Contactless Smart microSD Card · • Our product is a contactless smart microSD card (LGM Card) - a product for banks, transit providers, Government, service providers, wallet providers,

ContactlessSmartmicroSDCard

India

July2019

www.logomotion.eu

Introduction

2

• OurproductisacontactlesssmartmicroSDcard(LGMCard)- aproductforbanks,transitproviders,Government,serviceproviders,walletproviders,TSM

• OurproductisusedwhileinsertedinSDslotofamobilephone.Itenablestostoresensitivedataonasecurechipandtousethisdataformobilecontactlesspayments,transitaccess,inm-commerce,secureaccessandotheruse-cases

• Webelieveourpartnermayconsiderourproductmainlybecauseit:• haspotentialtosimplifyandsecurelymovecurrentfinancialservicesintomobilephones• addressescurrentlynot-addressedbase(not-connectedandfeaturephoneusers)• enablesseamlessandsecureauthenticationofthemobilephoneuser

• cansecurelystoreAadhaarorVirtualIDandthusenableKYCprocessinlinewithIndiaGovernmentrequirements

• canopennewbusinessstreams– inco-operationwithgovernment,transit,smartcities

• ImplementationofLGMCardenablestouseexistingcardissuanceprocesses,paymentsprocessingandmerchantacceptancenetworks

ProductLGMCard

33

• OurproductisastandardmicroSDmemorycardusedwhileinsertedinSDslotofuser’smobilephoneservinghimas:

• amemorycardwith4or16GB

• amultiplesmartcardandhardwaretoken- asithasembeddedoneortwosecurechips

• acontactlessenabler- asithasembeddedminiatureNFCantenna

• ItcanbeusedinsmartphoneswithOSAndroidandWindows,inJavadevicesandalsoinfeaturephones.AstheminiatureNFCantennaworksalsounderbatteriesandmetalbackcoverscustomerisnotlimitedbythephones’design

• Serviceprovider(SP)candecidetouseLGMCardforownservicesandwithinhisownpartnerships

• ThesecurechipsofLGMCardcanbepersonalizedviaastandardISO7816contactsplacedonthesurfaceoftheLGMCard.Thisenablestousecurrentpersonalizationmachines

Opportunities

4

• AddressnearlyallIndiacitizens,targetingalsonot-connectedandfeaturephoneusers-providingthemvarioussecureandsimplemobilesolutions

• Mirror(store)anyplasticcontactlesschipcardonthesecurechipoftheLGMCard-currently5-7cardscanbestoredononechipofLGMCard

• Storeclientcertificateforasimpleboth-sideauthentication(registrationandcheck-inprocesses)oftheuser- withoutenteringlogincredentialsorpassword

• EnabletolinkAadhaarnumberorVirtualIDoftheindividualuser(hisdevice)andsimplifyKYCprocess

• UsethesensitivedatastoredonsecurechipofLGMCardforcontactlessofflineandonlinemobilepayments,transitpaymentsandaccess,m-commerce,asmobileIDcard,foraccesstogovernmentalserversandmanyotheruse-cases

• Increasenumberofsecurem-commercepurchasesascustomerwillneednottoretypecardsdataonthephone’sscreenduringpayment

• Reusecurrentinfrastructuresforcardspersonalization,issuanceanddistributionandkeepcurrentrelationswithmerchantsandotherpaymentindustryplayers

• Remainafullcontrolofyourbrand,securedataandbigdata

• Beaheadofcompetition– providinghighlysecure,convenientandmulti-purposeservicesfromamobilephone

5

AddressinghugeBaseinIndia• Fromapproximately800millionphoneusersinIndia– approximately300millionsuse

smartphonesand500millionsusefeaturephones

• Globally82%ofallsmartphonesandnearly100%offeaturephoneshaveSDslot2.OurmicroSDcardsuitsbothsmartphonesandfeaturephones3

1) 2018,basedonIndianlocalvendorsinformation:67%=featurephones,34%=smartphones.2) BySDassociation2017andbySLCinternalinputsfromdiscussionswithIndianphonevendors3) videohttps://youtu.be/ybvlayTTxDc

6

AddressingUnaddressedmobileUsers• Fromapproximately800millionmobileusersinIndia– approximately100millionareactualmobile

Internetusers(usuallyalsosmartphoneusers)andthuspotentialusersformobilebanking/walletsandpaymentsthroughapps.Currentlyallprovidersfocusonthissegmentonly

• LGMCardcanservebothsmartphonesandnonsmartphonesanditenablescontactlessservicesalsofornot-connectedphones

• Forconnectedcustomers(100million)LGMCardcanextendsecurityofcurrentonlineservicesandenablecontactlessservices.Fornot-connectedcustomers(713million)LGMCardcanprovidecontactlessservices,e.g.entertransitgateorpayoncontactlessmerchant’sPOSbyatapofthephone

LGMCardcanserveallBasedonvariouspublicdata,2016-2018

AllSPfocushereonly

7

BankCardsstoredonLGMCard’sSecurechip(s)

• BankcanstoreanytypeofchipbankcardonSecureelement(SE)ofLGMCard,e.g.:• EMVCo– VISA,MasterCard,RuPay• Metroandothertransitcards• Pre-paid,loyalty,QRcardsetc.• Card(s)of3rd parties– employeecards

etc.

• Customerscanusethesecardsfromtheirmobilephones:• topurchasebyatapofthephoneatanymerchants’standardcontactlessPOS• toenterandpayforametrobyatapofthephone(usingEMVCocardorStoredvaluecard)• form-commerceusingbankcardwithoutaneedtoretypecarddataduringpayment• totop-uppre-paidcardsstoredonSEfromothercard– allfromasmartphone

• CardsstoredonLGMCardcanbepersonalizedinacontactwayorOvertheInternet(OTI)• TransactionscanbeprocessedviaexistinginfrastructureswithagreedInterchangefees(IF)

LGMCard(Gen1)canphysicallystore5-7cardsoneachSE

8

LGMCardfornotconnectedcustomers

• Notconnectedcustomersusuallydonotusesmartphones.UsuallybanksprovidemobileservicestothesecustomersusingSMSbanking- yetwithalimitednumberofservices

• LGMCardwilladdNFCcapabilityalsotobasicandfeaturephones.Bankcanoffernotconnectedcustomerscontactlesspurchasesandcontactlessmetroaccess- byatapoftheirphone

• SEofLGMCardcanstoreAadhaarnumberandthatcanbedisplayedonathephone’sscreenduringAadhaarbasedpurchases

• Tap&payfunctioncanbeintegratedinBank’smobileapplicationoritcanbeenabledfromthephone’smenu

• ConnectedcustomersusingBank’smobileapplicationcanbenefitinmoreareas– seenextslides

Tap&payoncontactlessPOSTap&goonmetroStoreAadhaaronSE

Tap&PayTap&Go

StoredCardStoredAadhaar

MobileTransit

9

• NCMCisEMVCotypeofplasticcontactlesschipcard(Q-Sparc,RuPay)thatstorescredentialsonSecurechipandthatcanbeusedalsoforcontactlessofflinetransactionsandtransitgatesaccessinIndiaSmartcities

• LGMCardisidealmobilealternativeforNCMCplasticcardsasit:• ContainsSE– soNCMCcardissecurelystored/personalizedonSEandprotectingpre-paidcredentials• ContainsNFCantennathatenablesaccesstometrogatesandtopayoncontactlessPOS• Enablescredentialsusagealsowhilethephoneisw/odataconnectivity(online&offlinetransactionson

POSortransportgate)• Doesnotchangeeco-systemusedforplasticversionofNCMC• SimilarusagetoplasticNCMC– simpletap(ofthephone)

• LGMCardcanalsostoreStoredValueCard(SVC)onitsSE• Manytop-upoptions,includingthatfromamobilephoneusingotherbankcard

storedonLGMCard.Transitoperatorcansavecostsfortop-upatkiosks

PlasticNCMC– canbemirroredonSEofmicroSDandusedviaNFCantennaofthemicroSDfromamobilephone

LGMCardusedinm-Commerce

10

WithLGMCardinsertedinamobilephonepaymentsinm-commercecanbeeasyandsecure

• PaymentwithabankcardthatisstoredonSEofLGMCard(astandardwayusingCVV/CVCcode)• Onsupportedpaymentgatespaymentcarddatacanbe

readfromtheSE,encryptedandsendtothemerchant–withoutaneedforcustomertoretypethisdataonmobilephone’sscreen

• Paymentfromabankaccount• Asaresultofboth-sideauthentication*– thecustomer

hasseamlessaccesstohisbankaccountwithoutenteringAccountnumber,CustomerID(CIF)orregisteredmobilenumber.NoneedtouseOTP

• Paymentfromawallet/usingtokens• Asaresultofboth-sideauthentication*– thecustomer

canuseasimpleMPINtoenterhiswalletapplicationanduseallcurrentservicesavailablefromMobileapplicationwithoutchanges

• Toraisethesecurity- cardsonfile(virtualcards)andtokenscanbestoredonSEofLGMCard

UseonlyMPINtoaccessMobile

application/Wallet

Noneedtoentercarddataduringpayment

Seamlessaccesstobankaccount

Raisedvolumesofm-commercepurchaseswithLGMCard

*Seedetailsofboth-sideauthenticationwithLGMCardonnextslides

11

StrongAuthenticationwithLGMCard

• SEofLGMCardcan:• Generateandstoredigitalcertificates(key,clientcertificate,ID,token,PKIcertificate)• Storebiometricsdataatclient’sside

• WithLGMCardtheserviceprovider(SP)canlaunchboth-sideauthenticationbasedonsecurekeysthataregenerated,encryptedandstoredinsideatamper-proofHWSEandtousethisSEalsotostorebiometricsdataatclient'sside(notserverside).Thishasmorebenefitsoverpassword/OTPmethods:• Highersecurity.Publickeyauthenticationprovidescryptographicstrengththatevenextremelylong

passwordscannotoffer1) andclientcertificatesneverleavetamper-proofHWSEthusofferingalayerofsecuritythatAPIkeyscannotprovide.Theprivatekeyoftheclientcertificateisusedtocreateadigitalsignatureineveryconnection,andsoevenifthecertificateissniffedmid-connection,newrequestscan’tbeinstantiatedwithit2)

• Highercomfort.Itfreestheusersfromrememberingcomplicatedpasswords(orworseyet,writingthemdown).Publickeyauthenticationalsoallowsautomated,passwordlesslogin1).

• Itallowsuserstoimplementsinglesign-onacrossthe serverstheyconnectto1)

• Publickeycryptographyisincluded• ServiceproviderhastosetupPKI(PublicKeyInfrastructure)enablingremotemanagement

OTI(OvertheInternet)

1) BySSH.com.https://www.ssh.com2) ByDaniGrant- IntroducingTLSwithclientauthentication,May2017

12

StrongAuthenticationBenefitsforusersandSP

• LGMCardstoringSP’skeyintheSEwillenableSPtocontrolattemptofanyuser(hisdevice)accessingSP’sdatabasewithanoptionforblockingaccess tonotauthorizedusers

• Itwillalsoenableseamlessprocessforcustomer– automated,passwordlessregistrationandloginandsinglesign-onacrossvariousSP’sservers/services

• Exampleofausecase:• CustomerwillenterMobileapplicationoftheparticularSPthatcanbeprotectedbyhispassword• TheMobileapplicationoftheSPwillreaddatafromtheSEofLGMCardviatheSP’sAPIandsendittoSP’sserver

toconfirmthatLGMCardwasissuedbytheSPtotheparticularcustomer• Tousetheservicecustomerwillonlyselecttheserviceonthedevicescreen.Thecustomerneedsnottoprovide

anyadditionaldata– e.g.passwordore-mailandnoneedforconfirmationSMSorOTP

• OncetheSEofLGMCardstoresindividualcustomer’ssensitivedata,e.g.biometrics,bankcarddataoratokentheSPwillneednottocollectdatabasesofsensitivedataordatabasespairingPINs,e-mailsandcustomeraccounts

• Thesecaneliminateriskofviolatingcustomer'saccountbycrackinghispasswordorsteelingdatabasescomprisingsensitivedata

PKI encrypted PKI

BothsideauthenticationRootoftrustbetweenmobiledeviceandserverEncryptionsecuresthelineofcommunication

LGMCardstoresprivate/publickeys&PKIcertificate

Remoteserverrecognizes

private/publickeys&PKIcertificate

13

MobileIDCard• OneSEofLGMCardcanstoreIDcard/Aadhaarincludingbiometrics.Thiswillenablecitizen

touseIDcardfromhismobilephone– securelyandunderfullcontrolofGovernment• IDcardcanbeissuedinthesamewaylikeplasticchipIDcards.Governmentcanpersonalize

securechipofLGMCardintheircurrentsecureinfrastructures.EachLGMCardcanbepersonalizedasIDcardforaparticularcustomer- undercontrolofGovernment

• Governmentcanofferverificationservices• VerifyeIDdatastoredonsecurechip(on-spotandremotely)• Identifyeachcustomer(hismobilephonedevice)whoisaccessinggovernmentalservers• Storeanduseelectronicsignaturefromamobiledevice• OfferGovernmentalverificationservicestocommercialentities

• Paymentsforgovernmentalservices - withbankcardstoredonSEofLGMCard• LGMCardcanaddsecuritytoGovernmentalCloudbasedsolutions

PicturesofaprototypesolutionusingLGMCard- developedforMinistryofInteriorofSlovakRepublic

AadhaarseedingwithLGMCard

14

• UsuallycustomercanlinkhisAadhaarnumbertohisexistingbankaccountorotherservicebyhimselfviamultiplechannelsincluding- InternetBankingormobileapps

• WithLGMCardcustomercaninputhisAadhaarnumberintoLGMCardbyhimselfviaexistingprocesseswhilesecurelystoringAadhaardataontheSEoftheLGMCard.Thiswillenable:• AadhaarseedingwithcustomerbankaccountorotherSPservice• UseAadhaarnumberorVirtualIDwithoutcollectingdatabasesofAadhaarbySP• SeamlessaccesstoAadhaarbasedSPservicesfromamobilephone

• CustomerswithnodataconnectivityusuallyusingbasicorfeaturephonescanbeservedatSPbranchesprovidingthemLGMCardandstoringAadhaarnumberandSPbankcardonSEattheSP’sbranch

• Not-connectedcustomerswhowillstoretheirAadhaarnumberontheSEofLGMCardcanusetheirmobilephonetodisplaytheAadhaarnumberonthescreenoftheirmobilephone– andshowitduringAadhaarbasedpaymentstoamerchant

15

SecureAccesswithLGMCard

• LGMCardcanbeusedbyemployeesasachipcontactlessemployeecardusedfrommobilephones• ToaccessemployeepremisesequippedwithNFCreaders• ToaccessemployeeIntranetandbanksystems

• TheemployeewilltaphismobilephonetoenterthedoorwhilethisfunctioncanbeintegratedinMobileapplicationoritcanbeenabledasashortcutfromthephone’smenu

• SEofLGMCardcangenerateOTPthattheemployeewillhavetoenterintohiscompany’sPCtobeabletologintoIntranetandbanksystems

PKI

encrypted

PKI

BothsideauthenticationRootoftrustbetweenmobiledeviceandserverEncryptionsecuresthelineofcommunication

SEofLGMCardstoresemployeedata

Privatekey&PKIcertificate

EmployerpersonalizesLGMCardasemployeecard.Employer’sserverknowsprivate/publickeys&PKI

certificate

16

MerchantAppwithLGMCard

• MerchantAppisusuallyacashlesspaymentsolutionenablingmerchanttoacceptpaymentsforgoods/servicesusingvariouspaymentoptions,forexample:• Transactionsinitiatedbycustomeri.e.scanningaQRcodeandmaking

paymentsinapushtransactionmode• Transactionsinitiatedbymerchanti.e.acceptingpaymentsfromthe

customerviaAccountNumber+OTP,scanningcustomerQRcard+OTP,AadhaarNumber+OTP

• LGMCardcanbeusedasMerchantcardforthemerchant’sauthentication.SEcanstoredigitalcertificateofapprovedmerchantandenablehimseamlessauthenticationintoAcquiringbanksystemsandsimpleaccesstohismerchantbankaccount

• LGMCard(insertedinsideacustomersmartphone)canalsostoreMerchantLoyaltycardincludingloyaltypointsandfinancialcredential– securelyonSEandthatcanbeusedduringpurchaseswithregisteredmerchants

MobileWalletwithLGMCard

17

• MobileWalletisusuallyapre-paidwalletorvirtualcardwallet(openorclosedloop)andthatenablesmanyuse-cases

• WithLGMCardinhisphoneMobileWalletusercanbenefitfrom:• MakeSignUpandSignInprocessessimple,secureandunified(sameaccesstoanySP

onlineservice)• Simplifiedtop-upoptionsinbuiltintheMobileWalletapp:

• frombankaccount– duetoseamlessaccesstoSP’sInternetBankingwithoutenteringInternetBankinglogincredentials

• fromdebitcard(storedonSEofLGMCard)– duetononeedtoretypecarddataduringrecharge

• UseMobileWalletalsoforcontactlessretailpurchases

LGMCardcanbeadifferentiator-enablingSPcustomersmoreconvenience&security

• Simplifym-commercewithvirtualcard(storedontheSEofLGMCard)• StoringVirtualcarddata(numberandCVV)onSE

enablesm-purchaseswithoutaneedtoretypecarddataonsupportedpaymentgates

• SPwillneednottomanageSPdatabaseofanysensitivecustomersdata

18

Back-upSlides

BasictechnicalFeatures

• AstandardmicroSDmemorycardwith4GBor16GBflashmemory

• OneortwoSecureelements(SE)• EmbeddedminiatureNFCantenna(patented)andthat

worksalsounderbatteriesandmetalbackcovers• ISO7816contactsonthesurfaceenablingcontact

personalizationoftheSE(s)• SupportforOSAndroid,JavaME,WindowsMobile• Gen2oftheproductsupportsalsofeaturephones• CertifiedbyasRuPay dualinterfacecard,in

July2019

19

Form Factor SDHC microSD card, Speed Class 10 (UHS-I)

Flash Memory 4GB (pilots), 16 GB (stock), 8GB or 16GB mass produced

Gen1– Securechips SE#1:NXPJ5C145,JCOP2.4.2R1,145KBEEPROM,MIFAREFleX®(4K)SE#2:NXPJ5D081,JCOP2.4.2R2,80KBEEPROM,MIFARE®DESFire®EV18K

Gen2– Securechip SE#1:e.g.IDEMIA,Pearlv5(availabilitybasedonbindingPO)

NFC Antenna ISO 14443A, ISO 18092, Compliant with MIFARE®

Interfaces Standard microSD interface, ISO 14443A, ISO 7816

20

• LGMCardhaspatenteddesignofISO7816contactsplacedonitssurface• Personalizationcanbedoneoptionallyas

• Contactpersonalization(microSDcardisembeddedonID-1plasticcarrier)• OnDatacardmachines• OnacontactreaderconnectedtoPC(forinstantissuing)

• OTIpersonalization(microSDisinsertedinamobilephone)• UsingTSM

• Contactlesspersonalization(microSDisinsertedinamobilephone)• UsingcontactlessreaderconnectedtoPC(forinstantissuing)

• ContactpersonalizationaccordingtoEMVCospecification• UsesISO7816contactsplacedonthe

surfaceoftheLGMCardcard(markedinagreenoval)

• Doesnotusethe8-pinnormalmicroSDcardcontactsthatconnectthemicroSDcardtoamobilephone(marketinredoval)

PersonalizationOptions

StandardID-1sizeplasticcarrier

ContactpersonalizationcanbeaconditionforSECUREloadingofsensitivedataontheSE,forexampleIDcardorAADHAARnumber

PersonalizationExamples

21

• LGMCardenablesvariousformsofpersonalization:• ContactpersonalizationusingstandardISO7816contacts;using:

1. standardpersonalizationmachines(e.g.Datacard)– videoavailableathttps://www.youtube.com/watch?v=79cvXtx2uvc

2. standardcontactreaderconnectedtoPC• Contactlesspersonalization using:

3.standardcontactlessreaderconnectedtoPCandwhilethemicroSDcardisplacedinsideamobilephone’ssdslot

1. 3.

2.

22

LGMCardActivation- Example

1. 2. 3.

LGMCardiscustomer’sdevice.WeprovideSecKeysandAPItotheIssuer/SP1. IssuerpersonalizesmicroSDcard’ssmartchipanddistributesmicroSDcardstocardholdersinplasticcarrierinthesamewaylikecurrentbankcards

2. UsertakesmicroSDcardoutoftheplasticcarrierandinsertsitintohisphone

3. UserdownloadsUserinterfaceapplication(UIA)overtheair.[Hecanbenavigatedforcardpersonalizationandactivation].Nowheisreadytousehisphoneforvariousservicessupported

4. Usercanadd3rd partyservicesgradually,astheyareavailable.Userwilldownload3rd partyapplicationintohismobilephoneandactivatetheservicebyatapto3rd partycontactlessacceptancedeviceorOver-the-Internet(OTI)usingTSMservices

123456789876

23

BasicIntegrationRequirements• LGMCardrequiresbasicintegrationwithCardmanagementsystem(CMS)and

developmentorupdateofcurrentMobileapplicationbyaddingoptions:• UsingmicroSDcard• Interfacefortap&pay/tap&gouse-cases• Interfaceform-commercepayments• Top-up

• Optionalcanbeasupportforunifiedverification/authentication/authorizationprocessesforvariousservices(PKI,Clientscertificates)

• Forseamlesspurchasesinm-commerceusingbankcardortokenstoredonSE– theonlinemerchantsorpaymentgatewayhavetosupportsuchpaymentswithLGMCard

• Nochangesarerequired:• OncontactlessPOSmachinesandPOSacceptancenetworkthatcurrentlyacceptc’lesschipbank

cards• Forpersonalisationmachines(e.g.DataCard)andincontactEMVCopersonalisationprocesses

• SPcanoptionallydevelopandofferAPIto3rd partiestointegratetheirservices

• SPcanpotentiallybecomeTSM

OTI&TSM- ExampleusedforLGMCardlife-cyclemanagement

• Overtheinternet(OTI)systemsenablesremotelife-cyclemanagementofLGMCardwithhugeflexibilityofaddingnewapplicationsandservingmanypartneringsolutions

• InthecasethatSEisusedtostoreEMVCotypeofbankcardsaTSMsystemhastobedeployed

24

SecurechanneliscreatedbetweenOTI/TSMsystemsandtheSecureelementsofLGMCard

TSM APILGM Card API

25

BenefitsforBanks• IssuingbankcanpersonalizesecurechipofLGMCardasanormalEMVbankcard.All

transactionsprocessedthroughtheexistingpaymentindustryinfrastructureandstandardinterchangefeeswillapplyinawiderangeofcard-presenttransactions,including:• ContactlesspaymentsonastandardcontactlessPOS• Card-basedinternetpayments(usingCVC,CVVcode)

• RevenuestreamsthatmaycoverthecostsofissuingcontactlesssmartmicroSD:• Typicalrevenuederivedfromservingasadepositaccount• InterchangefeesandIFrevenuecanbeusedtobuildacash-backvaluepropositiontothecustomer

- drivingsales• Increasedusageofbankcards(No.oftransactions)oncontactlessPOS– usingmobilephone

typicallyformicropurchases• Onlinepaymentscenarioswhereitcanbeusedforcard-presenttransactionsandfor3Dsecure

usinghttp(s)asanalternativetopotentiallycostlySMS

• SecureaccesstoDirectbankingservices• Internetbanking.LGMCardcangenerateOne–timepassword(OTP)anddisplayitonmobile

phonescreen.Client rewritesOTPvaluemanually

• Mobilebanking.LGMCardcanbeusedasasecurestorageofclients’certificates andenableautomate,passwordlessaccesstoMobilebanking

26

BenefitsforTokenSolutions

• AlthoughtokensbroughthighsecuritytoHCEtheSEofLGMCardcanaddsignificantvalue

• TokensandVaultserversaregreattargetforhackersas:

• tokensinmostofcurrentHCEsolutionsaredeliveredtothemobilephoneandprotectedonlybyasoftware(tokensarestoredinpartofmobilephone’scommonmemory– TrustedExecutionEnvironment,TEE).TEEsecurityhastobeproven

• togetthetokensitisnecessarytoconnecttoVaultserver.Usingtheapplicationistheweakestlinkthatcontainstheinformationtoauthenticatetotheback-endandtoaccesstolocaltokens

• Vaultserversstorehugeamountofdatathatcanbestolen.Ifbankcardsdata/tokensarestoredonSEofindividualusers– nocentraldatabasewillhavetobecreated

• LGMCardcanbevaluableforHCEandtokenizationasit:

• Providenon-repudiationandprotectionforidentitytheftandtokens(Storeclientcertificate&tokensonSE)

• Provideahardwarerootoftrustthatcouldbepreconfiguredfortheservice• EnsurestrongauthenticationtotheHCEserver,forexamplebyusingPKIandmulti-factor

authentication.Controlledaccesscanraiseprotectionagainststolendatabasesofpasswordsfromserversandeliminatingriskofviolatingacustomer'saccount

• Ensureagreatuserexperience

ControlsensitiveandbigData

27

• IncurrentmobilesolutionsCardmanagerCMkeys(enablingaccesstoSE)arenotprovidedtotheServiceProvider.InApplePayandSamsungPay–phonevendorshavecontrolofSE.TEE(TrustedExecutionEnvironment)isusedbythedevicevendortoinstallhis“networkaccessing”securekeymanagementandotherOSrelatedsecurity

• UsingLGMCardtheServiceproviderhasfullcontrolofthehardwareSEandNFCantennacapability.Cardmanager(CM)KeysenableshimtocontrolSEandto:

• StorePrivate/PublickeysinSE• StorePKIcertificateissuedbyselectedCA(CertificateAuthority)inSE• Verify/authenticate/authorizetheuserbeforeallowinghimforparticular

mobileservice• LoadsensitivedataintotheSE- alsointhemostsecure,contactway• Collectdataaboutcustomersshoppinghabits

InlinewithsecurityStandards

28

• EMVchiptechnologyusedinasecureinfrastructurecansignificantlyreducefraud.EMVsystemhasprovedtobehighlyeffective

• Sincesoftware/cloudhascertainsecurityrisks,movingtheSEintohardwareprovidesmoresecurity

• InHCE(Hostcardemulation)mobilepaymentscarddataareplacedinthecloudandHCEisanenablerthatmakesitpossibleforapplicationresidinginamobiledevicetoworkincard-emulationmode.TokenizationaddssecuritytoHCE;butHCEandTEEsecurityhastobeproven

• LGMCardhasembeddedoneortwoSecurechipsthatmeetsGlobalPlatform(GP)specifications.PresenceofHWSecurechipenablesthestrongestHWauthentication1for• PhysicalstorageoffullcarddataonSecureelement• StorageofClientscertificatesenablingmoresecureaccesstoGovernmentalCloud,

HCEorwalletserversandtostoretokens

• LGMCardisinlinewithGovernmentofIndia– UseofAadhaare-KYCserviceofUIDAI2)

1) InlinewithPCIDSSRequirement8.3,February2017andGov.ofIndia,MinistryofElectronics&InformationTechnology,ORDERNo2(94)/2017– Cert-In-Pt.I,date:12.08.2017

2) GovernmentofIndiaMinistryofCommunicationsDepartmentofTelecommunications,FileNo.:800-29/2010-VAS(Vol.1),dated12thJune,2018