Samsung Pay main functions
1. membership cards2. automatic points accumulations (add MC into the phone first)
3. online payment
4. ATM withdrawal
5. transit (without waking up the phone)
Security mechanism:
1. token(a substitute number that replaces this this card number)2. CGK(cryptogram generation key) => authentication codes
3. CGK is worthless on another device
4. it stores all tokenized payment credentials and cryptographic keys inside the TEE
5. cryptogram can only be verified by card network
Add a card
1. Registeruser in TEE -> user enter card information(OCR) -> TEE send Card Details to P/N
-> P/N send back Token&CGK -> TEE encrypt token and send to Samsung Pay
2. Pay
user authorize Samsung Pay via fingerprint -> Samsung pay send encrypted token
back to TEE -> TEE generate cryptogram via CGK -> TEE send cryptogram and token
to POS -> POS send token and cryptogram to card network -> card network verify
cryptogram
沒有留言:
張貼留言