RE: Re: Paper on Summary of ISO12812 by Alan Thiemann

Folks:
I was hamhanded in posting the note below.  Please forgive the duplicate.

I'm now posting to comments and to Alan to make sure that Alan can respond.  So please follow this thread on the comments list.  Please.

Best regards,
David

-----Original Message-----
From: David Ezell [mailto:David_E3@VERIFONE.com] 
Sent: Friday, May 22, 2015 10:11 AM
To: public-webpayments-ig@w3.org
Subject: Re: Paper on Summary of ISO12812 by Alan Thiemann

On behalf of Alan Thiemann:

=======

David, Nick,

To be clear, ISO 12812 in the DIS documents, fully supports HCE.   However, in order to provide sufficient transaction security, the Mobile Financial Service Provider must use apps that contain a secure environment, examples of which in Part 2 are: 1) supplemental software controls; 2) a Secure Element; or 3) a Trusted Execution Environment; an app handling the HCE may be resident in the mobile device or in a secure remote server -- either one may deliver the authorization message following the HCE request.  The standard purposely specifies a security requirement but does NOT dictate how an implementer meets that requirement.

I hope this helps explain what is going on for this point.

Alan


________________________________
This electronic message, including attachments, is intended only for the use of the individual or company named above or to which it is addressed. The information contained in this message shall be considered confidential and proprietary, and may include confidential work product. If you are not the intended recipient, please be aware that any unauthorized use, dissemination, distribution or copying of this message is strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting this email immediately.

Received on Friday, 22 May 2015 14:23:52 UTC