Re: Paper on Summary of ISO12812 by Alan Thiemann

On behalf of Alan Thiemann:

=======

David, Nick,

To be clear, ISO 12812 in the DIS documents, fully supports HCE.   However, in order to provide sufficient transaction security, the Mobile Financial Service Provider must use apps that contain a secure environment, examples of which in Part 2 are: 1) supplemental software controls; 2) a Secure Element; or 3) a Trusted Execution Environment; an app handling the HCE may be resident in the mobile device or in a secure remote server -- either one may deliver the authorization message following the HCE request.  The standard purposely specifies a security requirement but does NOT dictate how an implementer meets that requirement.

I hope this helps explain what is going on for this point.

Alan


________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

Received on Friday, 22 May 2015 14:12:15 UTC