Provisioning Mobile Devices and Identity Credentials April 1 st , 2014 Tom Zalewski CorFire
Provisioning Mobile Devices and Identity CredentialsApril 1st, 2014
Tom ZalewskiCorFire
Agenda
• Smart Phone Credential Capabilities
• Payment / Identity / Physical building / Access Logical
• Stakeholders
• Secure Element
• TSMs
• Alternate Credential Storage- HCE, TEE
• Pros / Cons
• Business Considerations
• Additional Considerations
• Summary
Page 2 © 2014 by SK C&C USA, Inc. All rights reserved
Payment / Access / ID Service Lifecycle Management
• Service Deployment
• Service Lock
• Service Upgrade
• Service Un-deployment
• Service Activation
• Service Unlock
• Service Data Update
Device ManagementEnd User Lifecycle Management
• Secure Element Change
• Mobile Phone Number Change
• Mobile Device Change
• Service Subscription/Termination
• Lost or Stolen Mobile Device
• Mobile Phone Hard Reset
Smart Phone Credential Capabilities
Page 3 © 2014 by SK C&C USA, Inc. All rights reserved
Stakeholders
• MNOs
• Own SIM Secure Element (SE) and in some instances of the embedded SE
• Subsidize embedded SE and NFC chipset through overall handset
subsidies
• Handle first-line customer care
• Handset Manufacturers
• Embed NFC components
• Distribute handsets primarily through MNOs
• May control SE and/or partner with Content Providers
• Application Issuers
• Own credentials and relationship with end users
• Typically lease space on the Secure Element (traditional credential storage location)
Page 4 © 2014 by SK C&C USA, Inc. All rights reserved
Stakeholders Continued
• Payment Associations or Standards bodies
• Set rules, certify, catalyze application standards, and incubate new
technologies
• Physical Point of Sale / Point of Access
• Accept Payments, Tokens or Access Credentials
• Transit, Ticketing, Hospitality and Corporate Business
• New Entrants & Third Parties
• Numerous Wallet and Application Vendors, Trusted Service Managers,
Chipset Suppliers, Equipment Vendors, Content Providers and Service
Providers looking to digitize their physical credentials, tokens and keys
Page 5 © 2014 by SK C&C USA, Inc. All rights reserved
• Virtual Real Estate known as the Secure Element
• Owner of the Secure Element is largely in control
• Business model for the Secure Element owner
• Bar Stool model, several legs are more stable than one leg
• Share of application-generated revenue
SE Business ModelSE Business
Model
Paym
ent A
pplic
ations
Why the Complexity in the Ecosystem?
Page 6 © 2014 by SK C&C USA, Inc. All rights reserved
Secure Elements & Global Platform
Embedded
MicroSD ICCC/SIM
Several Secure Elements may be present in the handset
Independence from MNOs and handset makers
Issuance flexibility Independent lifecycle
management
MNO controlled Applet lifecycle
tied to SIM’s
Specifies a platform to share a SE among multiple SPs
Control from either handset maker, MNO, or 3rd party (e.g. Google)
Applet lifecycle tied to phone’s
7Page 7 © 2014 by SK C&C USA, Inc. All rights reserved
SECURE ELEMENT
SECURE ELEMENT
SECURE ELEMENT
SECURE ELEMENT
MOBILE DEVICESSERVICE PROVIDERS
TRANSIT SYSTEMS
CARDISSUERS
RETAIL
HOTEL,B2B,
STADIUMS
1
2
n
1
2
n
1
2
n
1
2
nX 100’s MILLIONS
• MANY TYPES OF MOBILE DEVICES
• USING DIFFERENT OPERATING SYSTEMS
• OPERATING ON MULTIPLE CARRIER NETWORKS
Why is a TSM Required for using the SE?
Page 8 © 2014 by SK C&C USA, Inc. All rights reserved
SECURE ELEMENT
SECURE ELEMENT
SECURE ELEMENT
SECURE ELEMENT
MOBILE DEVICESAPPLICATION PROVIDERS
TRANSIT SYSTEMS
CARDISSUERS
HOTELB2B
STADIUMS
TRUSTEDSERVICE
MANAGER
1
2
n
1
2
n
RETAIL
1
2
n
1
2
n
X 100’s MILLIONSCONCEPTUAL ARCHITECTURE
• SECURE COMMUNICATION
• COMPATIBILITY
• REQUIRED LIFE CYCLE MANAGEMENT
A Centrally Positioned Trusted Third Party
Page 9 © 2014 by SK C&C USA, Inc. All rights reserved
OEM ISSUEDSECURE ELEMENT
WEB SERVICES ISSUED
SECURE ELEMENT
MNO ISSUEDSECURE ELEMENT
3RD PARTYISSUED
SECURE ELEMENT
MOBILE DEVICESAPPLICATION PROVIDERS
TRANSIT SYSTEMS
CARDISSUERS
RETAIL orACCESS
HOTELB2B
STADIUMS Secure Element/MNO TSMsService Provider TSMs
1
2
n
1
2
n
1
2
n
n
SP1
SP2
SPn
SE1
SE2
SEn
P1
SE3
PRACTICAL ARCHITECTURE
SECURE ELEMENT OWNERS WILL DICTATE WHICH TSM
HAS FULL CONTROL OF THEIR VIRTUAL REAL ESTATE
1
2
X 100’s MILLIONS
TSM Architecture Evolution
Page 10 © 2014 by SK C&C USA, Inc. All rights reserved
Key TSM Functions
Core Technology
• Card / application management (Global Platform)
• Chip data prep and personalization
• Key management (application keys, secure element keys)
• Operations and administration console
• Participant and subscriber management
• Post-issuance management (Global Platform)
• Remote download management
• Secure interface to Service Provider (issuing platform)
• Secure interface to MNO (billing, customer care, device mgmt, service order mgmt, etc.)
• Secure portal for Service Provider and/or MNO
Functional Variations
• SE ownership models
• SE form factors
• SE content management modes
• Mobile networks
• Mobile OS’
• OTA protocols
Supporting Business Services
• Call center / customer support
• Contractual relationship management
Page 11 © 2014 by SK C&C USA, Inc. All rights reserved
NFC Device Components
• Wallet serves as user interface
• NFC API allows access to SE and NFC chip
• Secure Elements (SE) securely store application credentials
• NFC Chipset generates/receives RF signals and interfaces with SEs and Wallet
Page 12 © 2014 by SK C&C USA, Inc. All rights reserved
Life Cycle Management
Credential Reader
Wireless Network
Activation
MidletProvisioning
Application
Provider
Personalization
TSM Functionality
Gateway
Issuer Terminal
Server
ISO 14443
Page 13 © 2014 by SK C&C USA, Inc. All rights reserved
Issuing Credentials to the Secure Element
Smart Card Alliance Mobile/NFC Security Fundamentals, Secure Elements 101, 28-March-2013
Parties / Elements Involved
• Mobile Network Operator
• Issuing Bank
• TSM
• Consumer
• Phone
Issuance flow follows deployment models as documented in “Global Platform Messaging Specification for Mobile NFC Services v1.1.2, Chapter 7, Phase 2”
• Simple Mode
• Delegated Mode
• Authorized Mode
Page 14 © 2014 by SK C&C USA, Inc. All rights reserved
Phone
Service Provider
SP TSM MNO TSM
Secure Element
NFC
Service Provider
Phone
NFC
Applet
Secure Element
Applet
App OS
Physical Secure Element
Virtual (Cloud) Secure Element
Integ
ratio
n
AP
Is
Service Providers (Application Issuers) have direct control by moving the secure element from a physical device to a remote environment
High-Level Credential Storage Location Options
Page 15 © 2014 by SK C&C USA, Inc. All rights reserved
Provisioning Credentials to the SE via TSM
• Card Management System (CMS)• Property Management System (PMS)
MNO/SE -TSM
SP- TSM
Phone
Secure EmailCrypto App
Mobile App
OTA Proxy
UICC - Secure Element
ISD
SSD #1
SSD #2
Applet
Internet(If supported)
OTA
Applet
OS
Crypto Middleware
CLF SWP
Profile Data
• Rotate Key• Provision Data
Page 16 © 2014 by SK C&C USA, Inc. All rights reserved
Alternatives to the Secure Element- HCE
Host Card Emulation
• Google introduced with Android 4.4 (KitKat)
• NFC Controller selects SE or HCE for payment data source based on routing
table securely stored on device
• Outstanding issues
• Transaction Security
• Potential exposure to Rich Execution Environment (REE)
• Static Track Data
• No Visa or MasterCard certification at this time
• No Mifare support at this time
Page 17 © 2014 by SK C&C USA, Inc. All rights reserved
Provisioning Credentials via HCE (Hypothetical)
• Card Management System (CMS)• Property Management System (PMS)
SP- TSM(Lite)
Phone
Secure EmailCrypto App
Mobile App
UICC - Secure Element
ISD
CLF SWP
Profile Data
• Rotate Key• Provision Data
VirtualSecure Element
Crypto Middleware
OS
Page 18 © 2014 by SK C&C USA, Inc. All rights reserved
HCE Performance
Page 19 © 2014 by SK C&C USA, Inc. All rights reserved
Limitations of HCE (in Android 4.4)
Can only emulate ISO/IEC 14443-4 protocol• with application structures ISO/IEC 7816-4
i.e. card emulation applications need to be selected though AID
Not possible to emulate most MIFARE protocols:
• MIFARE Ultralight protocol - operates on top of ISO/IEC 14443-3• MIFARE Classic protocol - partially operates on top of ISO/IEC 14443-3• MIFARE DESFire protocols - operate on top of ISO/IEC 14443-4
• Native protocol: Does not use ISO/IEC 7816-4 APDUs• Wrapped native protocol: Uses ISO/IEC 7816-4 APDUs, but readers will
typically not issue a SELECT command using the DESFire AID in this mode.
• ISO protocol: Based on ISO/IEC 7816-4 and uses application selection by AID
Page 20 © 2014 by SK C&C USA, Inc. All rights reserved
Other Alternatives to the Secure Element or Cloud- TEE
Trusted Execution Environment (TEE)
• Isolated execution environment layered in between Rich Execution
Environment (REE) and Secure Element
• Access to Trusted Assets / Credentials locally within the mobile device
• Protects against vulnerabilities/threats introduced through REE
• Malware & Viruses
• Personalized Content
• TEE can be combined with alternate credential storage solutions for
additional security or Use Case scenarios
© 2014 by SK C&C USA, Inc. All rights reserved21
Ultimately Multi-App, Multi-SE, Multi-Storage…
Phone
Banks
NFC
SE
Credit/Debit
Merchants
SE
SVA
Bank App+ HostApduService
Merchant App+ HostApduService
Hotel App+ HostApduService
Hotels
Transit App+ HostApduService
Mobile SDK
Mobile SDK
OS
Transit
TEE
SVA
Encryption Key
Door Key (Encrypted)
PaymentCategories
“Other”Categories
APDUs
Page 22 © 2014 by SK C&C USA, Inc. All rights reserved
Alternate Storage Advantages Over Traditional Onboard SE
• Direct control by Service Providers (Application Issuers)
• Lower costs: no “hotel” third parties
• Cloud-based Computing
• Better computing power than Secure Element
• More memory/storage – unlimited applications
• System is fully online – Instant fraud detection
• Users would be able to access all their applications from all their devices
• Users would be able to manage services via a web browser
• Eliminate or Reduce Secure Element Cost
• Smaller/cheaper SE can be used for user/device authentication only
• Trusted Execution Environment (TEE) can be used to eliminate SE
Can still work offline for some use cases:
Virtual Account Creation and Tokenization with pre-authorized number of transactions
Page 23 © 2014 by SK C&C USA, Inc. All rights reserved
Pro’s / Con’s
• SE most secure, always available but limited storage and slow access speeds. Involved Ecosystem for administration (MNO).
• TEE not as secure as SE, always available, greater storage capacity and Rich OS type access speeds. However, approaches still being evaluated (Security vrs Cost). Administration of Trusted Applications difficult for devices already deployed. Industry is working on this aspect.
• HCE security still being evaluated. Greater storage and potential access speeds then SE. Requires use of local tokens to address offline mode. Removes dependencies on MNO’s and OEM’s.
• Each approach may be more appropriate for specific applications based on security needs. Hybrids will likely to emerge.
Page 24 © 2014 by SK C&C USA, Inc. All rights reserved
Business Considerations
• Business models
• How to share the revenue stream with more parties
• Secure remote management of payment credentials on a “Mobile
Computer”
• Always connected, ongoing risk of malware, hacking, etc
• Coordination with multiple stakeholders over life cycle of device
• Requirement for a Trusted Third Party responsible for overall
management of the mobile devices’ NFC operation
• Partner Cooperation
• Multiple parties and their unique concerns
• Standardization and Security
• Acceptance requirements and Interoperability
Page 25 © 2014 by SK C&C USA, Inc. All rights reserved
Additional Challenges
• Device Interoperability
• User Experience
• Cost Reduction or New Revenue Generation?
• Greater Convenience, Greater Security, or Both?
• Technology Partners
• Backward Compatibility
• Forward Compatibility
Page 26 © 2014 by SK C&C USA, Inc. All rights reserved