Digital security involves both physical secure elements, operating systems and software to deliver end-user value by protecting identities and digital assets. Personalization and provisioning mechanisms are also key factors in the execution of innovative business models.
EMV (Europay MasterCard Visa) is a worldwide standard for payment cards that provides global interoperability between all cards and the acceptance networks (Payment Terminals). The EMV standard is also applicable to mobile payment solutions such as mobile EMV with NFC (Near-field-communication).
PC/SC, Personal computer/Smart Card is a standard framework for Smart Card access on Windows Platforms (included in Windows2000).
OCF, the OpenCard Framework is a standard Java framework for working with Smart Cards.
Over-The-Air (OTA) Servers are used to remotely manage mobile devices.
Once in the field and used by consumers, wireless mobile devices can be
remotely accessed to activate/de-active new services, supplement new
applications, update network settings, etc
Gemalto OTA technology is used on site by MNOs as part of their IT back-office and at Gemalto sites to manage services for MNOs. OTA technology is a key element of Gemalto's TSM (Trusted Services Management) solution is critical in securing applications that offer mobile payment and mobile transport to NFC enabled handsets.
The most secure architecture deployed today involves OTA provision for secure apps hosted in the UICC (Universal Integrated Circuit Card).
Trusted Services Management (TSM) is Gemalto's solution of full
management services for MNOs, banks, and Mass Transit Operators who need to
deliver highly secure services on mobile devices (Such as payment,
transport, enterprise access control, etc). TSM allows service specification
Using Secure Data Processing and OTA (Over-The-Air) support mechanisms, Gemalto TSM acts on behalf of its customers to securely install and activate services on end-users devices. TSM is the "Over-The-Air" implementation of the long proven Gemalto know-how in card personalization.
More than 4 billion mobile devices worldwide are using a UICC to manage
users' credentials for network access. A complete eco-system based on
Java-Card technology allows MNOs and their business partners to deploy
innovative services. These services have the capacity to reach all deployed
mobile devices, with no limitation to one particular OS or handset make.
The SIM tool kit is the fastest and most efficient method in developing new ways to reach billions of users. It is also a key asset to MNOs giving them a wide range of solutions for the clients that are hosted in the UICC.
An example of STK's potential global-reach is Facebook-for-SIM that allows mobile phones to access their user's Facebook accounts by using SMS technology.
The UICC (Universal Integrated Circuit Card) is a structural part of all
2G, 3G and now 4G/LTE devices. The most well- known application to manage
users' credentials for network access is SIM (Subscriber Identity Module).
The UICC is a microprocessor hosted by a Java virtual machine that can host
hundreds of new applications developed for the STK (SIM Tool Kit) and it can
also be used for connected machines (M2M)
SIM cards communicate with handsets via the ISO 7816 standard, and a high speed USB protocol is also available for advanced SIM cards. For NFC-ready handsets, SIM cards support the SWP (Single Wire Protocol) that hosts the most secure NFC apps such as payment and transport.
All 2GSM, 3G, 3G+ and now LTE connected devices such as handsets and tablets are using a microprocessor card called UICC, issued by a Mobile Network Operator (MNO) for both access rights management and value-added services. The first application of the UICC is a secure element is SIM (Subscriber Identity Module) giving the end-user access to the local network and managing the list of preferred roaming networks when travelling abroad. In addition, the UICC is also a service platform for both networks services and value added services offered by the MNO to its subscribers. For example, the UICC is the preferred solution to deploy secure payment and transport solution for NFC mobile services.
One-Time-Password (OTP) is a two factor authentication technique widely used for online banking and enterprise logical access. Security-wise, one factor authentication such as Username/Password is subject to phishing attacks. To strengthen security it is recommended to use 2 factors: "What I know" + "What I have" to eliminate fraudsters from phishing passwords. An OTP device will generate a one-time password to be entered for a given transaction that is mandatory to granting access or validating the transaction. Such OTP devices can be standalone (Timebase or sequencial list of one time passwords) or connected via the internet to a back-office server that calculates the One-Time-Password.
Two Factor Authentication (2FA) is a security technique aimed at
strengthening 1FA techniques (Typically Username/Password). This system
requires a second factor that is mandatory to access or validate a
transaction. The first factor is usually "Something I know" and the second
factor can be "something I have," "Where I am" (geo-localization) or "What I
2FA creates many new initiatives for a seamless second factor system. Today, the second FA is often an OTP (One-Time-Password) calculated by itself or via a connection to a server, and delivered to a device the user has with him/her. Gemalto Ezio Suite offers a comprehensive portfolio of such solutions, including the use of a payment card which generates OTPs.
The Public Key Infrastructure is a broadly used security system that employs a public key to digitally sign and/or encrypt data when performing a secure transaction. PKI solutions require a Certificate Authority (CA) to issue such Public Keys and be liable when linking keys to individuals. PKI deployments involve a Key Management System (KMS) to enroll users, issue certificates and store keys. Gemalto was the first company to propose a solution for remote access to public keys in cloud-based e-mail applications with Just4YourEyes: a Sesames Award winner at Cartes 2011 in November 2011 in Villepinte, France.
Contactless Communication and its implementation is defined and regulated
(to ensure interoperability) by the ISO 14443 standard; NFC (Near Field
Communication) is a contactless carrier for mobile handsets (or any other
mobile device) that can operate in two modes: card emulation mode where the
handset behaves like one or more contactless card(s), and card reader mode
that enables a handset to read NFC tags.
A great benefit of NFC for payment or transport applications is its ability to operate in "battery off" mode, as opposed to other contactless carriers such as Bluetooth, Zigbe or WiFi.
LTE (Long Term Evolution) or 4G (4th generation) is a full IP protocol
that increases the data speed of mobile networks ranging from 10 to 20
compared with existing HSDPA (3G+) networks.
LTE is starting to be deployed in North America and Asia and reach Europe in 2013. The application foreseen to fully benefit from 100Mb/s data speeds is HD video streaming. It is also expected to see M2M (Machine-to-Machine) applications benefiting from LTE networks and big data feeding applications.
Introduced in 1997 by Gemalto, JavaCard is an implementation of Java adapted for a Smart Cards microprocessor system. It optimizes performance with a highly compressed amount of code. UICC SIM cards support Java applets and developers can access a very rich SDK to develop their applications. To date, Java Card and the STK (SIM Tool Kit) are the most efficient methods of deploying applications to more than 4 billion handsets using 2G, 3G and 4G networks worldwide.
Biometrics is a human identity attribute that is unique to each individual and non-modifiable over time. This identifying human trait can be a fingerprint, an iris image or a DNA sample. Biometric data procurement consists of measuring an identity attribute and comparing it with previously collected records. This step can be done in one of two ways. One method is submitting the comparative analysis to a central online database that stores biometric data collected from enrolled users. The second way is perform a "match-on-card," an offline verification of the stored biometric data found inside the microprocessor chip of the smart card. The second technique, "match-on-card", is an extremely secure method and allows for no central database to obtain remote access.
Similar to Sun Microsystems Java technology, Microsoft introduced .NET in the early 90s to provide developers with an SDK to enhance their services. Gemalto was the first to introduce a .NET card to support that system. Today, Java Cards represent the vast majority of application rich microprocessor cards and secure personal devices.