the security and service enabled trough the ME client the core transaction server is flexible in terms of configurations and new services. Key features • Advanced security features • Flexibility in terms of configuration • Flexibility in terms of branding • Instant provisioning of new services • Scalability ;:D =E("5&%,%*"9(%"+#"+( The ecosystem server components enable routing of transactions in a multiple system with several independent service providers in one common ecosystem. There are several components within the ecosystem server: • Inter transaction router (ITSR) is the component that enables routing of authentication transactions in a multiple system and handles integrations to banks for account integration and enrolment. • Other service router (OSR) is connecting different service provider as well as routing components that enables routing other services transaction such as ticketing and loyalty programs. • The electronic ID router is a routing component for signatures and authentications in an electronic ID ecosystem. ME Standard Product Description 13(44)
> =E(%,%*"9(/"%5+$.*$&'( >:6 K&A$523(#$"F( The logical view below explains the structure of the services offered within the ME platform. The services can be of two generic types: local services or eco system services. Local services are directly integrated in the transaction server and global eco system services are integrated to an eco system component. >:; L8'5*$&'(/"%5+$.*$&'( The functional description defines the user experiences of the different services and other functionalities like enrolment and 3-factor authentication. All the services do need integration towards external systems in order to be operational. ME Standard Product Description 14(44)
>:;:6 E'+&39"'*( This section defines the user experience for enrolment trough a website. 1. The user enrols to the mobile solution 2.The banks site displays an activation trough the banks website by entering code for the mobile application his/her MSISDN (mobile telephone number) 3.The user downloads that application 4.The user enters the activation code and chooses its PIN *Note that the enrolment process might differ for different operating systems. ME Standard Product Description 15(44)
>:;:; =&0$3"(02'@$'A( This section describes the user experience for an informational mobile banking service 1. The user initiates the application; RSA 2.The user chooses account balance key and IMEI verification is executed and the user enter his/her PIN. 3. The application displays the current account balance ME Standard Product Description 16(44)
>:;:> <"58+"(5+"/$*(52+/( This section describes the user experience of a 3-d secure purchase. 1. The user initiates the application; RSA 2.The user chooses secure credit card key and IMEI verification is executed and the user enter his/her PIN. 3. The card is activated for purchases 4. The user chooses the item to buy and enters the credit card information at the merchant site 5. The merchant site requests the user to 6. Information regarding merchant, item verify the purchase in the mobile and price are displayed in the mobile application application and the user verifies the purchase by entering his/her PIN ME Standard Product Description 17(44)
7.The status of the purchase is displayed 8. The status of the purchase is in the mobile application displayed at the merchants’ site ME Standard Product Description 18(44)
>:;:B C&$'*(&4(%23"( This section describes the user experience for a POS purchase. 1. The user initiates the application; RSA 2.The user chooses Payment key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application informs the 4.The user either swipes the phone over user to either use NFC or the OTT the point of sale terminal or gives the process in order to initiate the purchase merchant the OTT ME Standard Product Description 19(44)
5.Information regarding merchant, item 6.The status of the purchase is displayed and price are displayed in the mobile in the mobile application application and the user verifies the purchase by entering his/her PIN 7.The point of sale terminal prints the receipt of the purchase ME Standard Product Description 20(44)
>:;:D G'3$'"( This section defines the user experience for an online purchase using an OTT. 1. The user initiates the application; RSA 2. The user chooses Payment key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application displays an 4.The user chooses the item to buy and OTT valid for the transaction enters the OTT at the merchant site 5.The merchant site requests the user to 6.Information regarding merchant, item verify the purchase in the mobile and price are displayed in the mobile application application and the user verifies the purchase by entering his/her PIN ME Standard Product Description 21(44)
7.The status of the purchase is displayed 8.The status of the purchase is displayed in the mobile application at the merchants’ site ( ME Standard Product Description 22(44)
>:;:J C"+%&'I*&I."+%&'( This section defines the user experience for a person-to-person transfer. 1. The user initiates the application; RSA 2.The sender and the receiver chooses key and IMEI verification is executed and person-to-person transfer the user enter his/her PIN. 3.The sender chooses send money 4.The receiver chooses receive money ME Standard Product Description 23(44)
5.The sender enters amount of the 6.The receiver communicates his/her transfer MSISDN or the OTT to the sender 7.The sender enters the MSISDN or the 8.The sender mobile application displays OTT the information regarding the transfer and asks the sender to verify it with its PIN ME Standard Product Description 24(44)
9.The status of the transfer is displayed 10.The status of the transfer is displayed in the senders’ mobile application in the receivers’ mobile application ME Standard Product Description 25(44)
>:;:M =2'I*&I925)$'"( This section defines the user experience for a man-to-machine purchase, in this case a vending machine. 1. The user initiates the application; RSA 2.The user chooses vending machine key and IMEI verification is executed and purchase the user enter his/her PIN. 3. The user enters the serial number of 4. The mobile application returns with the the machine in the mobile application information about the location of the machine and asking for the amount to transfer along with the verification with the PIN ME Standard Product Description 26(44)
5.The status of the transfer is displayed 6.The user can now, depending on the in the mobile application service of the machine choose which product/service to collect ME Standard Product Description 27(44)
>:;:N !"9$**2'5"( This section defines the user experience for a remittance. 1. The user initiates the application; RSA 2.The user chooses remittance key and IMEI verification is executed and the user enter his/her PIN. 3. The sender enters the amount 4. The sender enters the recipients MSISDN ME Standard Product Description 28(44)
5.If the receiver isn’t in active state 6.The sender mobile application displays (initiated application) the sender receives the information regarding the transfer information about it and asks the sender to verify it with its PIN 7.The status of the transfer is displayed in the senders mobile application ME Standard Product Description 29(44)
>:;:O <"58+"(3&A$'( This section defines the user experience for login. 1. The user initiates the application; RSA 2.The user chooses Login key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application displays an 4. The user enters the OTT at the OTT valid for the login website ME Standard Product Description 30(44)
5.The site requests the user to verify the 6.Information regarding which website login in the mobile application the user attempts to login to is displayed in the mobile application and the user verifies the login by entering his/her PIN 7.The mobile application confirms the 8. The user is now logged in at the login. website ME Standard Product Description 31(44)
>:;:6P <"58+"(%$A'2*8+"( This section defines the user experience for a secure signature. 1. The user initiates the application; RSA 2. The user chooses signature key and IMEI verification is executed and the user enter his/her PIN. 3. Signature mode is activated 4. On the website the user confirms to go ahead and sign an action ME Standard Product Description 32(44)
5. The site requests the user to verify the 6. The user receives the information action in the mobile application regarding the action he/she want to sign, and is asked to verify it with its PIN 7. The status of the signature is 8. The status of the signature is displayed in the mobile application displayed at the website ME Standard Product Description 33(44)
>:;:66 "I7H( 4"!"##"# H7+D/%+,1*+,'%- This section defines the user experience for a login with an e-ID. 1. The user initiates the application; RSA 2.The user chooses Login key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application displays an 4. The user enters the OTT at the OTT valid for the login website ME Standard Product Description 34(44)
5.The site requests the user to verify the 6.Information regarding which website login in the mobile application the user attempts to login to is displayed in the mobile application and the user verifies the login by entering his/her PIN 7. The mobile application confirms the 8. The user is now logged in at the login. website ME Standard Product Description 35(44)
4"!"##"! F,G%*+7(/- This section defines the user experience for a signature with an e-ID. 1. The user initiates the application; RSA 2. The user chooses signature key and IMEI verification is executed and the user enter his/her PIN. 3. Signature mode is activated 4. On the website the user confirms to go ahead and sign an action ME Standard Product Description 36(44)
5. The site requests the user to verify the 6. The user receives the information action in the mobile application regarding the action he/she want to sign, and is asked to verify it with its PIN 7. The status of the signature is 8. The status of the signature is displayed in the mobile application displayed at the website ME Standard Product Description 37(44)
>:;:6; >(425*&+(28*)"'*$52*$&'( This section defines the user experience of the 3 factor authentication solution that can be applied for application login, site login or signature. 1. The user initiates the application; RSA 2. The user chooses verify voice key and IMEI verification is executed and the user enter his/her PIN. 3. The user presses the start recording 4. The user verifies his/her voice by button recording the text being displayed in the mobile application ME Standard Product Description 38(44)
5.The mobile application displays the result of the voice verification *Note that an enrolment of the voice is necessary prior to being able to execute voice verification ME Standard Product Description 39(44)
B <"58+$*,( The basic idea behind the ME solution is to use a secure connection to a mobile phone to authenticate a user. To obtain a high security level it is crucial to first create a secure and safe origin authentication and then in a very secure manner contain and reuse that origin authentication. The ME system uses, in its current version, a 2FA (2 Factor Authentication) to obtain the secure link to the origin authentication. The two factors used are: • Something you have. In this case the identity of the application installed in a specific phone, with a specific MSISDN, where a specific set asymmetric keys is stored. The asymmetric keys are a common RSA key set. The private part is stored on the mobile device and the public key stored on the server (as of standard PKI). • Something you know. A PIN-code/pass phrase with any length and a possible variation of digits and characters. The PIN/Pass phrase is always validated on the server side to avoid brute forcing. It is possible to implement any biz logic and rules for PIN/pass phrase use and reuse. The ME solution is built with a true secure connection between the server (TS) and the client. Within that secure channel different services can be offered the user. This concept is called Safe Frame and is a key basic for the security in ME The unsymmetrical keys stored in the client are stored in the common memory space integrated with the client SW. In the ME solution the unique client SW with its unsymmetrical keys are bound to the mobile phone and the operator and MSISDN. By doing that it is ensured that the application and the keys cannot be moved or copied for use in other devices. This ensures that the right device must be used and prevents mass fraud. The ME solution is built to be able to use multiple unsymmetrical keys and multiple certificates. This means that every single service can have its own keys and certificates. ME has an advanced security architecture and the security level is achieved both by its technical design, by the technical components but also by its processes. ME is a 2-factor solution using a private key infrastructure for the communication between the application and the server. ME stores the private keys in the application. The private keys are protected by a number of checks that are processed when a client connects to the server side to ascertain the integrity of the application and the user. Another important security component is that ME uses two simultaneous communication lines to execute an authorization. A third factor using biometric properties can be added to the solution such as voice or face recognition. ME Standard Product Description 40(44)
B:6 1)+"2*(2'/(9$*$A2*$&'( Threat Possibility Mitigation Stolen phone + security Possible PIN Control, Revoke application Stolen phone + security Unlikely Revoke application + pin Stolen security application Very unlikely PIN Control, IMEI, SIM validation Stolen security application Very unlikely PIN Control, IMEI, SIM + pin validation Stolen security application Very unlikely PIN Control, IMEI, SIM + PIN + IMEI validation Stolen client application + Very unlikely Prefix OTT PIN + IMEI + Proxy install Stolen client application + Very unlikely 3 factor authentication PIN + IMEI + Proxy install B:; =&0$3"(53$"'*(%"58+$*,( Each client application is uniquely distributed and contains a unique identity combined with a private RSA keys, the size of the keys varies from 512 bit to 2048 bit depending on the speed of the target handset. The keys in combination with the identity of the application are used to establish a secure 256-bit AES encrypted connection with the server. The server controls which key size to use, depending on the phone model. The connection with the server is socket based, not HTTP, in order to avoid the risk of “session hijacking”. The client application can be seen as a tiny browser with built-in client certificate authentication and locked with a pin code. The clients are also linked to the phones serial number and implement processes to verify the SIM to prevent future attacks like Trojans and key loggers on mobile devices. This makes the software based certificate in the client “hard” preventing use on another device. An Accumulate developed TCP server handles the connection with the clients using only asynchronous IO to allow many connections without using a lot of application threads. Any number of TCP servers can be deployed (using a load balancer) and the TCP server is communicating with the core components using EJB. ME Standard Product Description 41(44)
The core components can communicate back with the TCP server to push confirmation to a user directly on the socket channel. ME Standard Product Description 42(44)
D <52320$3$*,( ME is, both from an application and an infrastructure point of view, totally scalable. It is possible to add any number of ME server instances, and each server can have unlimited number of users connecting. There are no bottlenecks when it comes to transactions. Vertical scaling is normally not applicable; the only time where it might be the best scaling method is when more memory database storage is required but without actual need of more CPU capacity. In this situation, a simple upgrade of RAM memory is the most efficient upgrade. Normally, horizontal scaling is used to improve capacity even though the most common method to improve performance is code or configuration improvements. Load balancing is done through Linux Virtual Server using direct routing (DR) and using keep alive as heartbeat between the master and the slave. This allows addition of virtually any number of real servers without the load balancer being a bottleneck. ME Standard Product Description 43(44)
ME Standard Product Description 44(44)

Recomendados

Advanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMAdvanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMIRJET Journal
 
New Banking to the Unbanked
New Banking to the UnbankedNew Banking to the Unbanked
New Banking to the UnbankedCommonwealth Telecommunications Organisation
 
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System The Fact-Finding Security Examination in NFC-enabled Mobile Payment System
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
 
Security issues in_mobile_payment
Security issues in_mobile_paymentSecurity issues in_mobile_payment
Security issues in_mobile_paymentProf. Dr. K. Adisesha
 
Cidway Secure Mobile Access Transactions Short 05 12
Cidway Secure Mobile Access Transactions Short 05 12Cidway Secure Mobile Access Transactions Short 05 12
Cidway Secure Mobile Access Transactions Short 05 12lfilliat
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET Journal
 
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTijcsit
 
Pay-Cloak:Biometric
Pay-Cloak:BiometricPay-Cloak:Biometric
Pay-Cloak:Biometricijtsrd
 

Mais conteúdo relacionado

Mais procurados

Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
 
Accessing pay buy mobile model
Accessing pay buy mobile modelAccessing pay buy mobile model
Accessing pay buy mobile modelArief Gunawan
 
IDGate: One Solution for All EKYC Needs
IDGate: One Solution for All EKYC Needs IDGate: One Solution for All EKYC Needs
IDGate: One Solution for All EKYC Needs Nadine A. Jaafar
 
Report on smartcard lalsivaraj
Report on smartcard lalsivarajReport on smartcard lalsivaraj
Report on smartcard lalsivarajLal Sivaraj
 
Ieee+Hardware+List+2009
Ieee+Hardware+List+2009Ieee+Hardware+List+2009
Ieee+Hardware+List+2009pavan
 
Mobile based authentication and payment
Mobile based authentication and paymentMobile based authentication and payment
Mobile based authentication and paymentJosef Noll
 
The achilles heel of GPN Card implementation
The achilles heel of GPN Card implementationThe achilles heel of GPN Card implementation
The achilles heel of GPN Card implementationidsecconf
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobileUvaraj Shan
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordIOSR Journals
 
Secure Authentication for Mobile Banking Using Facial Recognition
Secure Authentication for Mobile Banking Using Facial RecognitionSecure Authentication for Mobile Banking Using Facial Recognition
Secure Authentication for Mobile Banking Using Facial RecognitionIOSR Journals
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Datacard
 
137.gsm, fprs ,keypad_based_atm_security_(doc)
137.gsm, fprs ,keypad_based_atm_security_(doc)137.gsm, fprs ,keypad_based_atm_security_(doc)
137.gsm, fprs ,keypad_based_atm_security_(doc)Karteek Irukulla
 

Mais procurados (18)

Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...
 
Accessing pay buy mobile model
Accessing pay buy mobile modelAccessing pay buy mobile model
Accessing pay buy mobile model
 
IDGate: One Solution for All EKYC Needs
IDGate: One Solution for All EKYC Needs IDGate: One Solution for All EKYC Needs
IDGate: One Solution for All EKYC Needs
 
SIM Card Overview
SIM Card OverviewSIM Card Overview
SIM Card Overview
 
Report on smartcard lalsivaraj
Report on smartcard lalsivarajReport on smartcard lalsivaraj
Report on smartcard lalsivaraj
 
Ieee+Hardware+List+2009
Ieee+Hardware+List+2009Ieee+Hardware+List+2009
Ieee+Hardware+List+2009
 
Mobile based authentication and payment
Mobile based authentication and paymentMobile based authentication and payment
Mobile based authentication and payment
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
 
raonsecure_en_min
raonsecure_en_minraonsecure_en_min
raonsecure_en_min
 
The achilles heel of GPN Card implementation
The achilles heel of GPN Card implementationThe achilles heel of GPN Card implementation
The achilles heel of GPN Card implementation
 
Two aspect authentication system using secure mobile
Two aspect authentication system using secure mobileTwo aspect authentication system using secure mobile
Two aspect authentication system using secure mobile
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time Password
 
Secure Authentication for Mobile Banking Using Facial Recognition
Secure Authentication for Mobile Banking Using Facial RecognitionSecure Authentication for Mobile Banking Using Facial Recognition
Secure Authentication for Mobile Banking Using Facial Recognition
 
Mobile Financial Services
Mobile Financial Services Mobile Financial Services
Mobile Financial Services
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
christopher owoicho project
christopher owoicho projectchristopher owoicho project
christopher owoicho project
 
Project falcon1
Project falcon1Project falcon1
Project falcon1
 
137.gsm, fprs ,keypad_based_atm_security_(doc)
137.gsm, fprs ,keypad_based_atm_security_(doc)137.gsm, fprs ,keypad_based_atm_security_(doc)
137.gsm, fprs ,keypad_based_atm_security_(doc)
 

Semelhante a 2012 Accumulate Mobile Everywhere - Standard Product Description

Design and develop authentication in electronic payment systems based on IoT ...
Design and develop authentication in electronic payment systems based on IoT ...Design and develop authentication in electronic payment systems based on IoT ...
Design and develop authentication in electronic payment systems based on IoT ...TELKOMNIKA JOURNAL
 
IRJET- A Mobile Payment System Based on Face Recognition
IRJET- A Mobile Payment System Based on Face RecognitionIRJET- A Mobile Payment System Based on Face Recognition
IRJET- A Mobile Payment System Based on Face RecognitionIRJET Journal
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.IRJET Journal
 
What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)Thinksoft Global
 
Secure E-Banking with KOBIL technologies
Secure E-Banking with KOBIL technologiesSecure E-Banking with KOBIL technologies
Secure E-Banking with KOBIL technologiesmarketingkobil
 
Analysis of Security Algorithms used in E-Commerce and ATM Transactions
Analysis of Security Algorithms used in E-Commerce and ATM TransactionsAnalysis of Security Algorithms used in E-Commerce and ATM Transactions
Analysis of Security Algorithms used in E-Commerce and ATM TransactionsIJERD Editor
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET Journal
 
IRJET- Biometric based Bank Locker System
IRJET- Biometric based Bank Locker SystemIRJET- Biometric based Bank Locker System
IRJET- Biometric based Bank Locker SystemIRJET Journal
 
IRJET- Guarded Remittance System Employing WANET for Catastrophe Region
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET- Guarded Remittance System Employing WANET for Catastrophe Region
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET Journal
 
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET Journal
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
Virtual banking system using iot
Virtual banking system using iotVirtual banking system using iot
Virtual banking system using iotDeva67SS
 

Semelhante a 2012 Accumulate Mobile Everywhere - Standard Product Description (20)

Design and develop authentication in electronic payment systems based on IoT ...
Design and develop authentication in electronic payment systems based on IoT ...Design and develop authentication in electronic payment systems based on IoT ...
Design and develop authentication in electronic payment systems based on IoT ...
 
IRJET- A Mobile Payment System Based on Face Recognition
IRJET- A Mobile Payment System Based on Face RecognitionIRJET- A Mobile Payment System Based on Face Recognition
IRJET- A Mobile Payment System Based on Face Recognition
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.
OCR DETECTION AND BIOMETRIC AUTHENTICATED CREDIT CARD PAYMENT SYSTEM.
 
Ijetr042177
Ijetr042177Ijetr042177
Ijetr042177
 
What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)
 
Project falcon1
Project falcon1Project falcon1
Project falcon1
 
Cork v soft corporate - An Overview
Cork v soft corporate - An OverviewCork v soft corporate - An Overview
Cork v soft corporate - An Overview
 
Enforcing Set and SSL Protocols in E-Payment
Enforcing Set and SSL Protocols in E-PaymentEnforcing Set and SSL Protocols in E-Payment
Enforcing Set and SSL Protocols in E-Payment
 
Secure E-Banking with KOBIL technologies
Secure E-Banking with KOBIL technologiesSecure E-Banking with KOBIL technologies
Secure E-Banking with KOBIL technologies
 
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
Dynamic Key Based User Authentication (DKBUA) Framework for MobiCloud Environ...
 
Analysis of Security Algorithms used in E-Commerce and ATM Transactions
Analysis of Security Algorithms used in E-Commerce and ATM TransactionsAnalysis of Security Algorithms used in E-Commerce and ATM Transactions
Analysis of Security Algorithms used in E-Commerce and ATM Transactions
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_en
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTP
 
IRJET- Biometric based Bank Locker System
IRJET- Biometric based Bank Locker SystemIRJET- Biometric based Bank Locker System
IRJET- Biometric based Bank Locker System
 
IRJET- Guarded Remittance System Employing WANET for Catastrophe Region
IRJET- Guarded Remittance System Employing WANET for Catastrophe RegionIRJET- Guarded Remittance System Employing WANET for Catastrophe Region
IRJET- Guarded Remittance System Employing WANET for Catastrophe Region
 
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
 
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENTENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
ENFORCING SET AND SSL PROTOCOLS IN EPAYMENT
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking Security
 
Virtual banking system using iot
Virtual banking system using iotVirtual banking system using iot
Virtual banking system using iot
 

Mais de Szymon Dowgwillowicz-Nowicki

IBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowych
IBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowychIBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowych
IBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowychSzymon Dowgwillowicz-Nowicki
 
2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenówSzymon Dowgwillowicz-Nowicki
 
2012 Premium Technology usługi bezpieczeństwa teleinformatycznego
2012 Premium Technology usługi bezpieczeństwa teleinformatycznego2012 Premium Technology usługi bezpieczeństwa teleinformatycznego
2012 Premium Technology usługi bezpieczeństwa teleinformatycznegoSzymon Dowgwillowicz-Nowicki
 

Mais de Szymon Dowgwillowicz-Nowicki (6)

IBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowych
IBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowychIBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowych
IBM Security AppScan Introduction - Horyzont bezpieczeństwa aplikacji webowych
 
2012 Enterprise Single Sign-On (IBM vs CA)
2012 Enterprise Single Sign-On (IBM vs CA)2012 Enterprise Single Sign-On (IBM vs CA)
2012 Enterprise Single Sign-On (IBM vs CA)
 
2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów2012 NagraID display cards - alternatywa dla tokenów
2012 NagraID display cards - alternatywa dla tokenów
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
2012 Premium Technology usługi bezpieczeństwa teleinformatycznego
2012 Premium Technology usługi bezpieczeństwa teleinformatycznego2012 Premium Technology usługi bezpieczeństwa teleinformatycznego
2012 Premium Technology usługi bezpieczeństwa teleinformatycznego
 
2012 Accumulate Mobile Everywhere Introduction
2012 Accumulate Mobile Everywhere Introduction2012 Accumulate Mobile Everywhere Introduction
2012 Accumulate Mobile Everywhere Introduction
 

Último

Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 

Último (20)

Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 

2012 Accumulate Mobile Everywhere - Standard Product Description

  • 1. Mobile Everywhere Standard product description – light version Accumulate 2011 Copyright 2011 Accumulate AB ME Standard Product Description
  • 2. !"#$%$&'()$%*&+,( Date Version Status Description Author 2011-01-31 1.0 Final First Edition ( -..+&#"/(0,( Name Role Date Magnus Westling CTO 2011-02-01 ( ( ME Standard Product Description
  • 3. 1203"(&4(5&'*"'*% 1! Introduction to document 2! 1.1! About Accumulate 2! 1.2! Secure Mobile transactions 2! 1.3! Mobile Banking 3! 1.4! Mobile Payment 3! 1.5! Mobile security 4! 2! Mobile Everywhere 5! 2.1! Overview 5! 2.1.1! PDI and OTT processes 6! 2.1.2! Secure transaction system 6! 2.1.3! Transaction system 7! 2.1.4! Multi-tier system 7! 2.1.5! Ecosystem 7! 2.2! ME Services 7! 2.2.1! Service overview 7! 2.2.2! Mobile banking 7! 2.2.3! Secure credit card 8! 2.2.4! Mobile Payments 9! 2.2.5! Mobile security 11! 2.2.6! E-ID 11! 2.3! ME client 12! 2.4! ME core server 13! 2.5! ME ecosystem server 13! 3! ME system description 14! 3.1! Logical view 14! 3.2! Function description 14! 3.2.1! Enrolment 15! 3.2.2! Mobile banking 16! 3.2.3! Secure credit card 17! 3.2.4! Point of sale 19! 3.2.5! Online 21! 3.2.6! Person-to-person 23! 3.2.7! Man-to-machine 26! 3.2.8! Remittance 28! 3.2.9! Secure login 30! 3.2.10! Secure signature 32! 3.2.11! e-ID 34! 3.2.12! 3 factor authentication 38! 4! Security 40! 4.1! Threat and mitigation 41! 4.2! Mobile client security 41! 5! Scalability 43! ME Standard Product Description 1(44)
  • 4. 6 7'*+&/85*$&'(*&(/&589"'*( The purpose of this documentation is to give a complete overview of the company Accumulate, its solution Mobile Everywhere and the services that can be launched using Mobile Everywhere as the platform. This documentation begins with a presentation of the company. Thereafter follows an overview of the different mobile payment/banking services that exists in the marketplace today and a description of the services that can be launched using Accumulate’s solution for secure mobile transactions. The different functions and processes that make Accumulate’s solution unique will be described in detail. The last chapters of this documentation contain through descriptions of the architecture, the components and the system of Accumulate’s solution as a whole. 6:6 -0&8*(-5589832*"( Accumulate core business is development of online security solutions for mobile devices. The mission is to be a technology leader in secure mobile authentication and mobile financial services by using a mobile device. All development within Accumulate is performed with focus on highest security, ease-of-use, flexibility and lowest TCO for the customer. Accumulate currently holds 8 patents in securing mobile transactions. Milestones • Start 2004 • First mobile transaction platform (Flexion) commercial launch, 2004 • Consolidated to Accumulate 2005 • First pilot 2005 • Opening of UK office 2005 • Reaches 100 000 unique installations 2006 • Second mobile security platform (ME) commercial launch, 2007 • Reaches 1 000 000 unique installations 2007 • First in the world to go live with a 360 degree mobile payment service (June 2009) • Reaches 10 000 000 unique installations 2009 • Reaches 20 000 000 unique installations 2010 Accumulate is head quartered in Stockholm, Sweden, from where most of the operations and business development is run. Furthermore, Accumulate has offices in London and Beijing. 6:; <"58+"(=&0$3"(*+2'%25*$&'%( Accumulate’s solution is a multi-factor public key infrastructure (PKI) authentication platform where a thin smart security client application is installed on a verified client’s mobile device. The security client application communicates securely over tcp/ip with ME Standard Product Description 2(44)
  • 5. a transaction server that in turn communicates with external systems through standard API’s. When a user starts the application a connection to the transaction server is established and the user’s identity is verified. Once verified, the user can perform various kinds of secure authentications. 6:> =&0$3"(?2'@$'A( The term mobile banking is widely interpreted, as there is no universal standard for what is included within the terminology. However, mobile banking is often synonymous with informational services (mobile banking 1.0). Accumulate sees mobile banking as an additional access channel to the traditional banking services whether they are informational or transactional (mobile banking 2.0). Accumulate’s solution enables an optimized security allowing the implementation of transactional services. With Accumulate’s Mobile Banking solution, banks can provide a more secure, flexible and feature rich communication/transaction channel and by that providing its customers with offers like: • Informational services • Money transfer (inter/intra bank) • Invoice payment • Additional services (notifications, branch/ATM locator, etc) The authentication method and the very high security features of Accumulate’s solution makes it a perfect companion for people on the move, providing the same functionalities as the banks Internet channel but without the need of a computer or hardware token. 6:B =&0$3"(C2,9"'*( Mobile payment has commonly been known as SMS payments or different person-to- person solutions generally covering only one payment situation (mobile payment 1.0). Accumulate’s solution moves mobile payment to a complete 360 degree mobile payment service, meaning that it covers all payment situations and this using one platform with the highest security foundation (mobile payment 2.0). • Contactless mobile payment - using RFID, Accumulate OTT, NFC stickers or NFC integrated phones • Person to person money transfers - secure, fast and easy way to perform money transfers transactions • Money remittance • Online payments • Vending machine payment ME Standard Product Description 3(44)
  • 6. Payment information services - get info direct on the mobile, balance, transaction history and even receipts of purchases • Other services - mobile ticketing, coupons and mobile loyalty card are examples of new and future services that can be enabled using Accumulate’s solution This illustration specifies the different components that Accumulate can provide to a mobile payment ecosystem. 6:D =&0$3"(%"58+$*,( Accumulate’s solution is based on industry security standards PKI. Adding unique and patented technology and processes and multi-factor authentication in combination with dual line communication gives Accumulate’s solution unparalleled security. By using Accumulate’s solution, banks can avoid many of the security issues in today’s transaction environment such as data integrity online, man-in-the- middle issues and phishing. ME Standard Product Description 4(44)
  • 7. ; =&0$3"(E#"+,F)"+"( ;:6 G#"+#$"F( Mobile Everywhere (hereafter ME) is the name of Accumulate’s solution and is a complete platform for mobile secure transactions. ME is a multi-tier solution for multiple services built upon a generic secure transaction and security basics. The basic concept is a connected mobile client that holds a secure and identified connection to a transaction server. The client (an application downloaded over the air, OTA) with its secure channels to the server becomes a Safe Frame in which secure transactions can be executed. The flexibility of ME makes it possible for the service provider at the server side to add and revoke services. The client is an important security entity but regarding services and graphic user interface (GUI), it is just a thin client displaying server side services and GUI. Services can be of two generic types: local services or eco system services. Local services are directly integrated in the ME core and global eco system services are integrated to an eco system component. ME is composed of a client application, local server side components and global server side eco system components. ME has several advantages; • Security – ME has many security advantages over other solutions such as dual line communication and the “sign what you see” functionality. ME also abolish many of the security issues in today’s transaction environment such as data integrity online, man-in-the-middle issues and phishing of id & password. • User friendliness – All services are focused on being easy to use and minimizing the procedure for the end user to execute transactions and other actions • Independency – ME works independently of operator, SIM-card, network type, subscription type or make- and model of handset. • Cost efficiency – Cost savings in hardware and distribution compared to current solutions. Furthermore there is no transaction cost (example. compared with OTP via SMS or scratch card). Using ME, cost associated with fraud attacks can be decreased. • Speed – ME qualifies for a transaction environment where speed is of essence for instance in a point of sales environment. • Flexibility - Within the ME platform many services in mobile payment, mobile banking and other mobile security transactions can be enabled. ME virtually supports all mobile phones released since 2004, the minimum requirement is Java MIDP2 phones since the application always connect to the Internet using a socket. The terminal database currently holds more than 4500 ME Standard Product Description 5(44)
  • 8. different mobile phone models and is continuously being updated as new models are released. Supported platforms are: ! iPhone ! Android ! BlackBerry ! Symbian ! Windows Mobile ! Java ME ;:6:6 CH7(2'/(G11(.+&5"%%"%( Accumulate uses two different patented processes for authentication; One-Time- Ticket (OTT), or a process defined as Predefined Identity (PDI). The server sends an OTT to the mobile security application. Authentication is executed by communicating the one time ticket to the authentication party. An authentication party could be a web service, a point of sales terminal or a login page. The authentication party is connected back-end to the transaction server, which matches the OTT from the authentication party with the stock of valid OTT’s at that time. When the transaction server finds a match, it sends the details of the transaction to the mobile device for confirmation. An OTT is only valid for a short period of time. The other process is the PDI where the authentication is executed by the user entering a pre-defined identity at the authentication party. The identity is already predefined at the server. The authentication party is connected back-end to the transaction server, which matches the PDI with the PDI’s defined at the server. When a valid PDI is matched, a confirmation request is sent to the users’ mobile device with the details of the transaction. ;:6:; <"58+"(*+2'%25*$&'(%,%*"9( ME is specially designed to handle secure transactions; the high security level is accomplished through the ME client that communicates in a secure way with the ME Transaction Server. By having a secure and identified enrolment process where the user is identified and the two-factor authentication (2FA) in the authentication process, the integrity of the user is kept. Several layers of secure methods help to retain this integrity and further strengthen that the system ensures that only the person that is registered to the service and the owner of the mobile device can access and use the functionality of the service. ME Standard Product Description 6(44)
  • 9. ;:6:> 1+2'%25*$&'(%,%*"9( ME is apart from a secure transaction system also a high capacity transaction system. This is accomplished by having a layered and multi- threaded architecture with maximum possibilities to scale. The high performance transaction system means that it is built for large scale expansion and scaling without limitations, but at the same time withholding the transaction integrity. ;:6:B =83*$I*$"+(%,%*"9( ME is designed with the allowance of interaction between multiple instances. This facilitates the creation of an eco-system consisting of different services and service providers. This means that ME is prepared as a multi-tier system where more instances can be added. This makes the ME extremely scalable and flexible in its design. ;:6:D E5&%,%*"9(( The ME solution is prepared with an Inter Transaction Router (ITSR) that can route transactions between different issuers and acquirers, an Other Service Router (OSR) that routes transactions to different service providers and an e-ID router to direct signatures and authentications. This means that all mobile payment services, other services and the e-ID service can be used both as proprietary services and as ecosystem services. ;:; =E(<"+#$5"%( ME Services cover all the different services that can be performed within the ME platform. Furthermore, ME Services describe the client and different types of servers along with the security features. ;:;:6 <"+#$5"(&#"+#$"F( Mobile banking Secure credit card Point of sale (POS) Person-to-person money transfer Online payments Man-to-machine Remittance Other services Login Signature e-ID ;:;:; =&0$3"(02'@$'A( Using ME, banks can provide its customers with a more secure, flexible and feature ME Standard Product Description 7(44)
  • 10. rich mobile banking service that can be used as a communication/transaction channel. Due to the security features of the security client application it is possible to securely provide traditional mobile banking services (informational services) but the provision of transactional servicers that requires a higher security is also possible. Accumulate’s mobile banking solution empowers financial institutions to provide all Internet banking services in the mobile channel. !"!"!"# $%&'()*+,'%-./(0,1/.- Informational services is divided into account information which is information regarding the account holders specific account and general information which is universal information regarding the bank. All these informational services are today widely regarded as mobile banking. !"!"!"#"# $%%&'()*+(,&-./)+&(* • Balance statement • Transaction history • Payment notifications • Online purchase notifications • Abroad purchase notifications • Withdrawals notifications • Transactions notifications • Fraud alerts • Bonus/loyalty points • Access to loan statements • Access to card statements • Real-time stock quotes • PIN provision, change of PIN • Blocking of (lost, stolen) card !"!"!"#"! 01(1-/2*+(,&-./)+&(* • Offers • Current bank related news • ATM locator • Branch locator !"!"!"! 2(*%.*1+,'%*3-./(0,1/.- Transactional services are services that allow the user to execute monetary transactions within the mobile banking solution. Examples of transactional services are: • Inter/intra bank transfers • Bill payment • Stock/fund trading ;:;:> <"58+"(5+"/$*(52+/( The services within Secure Credit Card are aiming to increase the security of online ME Standard Product Description 8(44)
  • 11. card purchases while simplifying the procedure for the end user. !"!"4"# 456-./17(/- Verification of the online purchase in the mobile phone, the 3-D secure service eliminates the need of a 3-D secure hardware token. Not only does this service reduce cost in hardware and distribution it also simplifies the purchase procedure for the end user since the verification device is the mobile phone: a device that is always available to the user. !"!"4"! 8%/-+,)/-1(/9,+-1*(9-:82;;<- The OTCC is a service that generates a one time card number for online purchases. This service drastically decreases fraud as the card number becomes obsolete after the purchase. The OTCC number is generated in the mobile application consisting of the issuer identifying number along with a one-time ticket. When the purchase is being processed the verification of the purchase is executed in the mobile application allowing the user only to have the phone as a device for the online purchase. !"!"4"4 8%/-+,)/-+,1=/+-5-1(/9,+-1*(9- The OTT service is a service that completely eliminates the need of sensitive information being entered at the online merchant site. The only information being given at the online merchant is the one time ticket generated in the application. When the purchase is being processed the verification of the purchase is also executed in the application. In order to be able to introduce the OTT service, merchants needs to complete minor modifications to its checkout page to be able to accept OTT payments and a credit card or account needs to be linked to the application. ;:;:B =&0$3"(C2,9"'*%( Using ME as the platform, a 360° mobile payment service can be provided. This means that all the different payment situations including point of sale purchases, online payments, person-to-person transfers and man-to-machine payments are supported. Additionally, ME’s mobile payment solution supports a great variety of other services ranging from ticketing to purchase codes etc. In other words, ME can be used to provide three different areas within the scope of mobile payments: proximity payments, remote payments and other services. !"!">"# ?('@,),+A-B*A)/%+.- Proximity payments are transactions being executed in nearness of the payee and with an interaction between the payer and the payee. !"!"3"#"# 4&+()*&,*5/21* A point of sale transaction can be executed either via integrated NFC, NFC sticker1 or via one-time-ticket. Since ME supports the OTT process, it is enabled to serve as a bridging solution for NFC point of sale purchases until the roll out of NFC handsets and point of sale terminals has been completed. 1 Integrated NFC and NFC stickers are different forms of predefined identity authentications. Please see section 2.1.1 ME Standard Product Description 9(44)
  • 12. !"!"3"#"! 6(2+(1* The online payment service enables the end user to pay at online merchants. This transaction is based on the OTT process. Today, online purchases are often done by providing the payment receiver with sensitive credit card information. By using OTT, this information sharing and the associated risks are eliminated. !"!"3"#"7 41-5&(8)&891-5&(*)-/(5,1-* The P2P service enables end users to execute monetary transfers between accounts only using the telephone number or an OTT as the identifier. The sender as well as the recipient needs be in active state (initiated payment) in order to execute the transfer, this in order to eliminate transfers to the wrong recipient. !"!"3"#"3 :/(8)&8./%;+(1* The man-to-machine service allows end users to execute payments to different types of machines i.e. vending machines, parking meters, charging poles etc. The OTT process is used to complete the payment. The machine only needs to be equipped with embedded connected software, to be able to receive online transactions. !"!">"! C/)'+/-?*A)/%+.- !"!"3"!"# <1.+))/(%1* The remittance service enables end users the opportunity to send monetary transfers. The service can be applied for internal as well as cross border remittance. This service is very similar to the person-to-person service with the difference being that the sender and the receiver are at different locations and that the receiver does not need to be in an active state. !"!">"4 8+D/(-./(0,1/.- The area other services is composed of non-traditional payment services along with additional features. Other services eco systems where a service provider (SP) can enter are presented below. !"!"3"7"# =+%>1)+(?* The ticketing service is an in-application2 payment method where the end user buys and receives the ticket within the application. This does not only simplify the purchase procedure for the end user but also enhances the validation possibilities for the seller due to the possible incorporation of barcode and OTT verification. Examples of tickets can be public transportation, events and more. !"!"3"7"! @&)+(?* Voting is an in-application payment method where the end user can purchase votes for TV shows such as Idol (or other similar shows where voting from the audience and the viewers is common). The service also has the possible to use dimension voting, where the voter can grade its vote i.e. on a scale 1-5, which generates more votes and therefore also revenue streams. 2 In-application is defined as an application that is downloaded to the users phone with all the functionalities embedded ME Standard Product Description 10(44)
  • 13. !"!"3"7"7 A&B/2)B* The loyalty feature is an in-application that the end user can connect their different loyalty programs to, in order to earn points on purchases. It is also possible to use points to complete purchases. !"!"3"7"3 4'-%;/51*%&C15* The purchase code payment method allows the user to, within an in-application, purchase merchandise that has been promoted with a certain purchase code in for example magazines, billboards, TV commercial etc. The end user simply enters the purchase code in the application and the merchandise will be sent to the registered address. !"!"3"7"D E&'9&(5* The coupon feature enables the user to consume its digital coupons received trough different loyalty programs or special hand-out offers. ;:;:D =&0$3"(%"58+$*,( !"!"E"# F/17(/-3'G,%- The secure login service replaces security solutions, such as security tokens, one- time pass codes and digital certificates and gives banks a secure and cost efficient authentication solution. The secure login service enables the end user to use its mobile phone as the security device: Since the mobile phone is a device that the end user carries with him/her at all times, using the mobile phone as a security device will increase the accessibility to the internet bank and also eliminate costs associated with manufacturing and distribution of hardware. . !"!"E"! F/17(/-.,G%*+7(/-- The signature service allows the end user to sign different actions taken within the mobile application. Actions that can be used for signing is different types of transactions, increasing/decreasing credit limits, loan applications etc. The service provides a complete “Sign what you see” experience and is compliant with EU Directive 1999/93/EC of advanced electronic signature giving the end user a complete overview of the exact data he/she is signing. ;:;:J EI7H( The e-ID solution basically consists of secure login and secure signature but with the addition of eco-system components in order to be able to function in a global eco- system. ME Standard Product Description 11(44)
  • 14. ;:> =E(53$"'*( The ME client is a thin application (previously in this documentation defined as a security client application but from now on defined as the “safe frame”) consisting of different security features that creates a safe frame which is a connected security application that is installed on the end users mobile device. The client safe frame is a thin client with sophisticated security features which connects to the ME core server. The safe frame enables the user to perform transactions in a secure way. Key features • Security application installed over the air • True PKI secure client • Thin client • Advanced security features • Pin code protected • Connects to transaction server when started • Instant provisioning • GUI controlled from server • Flexibility in terms of branding • Supports most handsets The Safe Frame can also be implemented as a library on to existing mobile banking applications. By doing so, a security layer on the existing mobile banking solution is attached, allowing for the execution of transactional services. ME Standard Product Description 12(44)
  • 15. ;:B =E(5&+"(%"+#"+( The ME core server manages the integrity of each user and each client safe frame. It is an integral part of the security and service enabled trough the ME client the core transaction server is flexible in terms of configurations and new services. Key features • Advanced security features • Flexibility in terms of configuration • Flexibility in terms of branding • Instant provisioning of new services • Scalability ;:D =E("5&%,%*"9(%"+#"+( The ecosystem server components enable routing of transactions in a multiple system with several independent service providers in one common ecosystem. There are several components within the ecosystem server: • Inter transaction router (ITSR) is the component that enables routing of authentication transactions in a multiple system and handles integrations to banks for account integration and enrolment. • Other service router (OSR) is connecting different service provider as well as routing components that enables routing other services transaction such as ticketing and loyalty programs. • The electronic ID router is a routing component for signatures and authentications in an electronic ID ecosystem. ME Standard Product Description 13(44)
  • 16. > =E(%,%*"9(/"%5+$.*$&'( >:6 K&A$523(#$"F( The logical view below explains the structure of the services offered within the ME platform. The services can be of two generic types: local services or eco system services. Local services are directly integrated in the transaction server and global eco system services are integrated to an eco system component. >:; L8'5*$&'(/"%5+$.*$&'( The functional description defines the user experiences of the different services and other functionalities like enrolment and 3-factor authentication. All the services do need integration towards external systems in order to be operational. ME Standard Product Description 14(44)
  • 17. >:;:6 E'+&39"'*( This section defines the user experience for enrolment trough a website. 1. The user enrols to the mobile solution 2.The banks site displays an activation trough the banks website by entering code for the mobile application his/her MSISDN (mobile telephone number) 3.The user downloads that application 4.The user enters the activation code and chooses its PIN *Note that the enrolment process might differ for different operating systems. ME Standard Product Description 15(44)
  • 18. >:;:; =&0$3"(02'@$'A( This section describes the user experience for an informational mobile banking service 1. The user initiates the application; RSA 2.The user chooses account balance key and IMEI verification is executed and the user enter his/her PIN. 3. The application displays the current account balance ME Standard Product Description 16(44)
  • 19. >:;:> <"58+"(5+"/$*(52+/( This section describes the user experience of a 3-d secure purchase. 1. The user initiates the application; RSA 2.The user chooses secure credit card key and IMEI verification is executed and the user enter his/her PIN. 3. The card is activated for purchases 4. The user chooses the item to buy and enters the credit card information at the merchant site 5. The merchant site requests the user to 6. Information regarding merchant, item verify the purchase in the mobile and price are displayed in the mobile application application and the user verifies the purchase by entering his/her PIN ME Standard Product Description 17(44)
  • 20. 7.The status of the purchase is displayed 8. The status of the purchase is in the mobile application displayed at the merchants’ site ME Standard Product Description 18(44)
  • 21. >:;:B C&$'*(&4(%23"( This section describes the user experience for a POS purchase. 1. The user initiates the application; RSA 2.The user chooses Payment key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application informs the 4.The user either swipes the phone over user to either use NFC or the OTT the point of sale terminal or gives the process in order to initiate the purchase merchant the OTT ME Standard Product Description 19(44)
  • 22. 5.Information regarding merchant, item 6.The status of the purchase is displayed and price are displayed in the mobile in the mobile application application and the user verifies the purchase by entering his/her PIN 7.The point of sale terminal prints the receipt of the purchase ME Standard Product Description 20(44)
  • 23. >:;:D G'3$'"( This section defines the user experience for an online purchase using an OTT. 1. The user initiates the application; RSA 2. The user chooses Payment key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application displays an 4.The user chooses the item to buy and OTT valid for the transaction enters the OTT at the merchant site 5.The merchant site requests the user to 6.Information regarding merchant, item verify the purchase in the mobile and price are displayed in the mobile application application and the user verifies the purchase by entering his/her PIN ME Standard Product Description 21(44)
  • 24. 7.The status of the purchase is displayed 8.The status of the purchase is displayed in the mobile application at the merchants’ site ( ME Standard Product Description 22(44)
  • 25. >:;:J C"+%&'I*&I."+%&'( This section defines the user experience for a person-to-person transfer. 1. The user initiates the application; RSA 2.The sender and the receiver chooses key and IMEI verification is executed and person-to-person transfer the user enter his/her PIN. 3.The sender chooses send money 4.The receiver chooses receive money ME Standard Product Description 23(44)
  • 26. 5.The sender enters amount of the 6.The receiver communicates his/her transfer MSISDN or the OTT to the sender 7.The sender enters the MSISDN or the 8.The sender mobile application displays OTT the information regarding the transfer and asks the sender to verify it with its PIN ME Standard Product Description 24(44)
  • 27. 9.The status of the transfer is displayed 10.The status of the transfer is displayed in the senders’ mobile application in the receivers’ mobile application ME Standard Product Description 25(44)
  • 28. >:;:M =2'I*&I925)$'"( This section defines the user experience for a man-to-machine purchase, in this case a vending machine. 1. The user initiates the application; RSA 2.The user chooses vending machine key and IMEI verification is executed and purchase the user enter his/her PIN. 3. The user enters the serial number of 4. The mobile application returns with the the machine in the mobile application information about the location of the machine and asking for the amount to transfer along with the verification with the PIN ME Standard Product Description 26(44)
  • 29. 5.The status of the transfer is displayed 6.The user can now, depending on the in the mobile application service of the machine choose which product/service to collect ME Standard Product Description 27(44)
  • 30. >:;:N !"9$**2'5"( This section defines the user experience for a remittance. 1. The user initiates the application; RSA 2.The user chooses remittance key and IMEI verification is executed and the user enter his/her PIN. 3. The sender enters the amount 4. The sender enters the recipients MSISDN ME Standard Product Description 28(44)
  • 31. 5.If the receiver isn’t in active state 6.The sender mobile application displays (initiated application) the sender receives the information regarding the transfer information about it and asks the sender to verify it with its PIN 7.The status of the transfer is displayed in the senders mobile application ME Standard Product Description 29(44)
  • 32. >:;:O <"58+"(3&A$'( This section defines the user experience for login. 1. The user initiates the application; RSA 2.The user chooses Login key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application displays an 4. The user enters the OTT at the OTT valid for the login website ME Standard Product Description 30(44)
  • 33. 5.The site requests the user to verify the 6.Information regarding which website login in the mobile application the user attempts to login to is displayed in the mobile application and the user verifies the login by entering his/her PIN 7.The mobile application confirms the 8. The user is now logged in at the login. website ME Standard Product Description 31(44)
  • 34. >:;:6P <"58+"(%$A'2*8+"( This section defines the user experience for a secure signature. 1. The user initiates the application; RSA 2. The user chooses signature key and IMEI verification is executed and the user enter his/her PIN. 3. Signature mode is activated 4. On the website the user confirms to go ahead and sign an action ME Standard Product Description 32(44)
  • 35. 5. The site requests the user to verify the 6. The user receives the information action in the mobile application regarding the action he/she want to sign, and is asked to verify it with its PIN 7. The status of the signature is 8. The status of the signature is displayed in the mobile application displayed at the website ME Standard Product Description 33(44)
  • 36. >:;:66 "I7H( 4"!"##"# H7+D/%+,1*+,'%- This section defines the user experience for a login with an e-ID. 1. The user initiates the application; RSA 2.The user chooses Login key and IMEI verification is executed and the user enter his/her PIN. 3.The mobile application displays an 4. The user enters the OTT at the OTT valid for the login website ME Standard Product Description 34(44)
  • 37. 5.The site requests the user to verify the 6.Information regarding which website login in the mobile application the user attempts to login to is displayed in the mobile application and the user verifies the login by entering his/her PIN 7. The mobile application confirms the 8. The user is now logged in at the login. website ME Standard Product Description 35(44)
  • 38. 4"!"##"! F,G%*+7(/- This section defines the user experience for a signature with an e-ID. 1. The user initiates the application; RSA 2. The user chooses signature key and IMEI verification is executed and the user enter his/her PIN. 3. Signature mode is activated 4. On the website the user confirms to go ahead and sign an action ME Standard Product Description 36(44)
  • 39. 5. The site requests the user to verify the 6. The user receives the information action in the mobile application regarding the action he/she want to sign, and is asked to verify it with its PIN 7. The status of the signature is 8. The status of the signature is displayed in the mobile application displayed at the website ME Standard Product Description 37(44)
  • 40. >:;:6; >(425*&+(28*)"'*$52*$&'( This section defines the user experience of the 3 factor authentication solution that can be applied for application login, site login or signature. 1. The user initiates the application; RSA 2. The user chooses verify voice key and IMEI verification is executed and the user enter his/her PIN. 3. The user presses the start recording 4. The user verifies his/her voice by button recording the text being displayed in the mobile application ME Standard Product Description 38(44)
  • 41. 5.The mobile application displays the result of the voice verification *Note that an enrolment of the voice is necessary prior to being able to execute voice verification ME Standard Product Description 39(44)
  • 42. B <"58+$*,( The basic idea behind the ME solution is to use a secure connection to a mobile phone to authenticate a user. To obtain a high security level it is crucial to first create a secure and safe origin authentication and then in a very secure manner contain and reuse that origin authentication. The ME system uses, in its current version, a 2FA (2 Factor Authentication) to obtain the secure link to the origin authentication. The two factors used are: • Something you have. In this case the identity of the application installed in a specific phone, with a specific MSISDN, where a specific set asymmetric keys is stored. The asymmetric keys are a common RSA key set. The private part is stored on the mobile device and the public key stored on the server (as of standard PKI). • Something you know. A PIN-code/pass phrase with any length and a possible variation of digits and characters. The PIN/Pass phrase is always validated on the server side to avoid brute forcing. It is possible to implement any biz logic and rules for PIN/pass phrase use and reuse. The ME solution is built with a true secure connection between the server (TS) and the client. Within that secure channel different services can be offered the user. This concept is called Safe Frame and is a key basic for the security in ME The unsymmetrical keys stored in the client are stored in the common memory space integrated with the client SW. In the ME solution the unique client SW with its unsymmetrical keys are bound to the mobile phone and the operator and MSISDN. By doing that it is ensured that the application and the keys cannot be moved or copied for use in other devices. This ensures that the right device must be used and prevents mass fraud. The ME solution is built to be able to use multiple unsymmetrical keys and multiple certificates. This means that every single service can have its own keys and certificates. ME has an advanced security architecture and the security level is achieved both by its technical design, by the technical components but also by its processes. ME is a 2-factor solution using a private key infrastructure for the communication between the application and the server. ME stores the private keys in the application. The private keys are protected by a number of checks that are processed when a client connects to the server side to ascertain the integrity of the application and the user. Another important security component is that ME uses two simultaneous communication lines to execute an authorization. A third factor using biometric properties can be added to the solution such as voice or face recognition. ME Standard Product Description 40(44)
  • 43. B:6 1)+"2*(2'/(9$*$A2*$&'( Threat Possibility Mitigation Stolen phone + security Possible PIN Control, Revoke application Stolen phone + security Unlikely Revoke application + pin Stolen security application Very unlikely PIN Control, IMEI, SIM validation Stolen security application Very unlikely PIN Control, IMEI, SIM + pin validation Stolen security application Very unlikely PIN Control, IMEI, SIM + PIN + IMEI validation Stolen client application + Very unlikely Prefix OTT PIN + IMEI + Proxy install Stolen client application + Very unlikely 3 factor authentication PIN + IMEI + Proxy install B:; =&0$3"(53$"'*(%"58+$*,( Each client application is uniquely distributed and contains a unique identity combined with a private RSA keys, the size of the keys varies from 512 bit to 2048 bit depending on the speed of the target handset. The keys in combination with the identity of the application are used to establish a secure 256-bit AES encrypted connection with the server. The server controls which key size to use, depending on the phone model. The connection with the server is socket based, not HTTP, in order to avoid the risk of “session hijacking”. The client application can be seen as a tiny browser with built-in client certificate authentication and locked with a pin code. The clients are also linked to the phones serial number and implement processes to verify the SIM to prevent future attacks like Trojans and key loggers on mobile devices. This makes the software based certificate in the client “hard” preventing use on another device. An Accumulate developed TCP server handles the connection with the clients using only asynchronous IO to allow many connections without using a lot of application threads. Any number of TCP servers can be deployed (using a load balancer) and the TCP server is communicating with the core components using EJB. ME Standard Product Description 41(44)
  • 44. The core components can communicate back with the TCP server to push confirmation to a user directly on the socket channel. ME Standard Product Description 42(44)
  • 45. D <52320$3$*,( ME is, both from an application and an infrastructure point of view, totally scalable. It is possible to add any number of ME server instances, and each server can have unlimited number of users connecting. There are no bottlenecks when it comes to transactions. Vertical scaling is normally not applicable; the only time where it might be the best scaling method is when more memory database storage is required but without actual need of more CPU capacity. In this situation, a simple upgrade of RAM memory is the most efficient upgrade. Normally, horizontal scaling is used to improve capacity even though the most common method to improve performance is code or configuration improvements. Load balancing is done through Linux Virtual Server using direct routing (DR) and using keep alive as heartbeat between the master and the slave. This allows addition of virtually any number of real servers without the load balancer being a bottleneck. ME Standard Product Description 43(44)
  • 46. ME Standard Product Description 44(44)