SlideShare una empresa de Scribd logo

6. mr. sastry vns idrbt

Descargar como PPT, PDF
E
EthioTelecom_Getahun Biratu

technology challenges in mobile payment

Datos y análisis
1 de 28
Technology Challenges in Mobile Payments Dr.V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI Road No.1, Castle Hills, Masab Tank, Hyderabad 500057 E-Mail : vnsastry@idrbt.ac.in Ph: 91-40-23534981 Test : 9440803813 (M) & MMID : 9211933 January 30, 2012 at IDRBT for the EDP
March 29, 2012 Outline • Mobile Payment Technologies • Technology Challenges • Some innovative developments 2
Classification of Mobile Payments Based on Value Micro Payments Based on Charging method Based on Location Based on the validation of the tokens exchanged Macro Payments Mini Payments Proximity Payments Remote Payments Pre-paid Post-paid Online Payments Offline Payments (ex: e-coins in P2P transfers) March 29, 2012 3
March 29, 2012 Enabling Mobile Technologies User Interface Platforms Security enablers Transport Short- range Long- range GSM GPRS RFID Bluetooth Infrared 3G SAT Java ME Java Card Voice SMS USSD WAP Dual slot phones WPKI/ WIM SIM 4G NFC 4
March 29, 2012 Technology Challenges • Device Level • Application Level • Communication Level • User Level • Security Level • Standards Level • Consolidation Level 5
March 29, 2012 Device Level Challenges • Variation in Features and Functionalities, look and feel, text size, recharging frequency, OS • User Awareness and Education • Voice, Data, MMS, interactivity, real time response, location aided feature etc. properly used ? 6
March 29, 2012 Mobile Application Level Challenges • Is the Mobile Payment Application Developed in Conformance to standards ? Is it interoperable ? • On which folder client application is to be downloaded ? how to install and run a mobile payment application ? • Is the design optimized for execution in limited phone memory? • Has it been Tested and certified by Trusted entity ? • Can the customer wait for the delay to get it for his/her new model ? 7
March 29, 2012 Communication Level Challenges • Which channel to use : SMS, USSD, GPRS, DTMF ? • What way mobile banking convenience is enhanced by 2G, 3G, 4G ? • When and how to use Wireless Communication Technologies : Bluetooth, Zigbee, Wi-max, Wi-fi , LTE ? 8
Mobile Communication Architecture Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR EIR AUC OMC BTS BTS March 29, 2012 9
March 29, 2012 Bank - A Bank -B Switching (NPCI) Settlement (CCIL) Interbank Mobile Payment Service (IMPS) Payer-X Payee- Y 10
March 29, 2012 User Level Challenges • Local language support on Mobiles • Generation of Transaction report • Mobile Application on Phone memory or SIM or memory card ? • Trace of transaction data or critical personal data : access by others • Mobile Wallet : risk of multiple cards in the device and value offload for cash exchange in local currency • Mobile based Financial Inclusion services • Complaint registration and Grievance resolution 11
BC Micro ATM ATM / Merchant PoS Bank A Bank B Switching (NPCI) Biometric Authentication ( UIDAI ) Settlement (CCIL) Customer Mobile based Financial Inclusion and Mobile Wallet March 29, 2012 12
March 29, 2012 Security Challenges • Authentication – User, Device, Application, Transaction – Direct, Indirect – Factors : You Know (UK), You Have (UH), You Are (UR) – One Way from source (S) to destination (D) – Mutual between source, destination or intermediate entities as Telco , Mobile Payment Provider, Bank Server, Switching agency. • Encryption & Decryption Using Cryptoghaphy – Symmetric key ( Password, m-Pin ) – Asymmetric key (PKI , WPKI ) • Layers of OSI Model • Access Control Models • Between Source (S) and Destination (D) – MPP to Bank : SSL / TCP – Bank to NPCI : SSL/TCP 13
Major 3 Sections of a Mobile Phone –Power Section • Power distribution • Charging section –Radio Section • Band Switching • RF Power Amplification • Transmitter • Receiver –Computer Section • CPU (central processing unit) • Memory (RAM,FLASH,COMBO CHIP) March 29, 2012 14
Some reported attacks on Mobile Phones • Phishing • Botnet • Fake Player • Trojan horse • Bluejacking (Symbian ) • BlueBug • BlueSnarfing • BluePrinting •Cabir (First in 2004 ) •Comwar •Skulls •Windows CE virus March 29, 2012 15
Mobile Station • Mobile Equipment (ME) is identified by – International Mobile Equipment Identity (IMEI) Number • Subscriber Identity Module (SIM) Card has keys, identifiers and algorithms • Identifiers – Ki – Subscriber Authentication Key – IMSI – International Mobile Subscriber Identity – TMSI – Temporary Mobile Subscriber Identity – MSISDN – Mobile Station International Service Digital Network – PIN – Personal Identity Number protecting a SIM – LAI – location area identity • STK ( SIM Application Toolkit) allows applications in the SIM to interact with any ME • ETSI GSM 11.14 standard defines the interface between the SIM and the interoperable ME . March 29, 2012 16
SIM Card • Mobile Payment Application can be installed on either ME or SIM . • The application burnt on the SIM card gives by far the most secure application environment. The mobile application can be stored on its own security domain and hence prevented from others having access to it. • Forensic tools and procedures exist that can be used to bypass built-in security mechanisms and recover the contents of a device. • Both software and hardware-based methods are available for data recovery, including those that exploit existing vulnerabilities. • A number of GSM mobile phones allow acquisition with a forensic tool, if a PIN-enabled (U)SIM is missing or removed from the device. It is also possible to create substitute (U)SIMs for certain models of phones that fools them into treating the (U)SIM as the original, and allowing access. • March 29, 2012 17
Security at Mobile Channel Level • Voice Channel : DTMF for IVRS • Text Channel : SMS, USSD • MMS Channel : GPRS • GSM Security Mechanisms • Equipment Identity Register (EIR) – Black list – stolen or non-type mobiles – White list - valid mobiles – Gray list – local tracking mobiles • Central Equipment Identity Register (CEIR) – Approved mobile type (type approval authorities) – Consolidated black list (posted by operators) March 29, 2012 18
Security at Mobile Application level • Client Application developed by the Mobile Payment Provider (MPP) • Server Application of the MPP at the Bank level • Security Testing • Key Generation and storage process • Check Sum implemented • Reaching to the destined address only ? March 29, 2012 19
March 29, 2012 Multiple Standard Challenges • ISO Standards • IEEE Standards • PCI DSS Standards • Regulatory Standards • Global platform Standards • EMV Standards • NIST Standards • SFMS, SWIFT Standards • NFC Standards 20
Mobile ad hoc network technologies March 29, 2012 Technology Standard Theoretical Bit Rate Frequenc y Range Power Consumptio n IEEE 802.11b 1,2,5.5, 11 Mbits/s 2.4 GHz 100m-500m 30mW IEEE 802.11g Upto 54 Mbits/s 2.4 GHz 25-50m 79mW IEEE 802.11a Upto 54 Mbits/s 5 GHz 40m 250mW Bluetooth IEEE 802.11.15.1 1 Mbits/s 2.4 GHz 10 m-100m 1mW UWB (IEEE 802.15.3) 110 - 480 Mbit/s 10 GHz 10m 200 mW Hiper LAN2 Upto 54 Mbits/s 5 GHz 150m 200 mW IrDA 4Mbits 850 nm 10 m 200mW IEEE 802.11n 600 Mbits/s 5 GHz 100m - 250m 1500W 21
March 29, 2012 Consolidation Level Challenges • Server capabilities to handle high volume mobile payment transactions • Periodic and round the clock clearing services for mobile payments • Net and Real time funds settlement between Banks • Cash management issues at ATMs on account of high velocity mobile payments. • Offering Mobile Banking Application as a Cloud Service 22
Some Innovative solutions of Mobile Payments in India: • Bringing all stakeholders of Mobile Payments into one platform by the Mobile Payment Forum of India (MPFI) in 2006 • Use of Mobile Phone Number and MMID only for Mobile Payments • Use of AADHAR number and BIN for Mobile Payments • Use of USSD based Mobile Payments • Development of MANETS for Financial Inclusion by IDRBT • And many other solutions reported in the workshop March 29, 2012 23
MANET Ecosystem for Mobile Payments  MANET nodes.  Gateway.  Backbone Network.  Bank Server.  Fixed Relay. March 29, 2012 24
Mobile ad-hoc Network (MANET)  It is a Mobile wireless network.  MANET nodes are rapidly deployable, self configuring and capable of doing autonomous operation in the network.  Nodes co-operate to provide Connectivity and Services.  Operates without base station and centralized administration.  Nodes exhibit mobility and the topology is dynamic.  Nodes must be able to relay traffic sense.  A MANET can be a standalone network or it can be connected to external networks(Internet). March 29, 2012 25
MANET based Mobile Payments I Cellular Network /Satellite Technology Internet / Private LAN Gateway Fixed Relays Bank Server Mobile ad hoc Network Village MANET node Backbone March 29, 2012 26
Testbed Mobile Node C 192.168.1.3 Mobile Node B 192.168.1.3 Mobile Node D 192.168.1.4 Mobile Node A 192.168.1.2 Gateway 192.168.1.1 Fixed Relay MANET in a Village Cellular Network/ ISDN/PSTN/ LLN/ Satellite Network Bank-A Server 172.16.0.8 Bank-B Server 162.16.6.124 March 29, 2012 27
March 29, 2012 28

Recomendados

Fin conet report_online_mobile_payments
Fin conet report_online_mobile_paymentsFin conet report_online_mobile_payments
Fin conet report_online_mobile_paymentsDealdaddy.shop
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the UnbankedVeridium
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarVeridium
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesVeridium
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 

Recomendados

Fin conet report_online_mobile_payments
Fin conet report_online_mobile_paymentsFin conet report_online_mobile_payments
Fin conet report_online_mobile_paymentsDealdaddy.shop
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
Banking the Unbanked
Banking the UnbankedBanking the Unbanked
Banking the UnbankedVeridium
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarVeridium
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
Blockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesBlockchain, Biometrics, and the Future of Financial Services
Blockchain, Biometrics, and the Future of Financial ServicesVeridium
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Growing internet of things solution in industries and mobile
Growing internet of things solution in industries and mobile Growing internet of things solution in industries and mobile
Growing internet of things solution in industries and mobile Qian Li Jin
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identity Defined Security Alliance
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101Sierraware
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltdNehul Gupta
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD SuccessSierraware
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
Citrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefCitrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefNuno Alves
 
Target NFC HCE 3.0 - digital bank - 2015 Ukraine
Target NFC HCE 3.0 - digital bank - 2015 UkraineTarget NFC HCE 3.0 - digital bank - 2015 Ukraine
Target NFC HCE 3.0 - digital bank - 2015 UkraineSergey Skabelkin
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile BankingVeridium
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSukumar Nayak
 
Mobile Security BROCHURE (1)
Mobile Security BROCHURE (1)Mobile Security BROCHURE (1)
Mobile Security BROCHURE (1)Rhys A. Mossom
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)Thinksoft Global
 
Mobile Payment A Review.pdf
Mobile Payment A Review.pdfMobile Payment A Review.pdf
Mobile Payment A Review.pdfDr. Shaik Shakeel Ahamad
 

Más contenido relacionado

La actualidad más candente

Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Growing internet of things solution in industries and mobile
Growing internet of things solution in industries and mobile Growing internet of things solution in industries and mobile
Growing internet of things solution in industries and mobile Qian Li Jin
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101Sierraware
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltdNehul Gupta
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCloudIDSummit
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD SuccessSierraware
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013Petr Dvorak
 
Citrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefCitrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefNuno Alves
 
Target NFC HCE 3.0 - digital bank - 2015 Ukraine
Target NFC HCE 3.0 - digital bank - 2015 UkraineTarget NFC HCE 3.0 - digital bank - 2015 Ukraine
Target NFC HCE 3.0 - digital bank - 2015 UkraineSergey Skabelkin
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile BankingVeridium
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSukumar Nayak
 
Mobile Security BROCHURE (1)
Mobile Security BROCHURE (1)Mobile Security BROCHURE (1)
Mobile Security BROCHURE (1)Rhys A. Mossom
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 

La actualidad más candente (20)

Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Growing internet of things solution in industries and mobile
Growing internet of things solution in industries and mobile Growing internet of things solution in industries and mobile
Growing internet of things solution in industries and mobile
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltd
 
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud AppsCIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
CIS13: Beyond the Building: Secure Identity Services for Mobile and Cloud Apps
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD Success
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
Citrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature BriefCitrix MDX Technologies Feature Brief
Citrix MDX Technologies Feature Brief
 
Target NFC HCE 3.0 - digital bank - 2015 Ukraine
Target NFC HCE 3.0 - digital bank - 2015 UkraineTarget NFC HCE 3.0 - digital bank - 2015 Ukraine
Target NFC HCE 3.0 - digital bank - 2015 Ukraine
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile Banking
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoT
 
Mobile Security BROCHURE (1)
Mobile Security BROCHURE (1)Mobile Security BROCHURE (1)
Mobile Security BROCHURE (1)
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
 

Similar a 6. mr. sastry vns idrbt

What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)Thinksoft Global
 
Mobile banking & payment
Mobile banking & paymentMobile banking & payment
Mobile banking & paymentAnil Chaurasiya
 
Mobile payment systems and services
Mobile payment systems and servicesMobile payment systems and services
Mobile payment systems and servicesSaketh guggilla
 
oneM2M webinar (2014)
oneM2M webinar (2014)oneM2M webinar (2014)
oneM2M webinar (2014)Marc Jadoul
 
M2M industry overview 2012
M2M industry overview 2012M2M industry overview 2012
M2M industry overview 2012Ahmad Yokasano
 
Next Generation Networks for Contactless and Mobile Ticketing
Next Generation Networks for Contactless and Mobile TicketingNext Generation Networks for Contactless and Mobile Ticketing
Next Generation Networks for Contactless and Mobile TicketingFujitsu Network Communications
 
Computer's project
Computer's projectComputer's project
Computer's projectAbdullah555
 
oneM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolutiononeM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolutiononeM2M
 
Imperatives for the Smart Sustainable Cities
Imperatives for the Smart Sustainable CitiesImperatives for the Smart Sustainable Cities
Imperatives for the Smart Sustainable CitiesBalvinder Kaur
 
Future of m commerce
Future of m commerceFuture of m commerce
Future of m commerceAlok Gupta
 
The internet of things the next technology revolution
The internet of things the next technology revolutionThe internet of things the next technology revolution
The internet of things the next technology revolutionusman sarwar
 
Smart cities - Open to cyber attacks
Smart cities - Open to cyber attacksSmart cities - Open to cyber attacks
Smart cities - Open to cyber attacksRohan Patil
 

Similar a 6. mr. sastry vns idrbt (20)

What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)What to Expect from a Mobile Banking Solution? (Whitepaper)
What to Expect from a Mobile Banking Solution? (Whitepaper)
 
Mobile Payment A Review.pdf
Mobile Payment A Review.pdfMobile Payment A Review.pdf
Mobile Payment A Review.pdf
 
Mobile banking & payment
Mobile banking & paymentMobile banking & payment
Mobile banking & payment
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic Concepts
 
Mobile Commerce
Mobile CommerceMobile Commerce
Mobile Commerce
 
Mobile payment systems and services
Mobile payment systems and servicesMobile payment systems and services
Mobile payment systems and services
 
Mobile commerce
Mobile commerceMobile commerce
Mobile commerce
 
oneM2M webinar (2014)
oneM2M webinar (2014)oneM2M webinar (2014)
oneM2M webinar (2014)
 
M2M industry overview 2012
M2M industry overview 2012M2M industry overview 2012
M2M industry overview 2012
 
Next Generation Networks for Contactless and Mobile Ticketing
Next Generation Networks for Contactless and Mobile TicketingNext Generation Networks for Contactless and Mobile Ticketing
Next Generation Networks for Contactless and Mobile Ticketing
 
Computer's project
Computer's projectComputer's project
Computer's project
 
Cmsc666 Mc
Cmsc666 McCmsc666 Mc
Cmsc666 Mc
 
oneM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolutiononeM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolution
 
Mobile payment
Mobile paymentMobile payment
Mobile payment
 
M Commerce
M CommerceM Commerce
M Commerce
 
Imperatives for the Smart Sustainable Cities
Imperatives for the Smart Sustainable CitiesImperatives for the Smart Sustainable Cities
Imperatives for the Smart Sustainable Cities
 
Future of m commerce
Future of m commerceFuture of m commerce
Future of m commerce
 
The internet of things the next technology revolution
The internet of things the next technology revolutionThe internet of things the next technology revolution
The internet of things the next technology revolution
 
Smart cities - Open to cyber attacks
Smart cities - Open to cyber attacksSmart cities - Open to cyber attacks
Smart cities - Open to cyber attacks
 
Security issues in_mobile_payment
Security issues in_mobile_paymentSecurity issues in_mobile_payment
Security issues in_mobile_payment
 

Último

Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...HyderabadDolls
 
Statistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numbersStatistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numberssuginr1
 
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime GiridihGiridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridihmeghakumariji156
 
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxRESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxronsairoathenadugay
 
Vastral Call Girls Book Now 7737669865 Top Class Escort Service Available
Vastral Call Girls Book Now 7737669865 Top Class Escort Service AvailableVastral Call Girls Book Now 7737669865 Top Class Escort Service Available
Vastral Call Girls Book Now 7737669865 Top Class Escort Service Availablegargpaaro
 
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...HyderabadDolls
 
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...gajnagarg
 
Introduction to Statistics Presentation.pptx
Introduction to Statistics Presentation.pptxIntroduction to Statistics Presentation.pptx
Introduction to Statistics Presentation.pptxAniqa Zai
 
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham WareDigital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham WareGraham Ware
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...gajnagarg
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraGovindSinghDasila
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...gajnagarg
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...nirzagarg
 
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...HyderabadDolls
 
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...kumargunjan9515
 
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...nirzagarg
 
Gartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptxGartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptxchadhar227
 
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...nirzagarg
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...nirzagarg
 

Último (20)

Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
 
Statistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numbersStatistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numbers
 
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime GiridihGiridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
 
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxRESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
 
Vastral Call Girls Book Now 7737669865 Top Class Escort Service Available
Vastral Call Girls Book Now 7737669865 Top Class Escort Service AvailableVastral Call Girls Book Now 7737669865 Top Class Escort Service Available
Vastral Call Girls Book Now 7737669865 Top Class Escort Service Available
 
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
 
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
 
Introduction to Statistics Presentation.pptx
Introduction to Statistics Presentation.pptxIntroduction to Statistics Presentation.pptx
Introduction to Statistics Presentation.pptx
 
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham WareDigital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham Ware
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Nandurbar [ 7014168258 ] Call Me For Genuine Models...
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - Almora
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
 
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
 
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
 
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
 
Gartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptxGartner's Data Analytics Maturity Model.pptx
Gartner's Data Analytics Maturity Model.pptx
 
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
 

6. mr. sastry vns idrbt

  • 1. Technology Challenges in Mobile Payments Dr.V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI Road No.1, Castle Hills, Masab Tank, Hyderabad 500057 E-Mail : vnsastry@idrbt.ac.in Ph: 91-40-23534981 Test : 9440803813 (M) & MMID : 9211933 January 30, 2012 at IDRBT for the EDP
  • 2. March 29, 2012 Outline • Mobile Payment Technologies • Technology Challenges • Some innovative developments 2
  • 3. Classification of Mobile Payments Based on Value Micro Payments Based on Charging method Based on Location Based on the validation of the tokens exchanged Macro Payments Mini Payments Proximity Payments Remote Payments Pre-paid Post-paid Online Payments Offline Payments (ex: e-coins in P2P transfers) March 29, 2012 3
  • 4. March 29, 2012 Enabling Mobile Technologies User Interface Platforms Security enablers Transport Short- range Long- range GSM GPRS RFID Bluetooth Infrared 3G SAT Java ME Java Card Voice SMS USSD WAP Dual slot phones WPKI/ WIM SIM 4G NFC 4
  • 5. March 29, 2012 Technology Challenges • Device Level • Application Level • Communication Level • User Level • Security Level • Standards Level • Consolidation Level 5
  • 6. March 29, 2012 Device Level Challenges • Variation in Features and Functionalities, look and feel, text size, recharging frequency, OS • User Awareness and Education • Voice, Data, MMS, interactivity, real time response, location aided feature etc. properly used ? 6
  • 7. March 29, 2012 Mobile Application Level Challenges • Is the Mobile Payment Application Developed in Conformance to standards ? Is it interoperable ? • On which folder client application is to be downloaded ? how to install and run a mobile payment application ? • Is the design optimized for execution in limited phone memory? • Has it been Tested and certified by Trusted entity ? • Can the customer wait for the delay to get it for his/her new model ? 7
  • 8. March 29, 2012 Communication Level Challenges • Which channel to use : SMS, USSD, GPRS, DTMF ? • What way mobile banking convenience is enhanced by 2G, 3G, 4G ? • When and how to use Wireless Communication Technologies : Bluetooth, Zigbee, Wi-max, Wi-fi , LTE ? 8
  • 9. Mobile Communication Architecture Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR EIR AUC OMC BTS BTS March 29, 2012 9
  • 10. March 29, 2012 Bank - A Bank -B Switching (NPCI) Settlement (CCIL) Interbank Mobile Payment Service (IMPS) Payer-X Payee- Y 10
  • 11. March 29, 2012 User Level Challenges • Local language support on Mobiles • Generation of Transaction report • Mobile Application on Phone memory or SIM or memory card ? • Trace of transaction data or critical personal data : access by others • Mobile Wallet : risk of multiple cards in the device and value offload for cash exchange in local currency • Mobile based Financial Inclusion services • Complaint registration and Grievance resolution 11
  • 12. BC Micro ATM ATM / Merchant PoS Bank A Bank B Switching (NPCI) Biometric Authentication ( UIDAI ) Settlement (CCIL) Customer Mobile based Financial Inclusion and Mobile Wallet March 29, 2012 12
  • 13. March 29, 2012 Security Challenges • Authentication – User, Device, Application, Transaction – Direct, Indirect – Factors : You Know (UK), You Have (UH), You Are (UR) – One Way from source (S) to destination (D) – Mutual between source, destination or intermediate entities as Telco , Mobile Payment Provider, Bank Server, Switching agency. • Encryption & Decryption Using Cryptoghaphy – Symmetric key ( Password, m-Pin ) – Asymmetric key (PKI , WPKI ) • Layers of OSI Model • Access Control Models • Between Source (S) and Destination (D) – MPP to Bank : SSL / TCP – Bank to NPCI : SSL/TCP 13
  • 14. Major 3 Sections of a Mobile Phone –Power Section • Power distribution • Charging section –Radio Section • Band Switching • RF Power Amplification • Transmitter • Receiver –Computer Section • CPU (central processing unit) • Memory (RAM,FLASH,COMBO CHIP) March 29, 2012 14
  • 15. Some reported attacks on Mobile Phones • Phishing • Botnet • Fake Player • Trojan horse • Bluejacking (Symbian ) • BlueBug • BlueSnarfing • BluePrinting •Cabir (First in 2004 ) •Comwar •Skulls •Windows CE virus March 29, 2012 15
  • 16. Mobile Station • Mobile Equipment (ME) is identified by – International Mobile Equipment Identity (IMEI) Number • Subscriber Identity Module (SIM) Card has keys, identifiers and algorithms • Identifiers – Ki – Subscriber Authentication Key – IMSI – International Mobile Subscriber Identity – TMSI – Temporary Mobile Subscriber Identity – MSISDN – Mobile Station International Service Digital Network – PIN – Personal Identity Number protecting a SIM – LAI – location area identity • STK ( SIM Application Toolkit) allows applications in the SIM to interact with any ME • ETSI GSM 11.14 standard defines the interface between the SIM and the interoperable ME . March 29, 2012 16
  • 17. SIM Card • Mobile Payment Application can be installed on either ME or SIM . • The application burnt on the SIM card gives by far the most secure application environment. The mobile application can be stored on its own security domain and hence prevented from others having access to it. • Forensic tools and procedures exist that can be used to bypass built-in security mechanisms and recover the contents of a device. • Both software and hardware-based methods are available for data recovery, including those that exploit existing vulnerabilities. • A number of GSM mobile phones allow acquisition with a forensic tool, if a PIN-enabled (U)SIM is missing or removed from the device. It is also possible to create substitute (U)SIMs for certain models of phones that fools them into treating the (U)SIM as the original, and allowing access. • March 29, 2012 17
  • 18. Security at Mobile Channel Level • Voice Channel : DTMF for IVRS • Text Channel : SMS, USSD • MMS Channel : GPRS • GSM Security Mechanisms • Equipment Identity Register (EIR) – Black list – stolen or non-type mobiles – White list - valid mobiles – Gray list – local tracking mobiles • Central Equipment Identity Register (CEIR) – Approved mobile type (type approval authorities) – Consolidated black list (posted by operators) March 29, 2012 18
  • 19. Security at Mobile Application level • Client Application developed by the Mobile Payment Provider (MPP) • Server Application of the MPP at the Bank level • Security Testing • Key Generation and storage process • Check Sum implemented • Reaching to the destined address only ? March 29, 2012 19
  • 20. March 29, 2012 Multiple Standard Challenges • ISO Standards • IEEE Standards • PCI DSS Standards • Regulatory Standards • Global platform Standards • EMV Standards • NIST Standards • SFMS, SWIFT Standards • NFC Standards 20
  • 21. Mobile ad hoc network technologies March 29, 2012 Technology Standard Theoretical Bit Rate Frequenc y Range Power Consumptio n IEEE 802.11b 1,2,5.5, 11 Mbits/s 2.4 GHz 100m-500m 30mW IEEE 802.11g Upto 54 Mbits/s 2.4 GHz 25-50m 79mW IEEE 802.11a Upto 54 Mbits/s 5 GHz 40m 250mW Bluetooth IEEE 802.11.15.1 1 Mbits/s 2.4 GHz 10 m-100m 1mW UWB (IEEE 802.15.3) 110 - 480 Mbit/s 10 GHz 10m 200 mW Hiper LAN2 Upto 54 Mbits/s 5 GHz 150m 200 mW IrDA 4Mbits 850 nm 10 m 200mW IEEE 802.11n 600 Mbits/s 5 GHz 100m - 250m 1500W 21
  • 22. March 29, 2012 Consolidation Level Challenges • Server capabilities to handle high volume mobile payment transactions • Periodic and round the clock clearing services for mobile payments • Net and Real time funds settlement between Banks • Cash management issues at ATMs on account of high velocity mobile payments. • Offering Mobile Banking Application as a Cloud Service 22
  • 23. Some Innovative solutions of Mobile Payments in India: • Bringing all stakeholders of Mobile Payments into one platform by the Mobile Payment Forum of India (MPFI) in 2006 • Use of Mobile Phone Number and MMID only for Mobile Payments • Use of AADHAR number and BIN for Mobile Payments • Use of USSD based Mobile Payments • Development of MANETS for Financial Inclusion by IDRBT • And many other solutions reported in the workshop March 29, 2012 23
  • 24. MANET Ecosystem for Mobile Payments  MANET nodes.  Gateway.  Backbone Network.  Bank Server.  Fixed Relay. March 29, 2012 24
  • 25. Mobile ad-hoc Network (MANET)  It is a Mobile wireless network.  MANET nodes are rapidly deployable, self configuring and capable of doing autonomous operation in the network.  Nodes co-operate to provide Connectivity and Services.  Operates without base station and centralized administration.  Nodes exhibit mobility and the topology is dynamic.  Nodes must be able to relay traffic sense.  A MANET can be a standalone network or it can be connected to external networks(Internet). March 29, 2012 25
  • 26. MANET based Mobile Payments I Cellular Network /Satellite Technology Internet / Private LAN Gateway Fixed Relays Bank Server Mobile ad hoc Network Village MANET node Backbone March 29, 2012 26
  • 27. Testbed Mobile Node C 192.168.1.3 Mobile Node B 192.168.1.3 Mobile Node D 192.168.1.4 Mobile Node A 192.168.1.2 Gateway 192.168.1.1 Fixed Relay MANET in a Village Cellular Network/ ISDN/PSTN/ LLN/ Satellite Network Bank-A Server 172.16.0.8 Bank-B Server 162.16.6.124 March 29, 2012 27