Mob Banking Product

Mobile BankingProduct Overview

f i n a n c i a l s e r v i c e s & r e

t a i l e n t e r p r i s e

i n t e r n e t c o n t e n t p r o v i d

e r s p u b l i c s e c t o r

t e l e c o m m u n i c at i o n s > P R o D u c t

t r a n s p o r t

3 Mobile Banking Overview

IntroductionMob i l e phones have be co me an integral part of the 21st century landscape with an expe cted penetrati o n of 4.5 bi l l i on by 2011. Whi le North Ameri c a and Europe have the highest penetration rates, rea ch i ng100% in many Western countries, South Ameri ca a nd Asia represent the fastest growing mob i l e markets.

In deve lop ing countries, the role of the mob i l e phone is more extensive than in deve loped countries, as it helps bridge the d ig ita l divide. Even with in itiatives like the OLPC, the penetration of the PC lags far behind that of the mob i l e phone.

T he mob i l e phone is the one devi ce that people already carry at a l l ti m es, and services beyond voi c e and text messaging are boom i ng a l l over the g lobe . Users want the same kind of services for the ir mobi l e phone that they can get through an Internet-conne cted PC. But cost is an i mportant fa ctor, as new services wil l be widely adopted, but pri c ing must be careful ly considered, sin ce Internet users have co m e to view the service as free.

Peop le l iv ing in e merg ing markets or remote reg ion s of Afri ca, South Ameri ca and Asia who don’t have a bank ac c ount or a co m puter sti l l often own a mob i l e phone, whi ch can provide them with a c c ess to basic finan c i a l servi ces. Mob i l e phones represent a cost-effe ctive solution for users, finan c ia l institutions and operators, al lowing them to bridge the dig ita l d ivi de in p la c es where traditiona l banking and Internet services are too expensive or simp ly nonexistent.

Easy ac c ess to finan c i a l services is wide ly a c c epte d as a good th ing: users have a c c ess to cred it and c an securely manage their money, finan c i a l institutions expand their user base and process more transactio ns, and governments benefit from the effe ct credit has on lower-in co me sectors of the population and c a n better track funds distribution with in their country.

Ubiqu itous and versati le, wireless devi ces can give users easy, 24/7, a c c ess to finan c i a l servi ces bringi n g the next market revolution - mob i l e banking, mob i l e payment, mob i le wa l let, mob i l e money transfer an d other finan c i a l services - to users everywhere. Indeed, whi l e the rate of Internet banking user growth has stabi l ized, mob i l e banking is spiking and market analyses say that more than 800 m i l l i on people wi l l use the service by 2011.

T he dramati c in crease in mob i le phone usage has been fo l lowed by an in crease in mob i l e fraud, and although eager to use mob i le finan c i a l services, many subscribers are con c erned about the security aspe ct when carrying out finan c i a l transactions over the mob i l e network. In fa ct, la ck of security is seen as the biggest deterrent to the widespread adoption of mobi l e finan c i a l servi ces. Internet transactions suffer from the same prob le m, as do trad itiona l payment transactions… fraud prevention has be co me a pressing need a cross al l modes of finan c i a l transactions.

Ge ma lto has responded to these needs by deve lo ping the most secure Mob i l e Banking solution on the market. It provides a co mprehensive set of finan c i al servi ces: alongside fu l l mob i l e banking and security features, Ge ma lto Mob i le Banking offers a wide range of payment options such as prepa id airti m e purchase, b i l l payment, credit advan ce and others. Wireless operators and finan c i a l institutions can now offer their customers the freedom to manage their finan c es whenever and wherever they want, without being c on c erned about security and confidentia l ity issues.

Ge ma lto Mob i l e Banking is designed to integrate easily with the existing mob i le network and bankin g infrastructure whi l e open ing up new business opportun ities for mob i le operators and finan c i a l institutio ns, and provid ing a foundation for new cost-effe ctive servi ces and revenue opportun ities.


PART 1 PRODUCT DESCRIPTION................................................................ .5

T he Gema lto Offer .............................................................................................................................. 5Comprehensive ............................................................................................................................ 4Secure ........................................................................................................................................... 4Customizable ................................................................................................................................ 4

Mob i l e User Experien ce ..................................................................................................................... 7Service Overview.......................................................................................................................... 4Service Features .......................................................................................................................... 4

Benefits.................................................................................................................................................. 8Benefits for Mobile Operators ...................................................................................................... 4Benefits for Financial Institutions ................................................................................................ 4Benefits for the End User............................................................................................................. 4

PART 2 TECHNICAL DESCRIPTION ............................................................10

High-leve l Arch ite c ture .....................................................................................................................10Mobile Banking Components....................................................................................................... 4Interfaces and Protocols .............................................................................................................. 4Network Configuration.................................................................................................................. 4Scalability ...................................................................................................................................... 4

End-to-end Se curity ..........................................................................................................................13Security and Confidentiality of Information ................................................................................. 4Strong 2-factor Authentication ..................................................................................................... 4Data Integrity ................................................................................................................................ 4Non-repudiation ............................................................................................................................ 4Cryptographic Operations ............................................................................................................ 4

Transaction Flow ...............................................................................................................................15

Operation and Ma i ntenan ce ...........................................................................................................15Mobile Account Management ...................................................................................................... 4Storage of User Information ........................................................................................................ 4

Operating System Requirements.....................................................................................................16

Assoc iated Te c hno l og ies ................................................................................................................... 4

Acronyms.............................................................................................................................................17


Part 1 Product Description

Ge ma lto, a world leader in dig ita l security, does not co m pro m ise security for conven ien ce; we offer both . Our Mob i le Banking solution provides a fu l l range of secure and easy-to-use banking and payment opti ons avai l ab le d ire ctly from a mob i l e phone.

The Gemalto OfferT he Ge ma lto Mob i l e Banking offer is a co m p lete finan c i a l services solution for mobi l e operators and finan c i a l institutions. It in c l udes a secure SIM appl et and a d istributed transactiona l platform that provid e secure a c c ess from a mob i l e phone to mob i l e banking, mob i le payment and mob i l e money transfer services.

T he Se cure App let is pre-instal led on the SIM c ard, readi ly ava i lab l e to the end-user. Th is apple t handles:

• Displaying appropriate menus processing user responses• Sending and receiving transaction messages• Encrypting and decrypting sensitive information• Managing transaction security and confidentiality.

Figure 1: Mobile Banking Overview

T he Distributed Transaction Platform deployed both at the mob i le operator’s site and at the finan c i a l institution securely manages finan c ia l operations carried out between the mob i le user and the bank, over the wire less network.


Spe c ifi c a l ly, this platform:

• Maintains communication between the SIM card and the financial institution• Routes mobile banking messages• Manages mobile banking sessions• Securely handles sensitive information• Ensures the confidentiality and security of mobile transactions• Manages user information• Authenticates users.

Ge ma lto offers a custom izab le, end-to-end, co mprehensive and secure Mob i le Banking solution with the lowest entry barriers.

Low entry barriersGe ma lto te chno logy does not rely on data co m mun i c ations, whi ch are both expensive for users and c o mp l i c ated to configure properly, nor does it requi re any instal l ation or configuration steps on the part of the end user. The mob i l e banking solution already resides on the user’s mob i le phone, as an applet on the SIM c ard, and therefore users do not need to download or instal l anything.

Comprehensi v eAlongside ful l mob i l e banking and security features, Gema lto Mob i l e Banking offers a wide range of payment options such as prepa id a irtime purchase, bill payment, and credit l ine authorizations.

SecureT he end-to-end security of Mob i le Banking is ensured by Ge ma lto’s state-of-the-art secure te chno l o gy featuring:

• A tamper-resistant SIM card

• OS logical security protecting the SIM from unauthorized operations

• A tamper-resistant cryptographic module

• Gemalto’s firmware for secure transactions

• Adherence to financial and security industry standards and best practices.

With Gemalto’s secure platforms, sensitive information is ciphered at the SIM level for secure transfer over the GSM network using the highest existing security standards, and the cryptographic operations are carried out using the most fraud-resistant hardware solution (FIPS.

Mob i l e Banking security features in c lude strong two-fa ctor authenti c ation, non-repudiation, data c onfidentia l ity and data integrity.

CustomizableGe ma lto’s produ ct is custom izab le, al l owing finan c i a l institutions and mob i le operators to offer brande d services ta i lored to customers’ requ ire ments and needs.

• Does your bank require an additional security code for certain financial transactions or wish to restrict fund transfer to local accounts?

• Do you want mobile banking to integrate seamlessly with the other services you are offering?

• Do you want to offer a new service through the Mobile Banking channel?

Our experts wil l work with you in order to ta i lor a Mo bi l e Banking solution that corresponds to your needs.


Mobile User ExperienceGe ma lto Mob i l e Banking provides mobi l e users with easy and secure a c c ess to finan c i a l operations fro m the ir mob i l e phones 24 hours a day, 7 days a week.

Ser vice O v er v ie w Whether they need to pay a bi l l wh i le away from home,

to c he ck the ir a c c ount ba lan c e at the supermarket, to transfer funds on the way to the a irport, to recharge their prepai d mob i l e subscription a c c ount before going to the bea ch or to obta in cred it onl i ne for that new TV, mob i le users can pi ck up the phone and carry out the desired transaction by hitting a few keys.

T hey simp ly need to browse user-friend ly menus and respond to service prompts. The information they need to enter has been scaled down to a m in i m u m, in order to simp l i fy the use of the appl i c ation. Th is information ma in ly consists of the ir PIN and the amount of money invo lved in the transa ction.

A message sum marizing the user’s request is then sent to the sele cted finan c i a l institution, where the request is processed. T he result is displayed on the user’s mob i le screen withi n seconds.

Ser vice Features

With Ge ma lto Mob i l e Banking mob i l e users can perform the fo l lowing banking operations:

• Subscribe to the mobile banking service at their financial institution, and cancel their subscription at any time

• Add or remove a bank account from a list of available accounts managed through mobile banking

• Simulate transactions in order to try the system

• Verify the balance of their bank accounts

• View the most recent transactions on their bank accounts

• accounts managed through mobile banking

• Apply for and pay off a credit line

• Check the amount of credit available on their credit cards

• Obtain cash advances on their credit cards

• Check the balance of their credit card accounts

• Pay their credit card account

• Recharge their pre-paid mobile accounts

• Pay utility bills, such as electricity, Internet and mobile subscriptions, or any other bill that can be registered with the financial institution

• Pay other services through reference numbers found on the bills.

• Add or remove a credit card account form the list of available Transfer funds between different accounts

• Transfer funds between different accounts including to another customer’s account, or an account in a different bank

• Mobile Wallet (stored value account)

BenefitsMob i l e phone operators and finan c i a l institutions wil l benefit from using Gema lto Mob i l e Banking to offer mob i l e finan c i a l servi ces to their customers, whether they operate in saturated markets where co m petiti on is tight and service differentiation is key to attra ctin g and retain i ng customers, or in remote areas in need of cost-effe ctive finan c i a l servi ces.

Benefits for Mobile OperatorsWith Mob i l e Banking, operators can expand the ir services portfol i o, promote the ir brands and create strateg i c m arketing d ifferentiation - attracting new c ustomers.

Subscribers who use mob i l e finan c i a l services beg i n to rely on them, making them a d ifferentiating fa c tor for the operator. As a result, Mob i l e Banking strengthens customer loya lty and redu ces churn and attriti o n rates.

Mob i l e Banking in creases operator revenue by boosting traffi c and provid ing subscribers with instant a c c ess to a irti m e purchase: with finan c i a l servi ces at the ir fingertips, mob i le users wil l recharge the ir pre- paid a c c ounts more readi ly and use the ir mob i l e ph ones to pay b i l ls or che ck their a c c ount ba lan c e.

T hanks to the ubiqu ity and high penetration of the mob i l e devi c e, mob i le operators are un iqu ely positioned to p lay an i mportant role in the expanding mob i l e money transfer and mob i le payments markets.

Benefits for Financial InstitutionsMob i l e Banking a l lows finan c i a l institutions to enhan ce customer satisfaction and retention by offerin g new, better services whi le ga in ing a dire ct marketi ng channe l for the ir produ cts and services, whi c h c an be ta i lored to the spec ifi c needs of customers. At the same ti m e, they attra ct new customers to the one- on-one bank-customer relationship.

As ac c ess to mob i le phones grows worldwide, so does the opportun ity to attra ct more customers an d extend the rea ch of finan c i a l services. By turnin g mob i le phones into their bank’s AT Ms, finan c i a l institutions ga in a c c ess to new markets, different from those trad itiona l ly served by the ir physic a l bran ches.

Ac c ess to banking servi ces at anyti m e and from anywhere a lso generates revenue through h igher servic e usage, and redu ces operating expenses be cause of fewer d ire ct te l ler interactions, whi le ma inta in i ng or i m proving the level of service.

Finan c i a l institutions ga in another i mportant benefi t by adding Mob i l e Banking to their existing channe ls. T hey wil l be with their customers at al l ti mes, ready to he lp them, to recharge a pre-paid mob i l e phone on a Saturday n ight, to get a new MP3 player via onl i ne credit funds, to pay a forgotten bi l l after leavi n g for a va cation, to transfer money to a spouse when at work - the bank is everywhere, a l l the ti me.

.

Benefits for the End User

T he mob i l e banking app l i c ation:

• Provides state of the art security

• Requires no configuration

• Is readily available

• Is low cost (no data connection) it’s resides on the SIM, the browsing is local.

• Is device independent, supported on ALL phones from low to high-end

Part 2 Technical Description

In designing and deve lop ing Mob i l e Banking, Gema lto has leveraged its experien ce in dig ita l security and its knowledge of finan c i a l, co m m erc ia l and tele c o m m un i c ations dig ita l environments to create a solution that co m b ines ease of use, effi c i en cy, and security. Gema lto has used open GUIs and fol l o wed estab l ished industry standards and pra cti c es to fa c i l itate integration and counter fraud. Gema lto Mob i l e Banking is a secure and flexib l e solution.

High-level Architecture

Mobile Banking ComponentsGe ma lto Mob i l e Banking is enab led in the mob i l e phone through a secure applet lo c ated in the end- user’s SIM card. Se cure transfers over the wirele ss network and finan c i a l transaction processing are managed by the SIM card and a d istributed p latform, dep loyed at the mob i l e operator’s site and at the finan c i a l institution. The platform in c l udes the fol l o wing co m ponents: the Business Med iation Server, th e Bank Se cure Platform and the Host Se curity Modu l e. Add itiona l ly, an adaptor may be required to enabl e c o m m un i c ation over non-standard interfa ces to bank systems.

Figure 2: Mobile Banking Architecture

Se cure SIM card App let The SIM card in c l udes an applet with an intuitive GUI and security features that ensure the same level of security and confidentia l i ty as if the operations were performed at the bank. Th e applet:

• Formats and displays mobile banking menus and data

• Prompts the user for information and collects user input

• Generates transaction keys, ciphers sensitive information and signs data to be sent

• Provides the means for key management

• Sends banking requests using SMS messages.

Business Mediation Server (BMS) On the operator’s side, the BMS ensures com m un i c ation betwee n mob i l e subscribers and finan c i a l institutions, and routes mobi le banking transactions exchanged betwee n the SIM c ard in the mob i l e user’s phone and the BSP at the user’s bank. The BMS:

• Receives subscribers’ mobile banking requests, interprets them, formats and forward the requests to the subscribers’ bank for processing

• Maintains the status of the requests

• Logs transaction results for auditing and billing purposes

• Receives the bank’s responses and sends them to the SIM, via LinqUs OSG

• Maintains the list of financial institutions available on that operator’s services.

Bank Se cure Platform (BSP) On the finan c i a l institution side, the BSP hand les transactions betwee n mob i l e users and the bank’s systems. More spe c ifi c a l ly, the BSP:

• Facilitates communication between bank systems and end-users

• Hosts response templates (pages)

• Authenticates mobile customers

• Maintains connectivity between the wireless telecom world and the banking environment

• Ensures that financial transactions and customer data are secure, using the services of the HostSecurity Module,

Host Se curity Module (HSM) The HSM, a ta mper-proof hardware co m ponent, provides state-of-the-art cryptograph i c fun ctions to the BSP. Upon rece ivi ng a request from the BSP, it performs cryptographi c operations, generating transaction keys, en crypting and de crypting sensitive information. The HSM a l so manages the cryptograph i c keys used to secure mobi l e finan c i a l transactions. The HSM is further enhan ced with the Mob i l e Sh ie ld firmware for secure business transactions.

Adaptor The Adaptor, requ ired only when non-standard interfa ces to the bank systems are used, is a c ustom izable modu l e that translates messages to and from the format used by the bank’s ba ck-end. T h e Adaptor seam lessly insulates the BSP from the spec ifi cs of the bank systems’ interfa ces.

Several operator-owned modu les also parti c i pate in de l ivering the Mob i l e Banking fun ctiona l i ties:

• LinqUs Onl ine Servi ce Gateway (OSG) helps operators to offer SIM card-based services to their subscribers by connecting them to remote content in a session mode. In the context of mobile banking, OSG relays mobile banking messages between the mobile phone and the BMS and translates them from SMS to HTTP format.

• LinqUs Over-The-Air (OTA) Manager is an optional component that offers operators the convenience of remotely provisioning and managing SIM cards.

• A Short Message Servi ce Center (SMSC), a standard GSM network element, delivers SMSmessages.

Interfaces and ProtocolsMob i l e Banking co m ponents use standard proto c ols and interfa ces to exchange information and to c o m m un i c ate with other network ele ments and bank systems, thus fac i l itating the integration of Mobi l e Banking into the existing infrastructure.

A high-leve l view of the proto co ls used to exchange messages between d ifferent mob i l e banking, operator and bank co mponents to process a request is as fo l l ows:

• The SIM card sends Mobile Banking requests using SMS ( S @ T protocol) messages.

• OSG translates these messages into HTTP requests before sending them to the BMS.

• The BMS forwards the HTTP requests to the BSP of the selected bank.

• The BSP interacts with the HSM for the cryptographic operations.

• The BSP communicates with the bank’s systems, possibly through an adaptor, using a series of web services.

• The bank system (or adaptor) responds.

• BSP ciphers the necessary information (using the HSM) before proceeding.

• The BSP forwards and formats the response and then sends it to the BMS

• The BMS sends the response to the OSG.

• OSG compiles the response and sends it to the SIM using the SMS channel.

Network ConfigurationWith Gema lto Mob i l e Banking, an operator can provide the servi ce to subscribers that have bank a c c ounts with d ifferent finan c i a l institutions. A bank can also choose to work with several operators, to provide mob i l e banking services to its customers, independently of their mob i le servi ce provider. It is al so possible for several banks with l i ght mob i l e banking traffi c to share a Bank Se cure Platform.

Figure 3: Network Configuration

ScalabilityMob i l e Banking is sca lab le through hardware c l ustering. To in crease throughput, both BMS and BSP c a n (independently) be instal led in c l usters with a c l u stering engine d istributing the traffi c among severa l servers.

mailto:S@T

End-to-end SecuritySin c e mob i l e banking transactions can be in itiated from al m ost anywhere and transaction detai ls are transmitted over unprote cted networks, security poses the biggest cha l l enge in deve lop ing a suc cessfu l solution and is l ikely to be a make-it-or-break-it fa cto r for mob i l e banking.

Ge ma lto takes security issues and con c erns seriously. As long-ti me leader in d ig ita l security, Gema lto uses the state-of-the-art security te chno logy to secure mo bi l e app l i c ations.

T he Mob i le Banking solution addresses the requ ire ments of data confidentia l ity, strong user authenti c ation, data integrity as wel l as non-repud i ation, and conforms to relevant standards (such as PCI DSS) establ ished by finan c i a l organ izations and government bodies to prevent fraud and other security threats.

Security and Confidentiality of InformationT he Mob i l e Banking solution provides end-to-end security and confidentia l ity of data by c ipherin g information in the SIM for secure transfer over the mob i l e phone, the GSM network, the operator’s infrastructure and the conne c tion to the finan c i a l institution. The information entered by the user is c o l l e cted and en crypted by the app let resid ing in the tamper-proof SIM c ard.

Figure 4: Secure Data Transfer

For the h ighest leve l of security, sensitive data, such as PIN and transaction deta i ls are never stored in th e SIM card or the p latform. Al l customer and finan c ia l information is kept exc lusively at the bank, whi c h also has the sole contro l over the cryptographi c keys used to secure finan c i a l transactions.

Strong 2-factor AuthenticationBank customers must be sure that no one can ma ke transactions on the ir behalf, and banks must be ab le to verify that customers are indeed who they c l a i m to be. Ge ma lto responds to th is requ irement with strong two- fa ctor authenti c ation.

With Mobile Banking:Users are requ ired to identify the mselves to the bank with a Mob i l e BankingPIN that prote cts ac c ess to finan c i a l information and transactions.Se cret keys only known to the SIM card and the bank are used to en crypt and sign transaction data, further proving the identity of the user.

Data IntegritySin c e data is dig ita l ly signed, any atte mpt to man ip ulate it wi l l be dete cted be cause the signature wil l no longer correspond to the signed message.

Non-repudiationIn the context of mob i le banking, non-repudiation refers to authenti c ating the customer and the finan c i a l institution parti c i pating in a finan c i a l transaction with high degree of certainty so that the parties cannot later deny having performed the transaction. To ensure non-repud iation, a proof must be generated to show that the transaction was performed by that party.

Ge ma lto Mob i l e Banking addresses this requirement through the use of:

• A user PIN known only to the user and protected by encryption• A transaction confirmation code sent by the bank• A transaction log that records the details of every transaction.

Cryptographic OperationsAl l sensitive data is en crypted with doub le length 3DES (128b it) keys . In addition, transactiona l security standards such as Derived Unique Key Per Transacti on (DUKPT), short-l ived transactiona l contexts an d key roles are used for added prote ction of finan c i a l transactions.

T he cryptograph i c fun ctions, in c lud i ng key management, are performed using the most fraud-resistant hardware solution: a Host Se curity Modu le augm ented by Ge ma lto’s firmware, whi c h personal izes the HSM for Mob i le Banking. The sele cted HSM, Tha les HSM 8000, is certified as co mp lying to the m ost stringent security standard: FIPS 140-2 Leve l 3.

Transaction FlowA mob i l e banking transaction is initiated by the mo bi l e user and is comp l eted when the result is displayed on the user’s phone. The fol l owing examp l e shows the co m m un i c ation flow for an a c c ount bala n c e request.

• A customer browses Mobile Banking pages on the mobile phone and requests an account balance from the bank by selecting the account and entering the PIN to confirm the transaction.

• The request is encrypted and signed in the SIM and sent to the BMS via the mobile operator’s network through the SMSC and the S @ T Gateway.

• The BMS communicates with the BSP at the bank.

• The BSP decrypts information related to the transaction (the account), translates the PIN, translates the request and sends it to the bank system for processing.

• When the BSP obtains the requested information it sends the response back to the BMS.

• The BMS sends the response to the S @ T gateway which formats and forwards it to the SIM card in the mobile phone.

• The response is decrypted in the SIM card and presented to the user.

• The mobile user sees the result of her or his request on the phone display.

Figure 5: High-level Communication Flow

mailto:S@T

mailto:S@T

Operation and MaintenanceT he Mob i l e Banking platform requires min i m a l m aintenan c e, mostly consisting of verifying system l ogs regu larly. The ma i ntenan ce of the p latform servers, the RDBMS and the HSM is as spec ifi ed by th e manufa cturers of those produ cts.

Mobile Account ManagementT he standard version of Mob i l e Banking does not in c l ude any mob i l e a c c ount manage ment or bill i n g fun ctiona l i ty, sin ce different operators and banks use d ifferent a c c ount manage ment methods and, often, proprietary bi l l i ng systems.

Mob i l e Banking does however al l ow the operator to configure the BMS with TPDA codes for bi l lab l e an d non-billab le SMS messages. Add itiona lly, Gema lto can develop custom mob ile a c c ount manage m ent fun ctiona l i ties ta i lored to the needs of finan c i a l institutions or operators.

Storage of User InformationAl l the banking records are kept in the finan c i a l institution’s systems, outside of Mob i le Banking. However, the Mob i l e Banking app l i c ation needs customer i nformation such as the MSISDN, ICC-ID, c l i ent and operator ID requ ired by the BSP to process mobi l e transactions. Th is data is stored in a relatio na l database owned by the finan c i a l institution. M obi l e Banking requ ires a spec ifi c RDBMS, but its adm i n istration is left to the finan c i a l institution.

Operating System RequirementsT he Mob i l e Banking p latform software runs on standard UNIX or Linux servers free ing the operator and th e finan c i a l i nstitution from the high c ost of purchasing and ma i nta in ing proprietary operating systems.

Associated TechnologiesMob i l e Banking uses the fo l lowing te chno log i es and produ cts:

• Linux or UNIX operating system

• Thales HSM 8000

• Oracle 10g or newer RDBMS

• Standard interfaces (SMS, HTTP, XML, STKML)

• Java, S @ T and mi n i - S @ T technologies

mailto:mini-S@T

mailto:S@T

Acronyms

3DES Triple Data Encryption Standard

AT M Automatic Teller Machine

BMS Bank Mediation Server

BSP Banking Service Platform

DUKPT Derived Unique Key per Transaction

FIPS Federal Information Processing Standards

GSM Global System for Mobile Telecommunications

HSM Host Security Module

HT T P HyperText Transfer Protocol

ICC-ID Integrated Circuit(s) Card – Identifier, known as the SIM card Identifier

M AC Message Authentication Code

M SISDN Mobile Station International Subscriber Directory Number, known as a phone number

OT A Over-The-Air

PCI DSS Payment Card Industry Data Security Standard

PIN Personal Identity Number

RDBMS Relational Database Management System

S @ T SIM Alliance Toolbox

SIM c ard Subscriber Identity Module

SMS Short Message Service

SMSC Short Message Service Center

STKM L SIM ToolKit Markup Language

XML Extensible Markup Language

mailto:S@T

©G

emal

to 2

009.

All

right

s re

serv

ed. G

emal

to, t

he G

emal

to lo

go, a

re tr

adem

arks

and

ser

vice

mar

ks o

f Gem

alto

and

are

regi

ster

ed in

cer

tain

cou

ntrie

s. J

anua

ry 2

009

- D

esig

n V

ince

nt

Gre

goire

The world leader in digital security

w w w . g e m a l t o . c o m