答复: Paper on Summary of ISO12812 by Alan Thiemann

Thanks for Alan's summary.

For the" Part 2: Security and data protection for mobile financial
services",I have some consideration that in order to protect financial
privacy useful, the mobile device technology should combines Secure Elements
(SE) and a Trusted Execution Environment (TEE) to protect payment
credentials. Beacause the SE only has Limited processing and storage
capacity, but TEE can offer safe execution of authorized security software,
known as 'trusted applications', enables it to provide end-to-end security
by enforcing protection, confidentiality, integrity and data access rights. 

And when we design the payment architecure and use cases, we should also pay
attention to that some payment application should be served as a TA(trusted
appliation) to run in the TEE for security.

For example in the Use case  "6.2.3.1 Non-essential Use Cases -Biometric",
we have already emphasized as following:
An individual's privacy should be protected when performing any sort of
biometric authentication.
Important data, such as the fingerprint template and private key, and
sensitive code should be stored and executed in a Trusted Execution
Environment (TEE).

-----邮件原件-----
发件人: David Ezell [mailto:David_E3@VERIFONE.com] 
发送时间: 2015年5月18日 0:56
收件人: public-webpayments-ig@w3.org
抄送: Alan J. Thiemann (ajthiemann@gmail.com)
主题: Paper on Summary of ISO12812 by Alan Thiemann

Dear Web Payments group:

My colleague Alan Thiemann[1] has written a summary of ISO 12812[2].  This
work is Alan's opinion of the work - not official.  But it is a very good
introduction to the work and the expected trajectory at ISO.

I would request that everyone in our group give this paper consideration -
it won't take long, and will help inform any needed discussion.

Best regards,
David

[1] Alan is on the Board of Advisors for Conexxus (NACS technology) and does
work for NACS.  He serves as chair of the X9 Mirror Group handling ISO 12812
work in the US.
[2]
https://lists.w3.org/Archives/Member/w3c-archive/2015May/att-0254/Executive_
Summary_of_ISO_12812_05012015.pdf
________________________________
This electronic message, including attachments, is intended only for the use
of the individual or company named above or to which it is addressed. The
information contained in this message shall be considered confidential and
proprietary, and may include confidential work product. If you are not the
intended recipient, please be aware that any unauthorized use,
dissemination, distribution or copying of this message is strictly
prohibited. If you have received this email in error, please notify the
sender by replying to this message and deleting this email immediately.

Received on Monday, 18 May 2015 07:10:41 UTC