• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
M Commerce

M Commerce






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    M Commerce M Commerce Presentation Transcript

    • Survey on Smart Card & Mobile Payment Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes
    • Contents
      • Introduction
      • Methodology of Study
      • Existing Payments Schemes
      • Business Drivers
      • Relation between SIM card & Smart Card
      • Technological Trends
      • Business Trends
      • Conclusion
    • Introduction
      • Motivation
      • To understand the existing payment schemes.
      • To understand the role of smart card in retail payment.
      • To understand the security issues.
      • Goal
      • To understand the future of retail payment.
    • Methodology of Study
      • Collected the details about the existing payment schemes.
      • Surveyed Industry Standards for Payments.
      • Collected responses to questionnaire from focus groups.
      • Studied various types of smart cards.
      • Analyzed the relationship between smart card and SIM card.
      • Surveyed the Business Trends of M-Commerce and its future.
    • Existing Payment Scheme
      • Based on Value
        • Micro payments – less than 5$
        • Medium Payments – Between 5$ - 25$
        • Macro payments - above 25$
        • Based on Location
        • Remote Transaction – SMS, GPRS
        • Proximity Transaction – Bluetooth, RFID
        • Based on Technology
        • Magnetic Strip card
        • Smart Card
    • Smart card Payments
      • What is smart card?
      • Smart card is a tamper proof plastic card with an embedded microchip that can be loaded with data.
      • Why smart card?
        • Security
        • Processing power
        • Memory
    • Smart Card Security
      • OS and File Security
      • File hierarchy – MF,DF,EF
      • File security attributes
      • Access Rights
      • Always(ALW)
      • Card holder Verification 1 (CHV1)
      • Card holder Verification 2 (CHV2)
      • Administrative (ADM)
    • Smart Card Security
      • Hardware Security
      • All the data are store in EEPROM, so can be erased using unusual voltage
      • Data can be erased by exposure to UV rays
      • Heating the card in high temperature
      • Statistical Attack like Differential power analysis (DPA)
    • Java Card
      • The Java Card platform was designed and developed from the beginning specifically to enhance the security of smart cards.
      • Advantages
      • Open Architecture Designed with Industry Experts
      • Java runtime environment (JRE)
      • Security Enhancements – transaction atomicity, Cryptography, Applet firewall
      • Code reusability (OOPS) & data integrity
      • Proven platform - Passed security evaluation by financial agencies, US Dept of Defense and US national security Agency.
    • Mobile Commerce
      • Definition:
      • “ Mobile commerce is the use the of mobile hand held devices to communicate, inform, transact and entertain using text and data via connection to public and private networks”
      • (Lehman Brothers)
      • “ Mobile Commerce refers to any transaction with monetary value that is conducted via a mobile telecommunications network.” (Durlacher)
    • Scheme of Mobile Payments
      • SMS Based Payments
      • WAP/GPRS
      • Reverse SMS Billing
      • Proximity Payments
    • SMS Based Payments
      • Secure message in the form of SMS are used to transfer money from one user account to another
      • Use of PKI
      • Implementation e.g.: mCheque
      • Advantage: No account information is revealed
    • WAP/GPRS based payments
      • Wireless Application Protocol (WAP) over GPRS mobiles are used
      • Similar to e commerce
      • Less risk involved
      • Cost for GPRS connectivity is reducing.
      • No changes in the existing business model
    • Reverse SMS Billing
      • Definition:
        • Provider over charge SMS from special numbers -( Premium SMS )
      • Separate Business Models are to be realized
      • Only small change in the existing set up
      • Advantage: No additional infra structure is required.
      • Applications: Digital contents like ring tones, music , video...etc
    • Proximity Payments
      • Definition:
      • The trading parties are in the same vicinity.
      • Standardized interfaces e.g. Infra red , Blue tooth
      • Supported Offline transaction
      • Cheaper solution for micro payments
      • High Risk
      • Separate Business Models & Infrastructure need to be implemented
    • Business Drivers
      • Wider acceptance for GPRS/WAP enabled mobile devices
      • Mobile operators are looking for new revenue streams
      • Population of mobiles devices over PC
      • Average time to detect a mobile theft is 68 min over 26 hours for credit cards
      • More secure than conventional credit cards
    • Relationship between SIM card and smart card
      • GSM specification11.11 defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM.
      • Any implementation of this standard can act as a SIM card in Mobiles.
      • Implementation:
        • Java Card
        • Native Card
    • Technology Trends
      • Research organizations & Focus groups are working on the effective standards.
      • Different Business Models (OSS & BSS) are being evaluated for its feasibility.
      • Emerging Wireless Technology - 3G, 2.5G
      • Advancement Mobile Phone Technology
    • Business Trends Taken from “ Towards A Holistic Analysis of Mobile Payments: A Multiple Perspectives Approach” by Jan Ondrus &Yves Pigneur
    • Business Trends
      • Research reveals high potential market
      • New revenue stream for MNO’s
      • Opportunity for new comers - application developer, content providers …etc
      • High Penetration of mobile device
      • Lack of security in existing credit/debit card system
    • Conclusion
      • High Potential Market
      • High Demand for “Killer Applications”
      • MNO are looking for new revenue stream
      • Customers willingness to experiment
      • Merchants are looking for a standard OSS and standard based products
      • Opportunity for new comers
      • Thank You
      • GSM Specifications
    • GSM Specification
      • Defines the interface between Subscriber Identification Module (SIM) and the Mobile Equipment for use during the network operation as well as the internal organization of SIM.
      • Any implementation of this standard can act as a SIM card in Mobiles
    • GSM Characteristics
      • Physical Characteristics- electronic signals, supply voltage, transition protocol
      • Logical Model- logical structure of SIM, file structure.
      • Security Feature
      • File access condition
      • Description of Functionalities- functional description of commands and respective response, status condition, error code
      • Description of Commands- mapping the functions to APDU
      • Contents of Elementary files- elementary files for GSM session, access condition..etc
      • Application Protocol- list of standard operation between SIM and ME.
    • GSM SIM Security
      • Subscriber Identity Authentication
      • authenticate the identity of the mobile subscriber
      • The network issues a random challenge
      • Mobile Subscriber (MS) computes the response–using a one-way hash fn (A3 algo) using a authentication key which is unique to each subscriber
      • The Network also compute the response and compare with the response it receive from MS
      • The same mechanism is used to establish a cipher key K c
      • This key is used to encrypt data and radio signal. (A8 Algo)
      • The two algorithms are combined into single algorithm called A38
    • GSM SIM Security
      • User Signalling Data Confidentiality
      • The data is exclusive-or’d with the key K c and transferred over the radio path.
      • Subscriber Identity Confidentiality
      • This service is to hide the International Mobile Subscriber Identity (IMSI)
      • The service is based on Temporary MSI (TMSI)
      • The IMSI is mapped to TMSI
      • The TMSI is then encrypted with the cipher key K c and send
      • Smart Card Standards
    • Smart card Standards
      • International Standards
        • ISO 7816: physical and elecrical characteristics as well as format and protocol for information exchange between the smartcard and reader.
        • European Telecommunication Standards Institute (ETSI): Standard for the GSM SIM to communicate with the mobile device
    • Smart card Standards
      • Industry Standards
        • EMV: Euro pay, Master Cards & Visa defines a standard to allow safe ,easy electronic commerce standard
        • Mobile 3D: Visas international new global specification that ensure security of internet payments made over mobile phones.
        • Open card Framework: Provides an architecture and a set of API that enable application developer to build application in java which use smart card reader.
        • PC/SC: Personal computer/ Smartcard is a win 32 based specification to allow the manufactures to develop products independently.
        • CEPS : Common Electronic Purse Standard
        • Java Card