Digital Identity - The Next Generation of Mobile

Digital Identity - The Next
Generation of Mobile Wallet?
Las Vegas, Cartes 2014
Francois Oudot – Innovation Manager NAM
24-09-2013
Who we are
Key facts & figures
| 05/13/2014 | Francois Oudot
2
GBU | Division | Department
Who are we
The number 1 market player in
eCommerce
payment
provider
in France
Commercial
acquirer in
Benelux
DCC
acquiring
provider in
India
| 05/13/2014 | Francois Oudot
3
GBU | Division | Department
Issuing
solution
provider in
Asia
Issuing
processing in
Germany
POS Terminal
provider in
the
Netherlands
Mobile wallet Customer portfolio
•  Payment to Merchant through remote payment channel
•  P2P (payer or payee initiated)
Full-authentication :
Ø  online banking, eWallet service, 3D-Secure payment
Ø  Multi-device (smartphone, PC, tablet) and multi-OS integration
Ø Wallet strong authentication validation
Multi-device (smartphone, PC, tablet) and multiOS integration
Ø Wallet strong authentication validation
Multi-device (smartphone, PC, tablet) and multiOS integration
| 05/13/2014 | Francois Oudot
4
GBU | Division | Department
Digital identity currently
| 05/13/2014 | Francois Oudot
5
GBU | Division | Department
Digital identity in mobile wallet –
Privacy by design
| 05/13/2014 | Francois Oudot
6
GBU | Division | Department
The Challenge of privacy
« The right to move freely »
2012 - MOBIB Card awarded
2012 - SNCB Gate : 1.400.000 client data leaked
vs
| 05/13/2014 | Francois Oudot
7
GBU | Division | Department
What is the Lyrics project?
Consortium
Major players
SMEs
Academics
| 05/13/2014 | Francois Oudot
GBU | Division | Department
Ambition
Create and
promote a Privacy
preserving
architecture for
contactless mobile
services
Sponsoring
Our vision for digital identity
Digital identity = user centric + privacy by design
Personal data
store
Seamless
authentication
Trusted
authentication
| 05/13/2014 | Francois Oudot
9
GBU | Division | Department
1 - Our current authentication method
2 factors method :
“Something you know” : M-PIN
•  Stored on the authentication server,
•  Dynamic Virtual Keyboard
“Something you have”: Soft Secure Element
•  Use of a software crypto-engine core element,
•  Protection of the SSE thanks to a unique “Tamper Resistance” component
| 05/13/2014 | Francois Oudot
GBU | Division | Department
1 - Our current authentication solution
Computer
SEA platform
Application
Mobile wallet…
HSM
SSE* generator
Mobile
SDK interface
Crypto
Engine
SEA server
SSE
Tamper Resistant
Interface /
secured channel
SEA client
repository
* Soft Secure Element
11 | 05/13/2014 | Francois Oudot
GBU | Division | Department
2 - Seamless authentication
Adapt level of authentication to risk of transaction
▶  By embedding a fraud detection engine on each device
▶  By combining devices and sensors to simplify user
experience
▶  Add TSM(1) and/or TEE(2) interface dialog
Key concept: The embedded fraud engine detects automatically
troubling contexts in the user behaviour and directly triggers
adaptive authentication
(1)  Trusted Service Manager
(2)  Trusted Executive Environment
12 | 05/13/2014 | Francois Oudot
GBU | Division | Department
2 – Authentication based on sensors
Goals
Associate devices in proximity of user
Propagate the trust or the risk
13 | 05/13/2014 | Francois Oudot
GBU | Division | Department
2 - Next generation of authentication
Strong mode for low level of trust
▶ log on
▶ consent
▶ enter PIN
Consent mode for medium level of trust
▶ unlock smartphone
▶ agree to transaction
TapTap mode for high level of trust
▶ tap tap
14 | 05/13/2014 | Francois Oudot
GBU | Division | Department
3 - Personal data store
Application
Mobile
wallet…
Object or
mobile/web
app
BLE, NFC, webservices
Personal
data store
on
st c
u
r
t
Trust authority
mobile wallet
HSM
SSE* generator
SEA server
15 | 05/13/2014 | Francois Oudot
GBU | Division | Department
l
tro
Trust authority
corporation
Thanks
Francois Oudot
Innovation manager
+1 510 283 1943
[email protected]
Worldline is a registered trademark of Atos Worldline SAS. June 2013
© 2013 Atos. Confidential information owned by Atos Worldline, to be
used by the recipient only. This document, or any part of it, may not
be reproduced, copied, circulated and/or distributed nor quoted
without prior written approval from Atos Worldline.
dd-mm-yyyy
SEA components
SEA components
Functional scope (generic)
APP Mobile
APP PC
SDK
SEA
SDK
SEA
Web
portal
Mobile
portal
SEA
authentication server
Home
banking
IVR
SEA
ACS
Cloud Wallet
ID user/device
SEA client
Front
Back
End
End
Logs & proofs
. . .
17 | 05/13/2014 | Francois Oudot
GBU | Division | Department
SEA
Support
Help
Desk
API

Download Report