Digital security involves both physical secure elements, operating systems and software to deliver end-user value by protecting identities and digital assets. Personalization and provisioning mechanisms are also key factors in the execution of innovative business models.
EMV (Europay MasterCard Visa)
EMV (Europay MasterCard Visa) is a worldwide standard for payment cards that provides global interoperability between all cards and the acceptance networks (Payment Terminals). The EMV standard is also applicable to mobile payment solutions such as mobile EMV with NFC (Near-field-communication).
What is the EMV?
Personal computer/Smart Card (PC/SC)
PC/SC, Personal computer/Smart Card is a standard framework for Smart Card access on Windows Platforms (included in Windows2000).
What is the PC/SC Technology?
OCF, the OpenCard Framework is a standard Java framework for working with Smart Cards.
What is OpenCard?
Over-The-Air (OTA) Servers are used to remotely manage mobile devices. Once in the field and used by consumers, wireless mobile devices can be remotely accessed to activate/de-active new services, supplement new applications, update network settings, etc
Gemalto OTA technology is used on site by MNOs as part of their IT back-office and at Gemalto sites to manage services for MNOs. OTA technology is a key element of Gemalto's TSM (Trusted Services Management) solution is critical in securing applications that offer mobile payment and mobile transport to NFC enabled handsets.
The most secure architecture deployed today involves OTA provision for secure apps hosted in the UICC (Universal Integrated Circuit Card).
Trusted Services Management (TSM)
Trusted Services Management (TSM) is Gemalto's solution of full management services for MNOs, banks, and Mass Transit Operators who need to deliver highly secure services on mobile devices (Such as payment, transport, enterprise access control, etc). TSM allows service specification and activation/de-activation.
Using Secure Data Processing and OTA (Over-The-Air) support mechanisms, Gemalto TSM acts on behalf of its customers to securely install and activate services on end-users devices. TSM is the "Over-The-Air" implementation of the long proven Gemalto know-how in card personalization.
More than 4 billion mobile devices worldwide are using a UICC to manage users' credentials for network access. A complete eco-system based on Java-Card technology allows MNOs and their business partners to deploy innovative services. These services have the capacity to reach all deployed mobile devices, with no limitation to one particular OS or handset make.
The SIM tool kit is the fastest and most efficient method in developing new ways to reach billions of users. It is also a key asset to MNOs giving them a wide range of solutions for the clients that are hosted in the UICC.
An example of STK's potential global-reach is Facebook-for-SIM that allows mobile phones to access their user's Facebook accounts by using SMS technology.
Powering SIM card with value added services thanks to SIM Toolkit technology!
The UICC (Universal Integrated Circuit Card) is a structural part of all 2G, 3G and now 4G/LTE devices. The most well- known application to manage users' credentials for network access is SIM (Subscriber Identity Module). The UICC is a microprocessor hosted by a Java virtual machine that can host hundreds of new applications developed for the STK (SIM Tool Kit) and it can also be used for connected machines (M2M)
SIM cards communicate with handsets via the ISO 7816 standard, and a high speed USB protocol is also available for advanced SIM cards. For NFC-ready handsets, SIM cards support the SWP (Single Wire Protocol) that hosts the most secure NFC apps such as payment and transport.
The smart card contained in every GSM mobile telephone
Universal Integrated Circuit Card (UICC)
All 2GSM, 3G, 3G+ and now LTE connected devices such as handsets and tablets are using a microprocessor card called UICC, issued by a Mobile Network Operator (MNO) for both access rights management and value-added services. The first application of the UICC is a secure element is SIM (Subscriber Identity Module) giving the end-user access to the local network and managing the list of preferred roaming networks when travelling abroad. In addition, the UICC is also a service platform for both networks services and value added services offered by the MNO to its subscribers. For example, the UICC is the preferred solution to deploy secure payment and transport solution for NFC mobile services.
One-Time Password (OTP)
One-Time-Password (OTP) is a two factor authentication technique widely used for online banking and enterprise logical access. Security-wise, one factor authentication such as Username/Password is subject to phishing attacks. To strengthen security it is recommended to use 2 factors: "What I know" + "What I have" to eliminate fraudsters from phishing passwords. An OTP device will generate a one-time password to be entered for a given transaction that is mandatory to granting access or validating the transaction. Such OTP devices can be standalone (Timebase or sequencial list of one time passwords) or connected via the internet to a back-office server that calculates the One-Time-Password.
One time password system to prevent using stolen or copied passwords
Two Factor Authentication (2FA)
Two Factor Authentication (2FA) is a security technique aimed at strengthening 1FA techniques (Typically Username/Password). This system requires a second factor that is mandatory to access or validate a transaction. The first factor is usually "Something I know" and the second factor can be "something I have," "Where I am" (geo-localization) or "What I am" (Biometrics).
2FA creates many new initiatives for a seamless second factor system. Today, the second FA is often an OTP (One-Time-Password) calculated by itself or via a connection to a server, and delivered to a device the user has with him/her. Gemalto Ezio Suite offers a comprehensive portfolio of such solutions, including the use of a payment card which generates OTPs.
Public Key Infrasture (PKI)
The Public Key Infrastructure is a broadly used security system that employs a public key to digitally sign and/or encrypt data when performing a secure transaction. PKI solutions require a Certificate Authority (CA) to issue such Public Keys and be liable when linking keys to individuals. PKI deployments involve a Key Management System (KMS) to enroll users, issue certificates and store keys. Gemalto was the first company to propose a solution for remote access to public keys in cloud-based e-mail applications with Just4YourEyes: a Sesames Award winner at Cartes 2011 in November 2011 in Villepinte, France.
Public Key Infrasture
Near-Field Communication (NFC) ISO 14443
Contactless Communication and its implementation is defined and regulated (to ensure interoperability) by the ISO 14443 standard; NFC (Near Field Communication) is a contactless carrier for mobile handsets (or any other mobile device) that can operate in two modes: card emulation mode where the handset behaves like one or more contactless card(s), and card reader mode that enables a handset to read NFC tags.
A great benefit of NFC for payment or transport applications is its ability to operate in "battery off" mode, as opposed to other contactless carriers such as Bluetooth, Zigbe or WiFi.
An international standard for proximity or contactless smart card communication
LTE (Long Term Evolution) or 4G (4th generation) is a full IP protocol that increases the data speed of mobile networks ranging from 10 to 20 compared with existing HSDPA (3G+) networks.
LTE is starting to be deployed in North America and Asia and reach Europe in 2013. The application foreseen to fully benefit from 100Mb/s data speeds is HD video streaming. It is also expected to see M2M (Machine-to-Machine) applications benefiting from LTE networks and big data feeding applications.
An international standard for proximity or contactless smart card communication
Introduced in 1997 by Gemalto, JavaCard is an implementation of Java adapted for a Smart Cards microprocessor system. It optimizes performance with a highly compressed amount of code. UICC SIM cards support Java applets and developers can access a very rich SDK to develop their applications. To date, Java Card and the STK (SIM Tool Kit) are the most efficient methods of deploying applications to more than 4 billion handsets using 2G, 3G and 4G networks worldwide.
Java Card technology
Biometrics is a human identity attribute that is unique to each individual and non-modifiable over time. This identifying human trait can be a fingerprint, an iris image or a DNA sample. Biometric data procurement consists of measuring an identity attribute and comparing it with previously collected records. This step can be done in one of two ways. One method is submitting the comparative analysis to a central online database that stores biometric data collected from enrolled users. The second way is perform a "match-on-card," an offline verification of the stored biometric data found inside the microprocessor chip of the smart card. The second technique, "match-on-card", is an extremely secure method and allows for no central database to obtain remote access.
Similar to Sun Microsystems Java technology, Microsoft introduced .NET in the early 90s to provide developers with an SDK to enhance their services. Gemalto was the first to introduce a .NET card to support that system. Today, Java Cards represent the vast majority of application rich microprocessor cards and secure personal devices.