Host card emulation with tokenisation: security risk assessment
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2019 |
| Outros Autores: | , |
| Tipo de documento: | Artigo |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/20.500.12207/5056 |
Resumo: | Host Card Emulation (HCE) is an architecture that provides virtual representation of contactless cards, enabling transactional communication for mobile devices with Near-Field Communication (NFC) support without the need of Secure Element (SE) hardware. Performing the card emulation mainly by software, usually in wallet-like applications which store payment tokens for enabling transactions, creates several risks that need to be properly evaluated in order to be able to materialise a risk-based implementation. This paper describes the HCEt and proposes the identification and assessment of its risks through a survey conducted to specialists in the subject matter, analysing the model from the point of view of a wallet application on a mobile device that stores payment tokens to be able to perform contactless transactions. Despite the increasing complexity and specialisation of software, hardware, and the respective technical cyberattacks we conclude that the human nature remains the easiest to exploit, with greater gains. |
| id |
RCAP_47cf11f77bc0532dab4765b837e9e612 |
|---|---|
| oai_identifier_str |
oai:repositorio.ipbeja.pt:20.500.12207/5056 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Host card emulation with tokenisation: security risk assessmentHost Card EmulationTokenisationRisk AssessmentNear-Field CommunicationMobile DeviceHost Card Emulation (HCE) is an architecture that provides virtual representation of contactless cards, enabling transactional communication for mobile devices with Near-Field Communication (NFC) support without the need of Secure Element (SE) hardware. Performing the card emulation mainly by software, usually in wallet-like applications which store payment tokens for enabling transactions, creates several risks that need to be properly evaluated in order to be able to materialise a risk-based implementation. This paper describes the HCEt and proposes the identification and assessment of its risks through a survey conducted to specialists in the subject matter, analysing the model from the point of view of a wallet application on a mobile device that stores payment tokens to be able to perform contactless transactions. Despite the increasing complexity and specialisation of software, hardware, and the respective technical cyberattacks we conclude that the human nature remains the easiest to exploit, with greater gains.APSI2019-12-02T14:35:00Z2019-10-01T00:00:00Z2019-10-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/20.500.12207/5056engFonte, Luís Pereira daOliveira, Valentim VieiraBarros, João Pauloinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2022-06-23T07:47:32Zoai:repositorio.ipbeja.pt:20.500.12207/5056Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T14:59:23.383213Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Host card emulation with tokenisation: security risk assessment |
| title |
Host card emulation with tokenisation: security risk assessment |
| spellingShingle |
Host card emulation with tokenisation: security risk assessment Fonte, Luís Pereira da Host Card Emulation Tokenisation Risk Assessment Near-Field Communication Mobile Device |
| title_short |
Host card emulation with tokenisation: security risk assessment |
| title_full |
Host card emulation with tokenisation: security risk assessment |
| title_fullStr |
Host card emulation with tokenisation: security risk assessment |
| title_full_unstemmed |
Host card emulation with tokenisation: security risk assessment |
| title_sort |
Host card emulation with tokenisation: security risk assessment |
| author |
Fonte, Luís Pereira da |
| author_facet |
Fonte, Luís Pereira da Oliveira, Valentim Vieira Barros, João Paulo |
| author_role |
author |
| author2 |
Oliveira, Valentim Vieira Barros, João Paulo |
| author2_role |
author author |
| dc.contributor.author.fl_str_mv |
Fonte, Luís Pereira da Oliveira, Valentim Vieira Barros, João Paulo |
| dc.subject.por.fl_str_mv |
Host Card Emulation Tokenisation Risk Assessment Near-Field Communication Mobile Device |
| topic |
Host Card Emulation Tokenisation Risk Assessment Near-Field Communication Mobile Device |
| description |
Host Card Emulation (HCE) is an architecture that provides virtual representation of contactless cards, enabling transactional communication for mobile devices with Near-Field Communication (NFC) support without the need of Secure Element (SE) hardware. Performing the card emulation mainly by software, usually in wallet-like applications which store payment tokens for enabling transactions, creates several risks that need to be properly evaluated in order to be able to materialise a risk-based implementation. This paper describes the HCEt and proposes the identification and assessment of its risks through a survey conducted to specialists in the subject matter, analysing the model from the point of view of a wallet application on a mobile device that stores payment tokens to be able to perform contactless transactions. Despite the increasing complexity and specialisation of software, hardware, and the respective technical cyberattacks we conclude that the human nature remains the easiest to exploit, with greater gains. |
| publishDate |
2019 |
| dc.date.none.fl_str_mv |
2019-12-02T14:35:00Z 2019-10-01T00:00:00Z 2019-10-01T00:00:00Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/20.500.12207/5056 |
| url |
http://hdl.handle.net/20.500.12207/5056 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
APSI |
| publisher.none.fl_str_mv |
APSI |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799129866950410240 |