M Commerce


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

M Commerce

  1. 1. Survey on Smart Card & Mobile Payment Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes
  2. 2. Contents <ul><li>Introduction </li></ul><ul><li>Methodology of Study </li></ul><ul><li>Existing Payments Schemes </li></ul><ul><li>Business Drivers </li></ul><ul><li>Relation between SIM card & Smart Card </li></ul><ul><li>Technological Trends </li></ul><ul><li>Business Trends </li></ul><ul><li>Conclusion </li></ul>
  3. 3. Introduction <ul><li>Motivation </li></ul><ul><li>To understand the existing payment schemes. </li></ul><ul><li>To understand the role of smart card in retail payment. </li></ul><ul><li>To understand the security issues. </li></ul><ul><li>Goal </li></ul><ul><li>To understand the future of retail payment. </li></ul>
  4. 4. Methodology of Study <ul><li>Collected the details about the existing payment schemes. </li></ul><ul><li>Surveyed Industry Standards for Payments. </li></ul><ul><li>Collected responses to questionnaire from focus groups. </li></ul><ul><li>Studied various types of smart cards. </li></ul><ul><li>Analyzed the relationship between smart card and SIM card. </li></ul><ul><li>Surveyed the Business Trends of M-Commerce and its future. </li></ul>
  5. 5. Existing Payment Scheme <ul><li>Based on Value </li></ul><ul><ul><li>Micro payments – less than 5$ </li></ul></ul><ul><ul><li>Medium Payments – Between 5$ - 25$ </li></ul></ul><ul><ul><li>Macro payments - above 25$ </li></ul></ul><ul><ul><li>Based on Location </li></ul></ul><ul><ul><li>Remote Transaction – SMS, GPRS </li></ul></ul><ul><ul><li>Proximity Transaction – Bluetooth, RFID </li></ul></ul><ul><ul><li>Based on Technology </li></ul></ul><ul><ul><li>Magnetic Strip card </li></ul></ul><ul><ul><li>Smart Card </li></ul></ul>
  6. 6. Smart card Payments <ul><li>What is smart card? </li></ul><ul><li>Smart card is a tamper proof plastic card with an embedded microchip that can be loaded with data. </li></ul><ul><li>Why smart card? </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Processing power </li></ul></ul><ul><ul><li>Memory </li></ul></ul>
  7. 7. Smart Card Security <ul><li>OS and File Security </li></ul><ul><li>File hierarchy – MF,DF,EF </li></ul><ul><li>File security attributes </li></ul><ul><li>Access Rights </li></ul><ul><li>Always(ALW) </li></ul><ul><li>Card holder Verification 1 (CHV1) </li></ul><ul><li>Card holder Verification 2 (CHV2) </li></ul><ul><li>Administrative (ADM) </li></ul>
  8. 8. Smart Card Security <ul><li>Hardware Security </li></ul><ul><li>All the data are store in EEPROM, so can be erased using unusual voltage </li></ul><ul><li>Data can be erased by exposure to UV rays </li></ul><ul><li>Heating the card in high temperature </li></ul><ul><li>Statistical Attack like Differential power analysis (DPA) </li></ul>
  9. 9. Java Card <ul><li>The Java Card platform was designed and developed from the beginning specifically to enhance the security of smart cards. </li></ul><ul><li>Advantages </li></ul><ul><li>Open Architecture Designed with Industry Experts </li></ul><ul><li>Java runtime environment (JRE) </li></ul><ul><li>Security Enhancements – transaction atomicity, Cryptography, Applet firewall </li></ul><ul><li>Code reusability (OOPS) & data integrity </li></ul><ul><li>Proven platform - Passed security evaluation by financial agencies, US Dept of Defense and US national security Agency. </li></ul>
  10. 10. Mobile Commerce <ul><li>Definition: </li></ul><ul><li>“ Mobile commerce is the use the of mobile hand held devices to communicate, inform, transact and entertain using text and data via connection to public and private networks” </li></ul><ul><li>(Lehman Brothers) </li></ul><ul><li>“ Mobile Commerce refers to any transaction with monetary value that is conducted via a mobile telecommunications network.” (Durlacher) </li></ul>
  11. 11. Scheme of Mobile Payments <ul><li>SMS Based Payments </li></ul><ul><li>WAP/GPRS </li></ul><ul><li>Reverse SMS Billing </li></ul><ul><li>Proximity Payments </li></ul>
  12. 12. SMS Based Payments <ul><li>Secure message in the form of SMS are used to transfer money from one user account to another </li></ul><ul><li>Use of PKI </li></ul><ul><li>Implementation e.g.: mCheque </li></ul><ul><li>Advantage: No account information is revealed </li></ul>
  13. 13. WAP/GPRS based payments <ul><li>Wireless Application Protocol (WAP) over GPRS mobiles are used </li></ul><ul><li>Similar to e commerce </li></ul><ul><li>Less risk involved </li></ul><ul><li>Cost for GPRS connectivity is reducing. </li></ul><ul><li>No changes in the existing business model </li></ul>
  14. 14. Reverse SMS Billing <ul><li>Definition: </li></ul><ul><ul><li>Provider over charge SMS from special numbers -( Premium SMS ) </li></ul></ul><ul><li>Separate Business Models are to be realized </li></ul><ul><li>Only small change in the existing set up </li></ul><ul><li>Advantage: No additional infra structure is required. </li></ul><ul><li>Applications: Digital contents like ring tones, music , video...etc </li></ul>
  15. 15. Proximity Payments <ul><li>Definition: </li></ul><ul><li>The trading parties are in the same vicinity. </li></ul><ul><li>Standardized interfaces e.g. Infra red , Blue tooth </li></ul><ul><li>Supported Offline transaction </li></ul><ul><li>Cheaper solution for micro payments </li></ul><ul><li>High Risk </li></ul><ul><li>Separate Business Models & Infrastructure need to be implemented </li></ul>
  16. 16. Business Drivers <ul><li>Wider acceptance for GPRS/WAP enabled mobile devices </li></ul><ul><li>Mobile operators are looking for new revenue streams </li></ul><ul><li>Population of mobiles devices over PC </li></ul><ul><li>Average time to detect a mobile theft is 68 min over 26 hours for credit cards </li></ul><ul><li>More secure than conventional credit cards </li></ul>
  17. 17. Relationship between SIM card and smart card <ul><li>GSM specification11.11 defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM. </li></ul><ul><li>Any implementation of this standard can act as a SIM card in Mobiles. </li></ul><ul><li>Implementation: </li></ul><ul><ul><li>Java Card </li></ul></ul><ul><ul><li>Native Card </li></ul></ul>
  18. 18. Technology Trends <ul><li>Research organizations & Focus groups are working on the effective standards. </li></ul><ul><li>Different Business Models (OSS & BSS) are being evaluated for its feasibility. </li></ul><ul><li>Emerging Wireless Technology - 3G, 2.5G </li></ul><ul><li>Advancement Mobile Phone Technology </li></ul>
  19. 19. Business Trends Taken from “ Towards A Holistic Analysis of Mobile Payments: A Multiple Perspectives Approach” by Jan Ondrus &Yves Pigneur
  20. 20. Business Trends <ul><li>Research reveals high potential market </li></ul><ul><li>New revenue stream for MNO’s </li></ul><ul><li>Opportunity for new comers - application developer, content providers …etc </li></ul><ul><li>High Penetration of mobile device </li></ul><ul><li>Lack of security in existing credit/debit card system </li></ul>
  21. 21. Conclusion <ul><li>High Potential Market </li></ul><ul><li>High Demand for “Killer Applications” </li></ul><ul><li>MNO are looking for new revenue stream </li></ul><ul><li>Customers willingness to experiment </li></ul><ul><li>Merchants are looking for a standard OSS and standard based products </li></ul><ul><li>Opportunity for new comers </li></ul>
  22. 22. <ul><li>Thank You </li></ul>
  23. 23. <ul><li>GSM Specifications </li></ul>
  24. 24. GSM Specification <ul><li>Defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM. </li></ul><ul><li>Any implementation of this standard can act as a SIM card in Mobiles </li></ul>
  25. 25. GSM Characteristics <ul><li>Physical Characteristics- electronic signals, supply voltage, transition protocol </li></ul><ul><li>Logical Model- logical structure of SIM, file structure. </li></ul><ul><li>Security Feature </li></ul><ul><li>File access condition </li></ul><ul><li>Description of Functionalities- functional description of commands and respective response, status condition, error code </li></ul><ul><li>Description of Commands- mapping the functions to APDU </li></ul><ul><li>Contents of Elementary files- elementary files for GSM session, access condition..etc </li></ul><ul><li>Application Protocol- list of standard operation between SIM and ME. </li></ul>
  26. 26. GSM SIM Security <ul><li>Subscriber Identity Authentication </li></ul><ul><li>authenticate the identity of the mobile subscriber </li></ul><ul><li>The network issues a random challenge </li></ul><ul><li>Mobile Subscriber (MS) computes the response–using a one-way hash fn (A3 algo) using a authentication key which is unique to each subscriber </li></ul><ul><li>The Network also compute the response and compare with the response it receive from MS </li></ul><ul><li>The same mechanism is used to establish a cipher key K c </li></ul><ul><li>This key is used to encrypt data and radio signal. (A8 Algo) </li></ul><ul><li>The two algorithms are combined into single algorithm called A38 </li></ul>
  27. 27. GSM SIM Security <ul><li>User Signalling Data Confidentiality </li></ul><ul><li>The data is exclusive-or’d with the key K c and transferred over the radio path. </li></ul><ul><li>Subscriber Identity Confidentiality </li></ul><ul><li>This service is to hide the International Mobile Subscriber Identity (IMSI) </li></ul><ul><li>The service is based on Temporary MSI (TMSI) </li></ul><ul><li>The IMSI is mapped to TMSI </li></ul><ul><li>The TMSI is then encrypted with the cipher key K c and send </li></ul>
  28. 28. <ul><li>Smart Card Standards </li></ul>
  29. 29. Smart card Standards <ul><li>International Standards </li></ul><ul><ul><li>ISO 7816: physical and elecrical characteristics as well as format and protocol for information exchange between the smartcard and reader. </li></ul></ul><ul><ul><li>European Telecommunication Standards Institute (ETSI): Standard for the GSM SIM to communicate with the mobile device </li></ul></ul>
  30. 30. Smart card Standards <ul><li>Industry Standards </li></ul><ul><ul><li>EMV: Euro pay, Master Cards & Visa defines a standard to allow safe ,easy electronic commerce standard </li></ul></ul><ul><ul><li>Mobile 3D: Visas international new global specification that ensure security of internet payments made over mobile phones. </li></ul></ul><ul><ul><li>Open card Framework: Provides an architecture and a set of API that enable application developer to build application in java which use smart card reader. </li></ul></ul><ul><ul><li>PC/SC: Personal computer/ Smartcard is a win 32 based specification to allow the manufactures to develop products independently. </li></ul></ul><ul><ul><li>CEPS : Common Electronic Purse Standard </li></ul></ul><ul><ul><li>Java Card </li></ul></ul>