Interpay Introduction
Company name | Interpay Co., Ltd. Location | Seoul, Korea Industry | Fintech, Security Homepage | www.interpay.kr Contact | [email protected]
Executive Summary
1. Technology
2. Trusted Authentication Platform (TAP)
3. TAP solution
4. TAP demo & benefits
5. Company History
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
Executive Summary
2
High smartphone penetration, spurring use of mobile transactions, coupled with recent financial deregulation have markedly increased the need for secure mobile transaction solutions. Interpay, receiving industry-wide recognition for its innovative TZ OTP and TZ SIGN solutions, is solidly positioned to answer the demand for secure and reliable authentication
TZ OTP and TZ SIGN, based the ARM® TrustZone® security architecture, are highly secure and user friendly solutions
TZ OTP resides in the smartphone, hence no need to manufacture a costly OTP token nor carry a cumbersome hardware which can be easily misplaced. More importantly, it is transaction sync’d using the high-end challenge and response convention to enhance the integrity of the data
TZ SIGN provides a higher level of authentication. Utilizing a Trusted Third Party to generate a digital signature, enhances the integrity of the transaction
The security of the service provider’s services are enhanced by processing all data in the secure TrustZone® isolated processing environment, and the use of an interface the effectively block key logging, screen mirroring and malware
Interpay has commercially launched TZ OTP through Korea’s leading credit card company and will be implemented on another client platform in the near future
In addition, financial settlement houses are currently conducting rigorous tests and reviews. Interpay expected the tests will yield positive results to significantly expand the Company’s market reach
Interpay aims create a single solution platform called TAP, which can be used from simple logins, money transfers, home security and more, thereby increasing user convenience while securely protecting sensitive data and service integrity
As Interpay’s expands its foothold in Korea, the testbed for many global IT companies, the Company plans to explore overseas markets to tap into the rapidly growing pool of ARM® TrustZone® security architecture embedded devices, currently estimated at over 400 million devices
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
1. Technology TrustZone® and TEE
3
REE1 TEE
Rich OS Trust OS
TEE concept
Trusted Execution Environments (“TEE”) Trusted OS houses the TEE, where all processing of sensitive data
are performed Separated from the normal rich operating system housing most
mobile apps, TEE is a secure isolated area providing security features such as isolated execution and integrity of Trusted Applications (“TA”)
Only a registered TA can access and process in the TEE, protecting the data from unwanted intruders
1. Rich Execution Environment: Most downloaded apps installed in this space: prone to hacking
TrustZone® Security architecture developed by ARM® , TrustZone® is a
dedicated security core on an Application Processor (“AP”) This system on a chip provides a virtual Trusted Operating System
(“Trusted OS”), where each Trusted OS is unique to each device AP Number of connected devices with the embedded architecture is
growing rapidly: projected to jump 2-fold to c. one billion devices
Interpay Interpay’s TZ OTP and TZ SIGN are TA solutions developed using the
TrustZone® architecture
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
2. Trusted Authentication Platform (TAP) TAP concept
4
Interpay developed a Trusted Application Platform (“TAP”), a smart and versatile platform
offering TrustZone® security, convenience and flexibility
Service Provider Interpay End user
Required verification Applications Medium
Possession
Transaction
Knowledge
Biometric
Digital
signature
Bank
Credit card
Securities
Portal
Home/building
security
Automotive
ID
·····
Login
Acct transfers
Mobile card
Stock order
Home security Intra company
report
O2O
IOT
Authentication Technology
OTP Signing TUI
Authentication Service
TZ OTP
LogTAP SendTAP BuyTAP
SignTAP
Desired task
····· TZ SIGN
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
3. TAP solution TZ OTP (One Time Password)
5
TZ OTP is a safe and cost-effective solution to widespread use of OTP, and answers the growing
demand for security and convenience
No need to carry a cumbersome separate OTP device
Significantly reduce OTP costs (no hardware): no production, inventory nor related costs
Maintain service integrity
Multi-purpose: conduct banking, credit card , stock transactions
TZ OTP
TUI protects sensitive personal and transaction data
Maintain high level of authentication confidence: 2-factor authentication (possession, knowledge) enhanced by transaction sync’d OTP
End user benefits
Servicer provider (Client) benefits OTP generated by a TA, which is activated in a TEE
Complex challenge and respond OTP algorithm; generate a transaction sync’d unique OTP
Safely complete transaction in less time
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
3. TAP solution TZ SIGN
6
TZ SIGN couples the highly secure transaction-based TZ OTP with the digital signature (non-
repudiation) from a Trusted Third Party (“TTP”) to maximize transaction security and authenticity
OTP KEY
Issue TZ SIGN
Service provider
ⓞ
①
② ④
④
③
TZ SIGN issue and registration
Transaction details and transaction sync’d OTP
Request transaction data verification and digital signature
Verify OTP and issue digital signature
0
1
2
3
Reply to request and execute transaction 4
Safe and convenient transaction execution
Private ID key stored in the smartphone (no need for separate device)
End-user benefits
Servicer provider (Client) benefits
Digital signature notarized from TTP
Non-repudiation on every transaction
High level authentication
Reduce transaction process (OTP + ID key)
Trusted Third Party
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
4. TAP demo & benefits
7
TAP
TAP TAP is a single platform capable of managing various authentication requirements TAP can be installed as an app or as a module in the Client app
Flexibility Authentication requirements set by service provider End-user conducts various authentication tasks with a single app in a highly secure, private
environment
Security Multi security layers protects sensitive data Only a specific Client app can initiate a TAP app residing in the end-user device Encrypted OTP and other data is sent from TAP app to server (end-to-end communication) Server verifies the Client app for integrity End-user verified through PIN or biometric Transaction sync’d authentication and digital signature enhances level of authentication
▶Shinhan Card ‘PhoneOTP’ with PIN
▶Shinhan Card ‘PhoneOTP’ with fingerprint
▶Samsung Card ‘AnsimOTP’ - commercialized
▶TAP Banking demo with TUI
▶TAP Payment demo with TUI
▶TUI with MHL cable
Demo Video Link (Click to view in Youtube)
Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited
Partners & Clients
5. Company History
• January - Samsung Card selects TZ OTP for card authentication services
• February - Shinhan Card, world first to launch TrustZone technology based TZ OTP
- Invited to MWC 2016 to demonstrate solutions • March - Chosen by Shinhan Financial Group invites Interpay to participate in its second annual fintech program
- Received Innovation Award from ARM for development and commercialization of a B2C financial solution
• May - Presented at GlobalPlatform’s regional TEE seminar in Seoul
• June - Korea Financial Telecommunications & Clearing approves general use of TZ OTP
- Samsung Card launches mobile card with embedded TZ OTP solution
• July - Shinhan Bank signs MOU to use TAP
• September - Presented at Shinhan Futures Lab Demoday
• January 2013 - Registered as an electronic financial service with the Financial Service Commission
• July - Launched Paytok service
• November - Signed licensing agreement with Trustonic - Designated at a venture company by the Small & Medium Business Corp.
• December - Participated in a Financial Security Institute sponsored study to develop mobile transaction solutions
- Opened Paytok offline transaction service
• July 2009 - Establish Interpay
• May 2010 - Establish Paytok (mobile debit payment service)
• March 2012 - Completed buildout of Paytok system
• January 2015 - Presented at Financial Supervisory Service’s Fintech Forum
• March - Invited to MWC 2015 to demonstrate solutions
• April - KOSCOM, agree to jointly develop next generation authentication service
• May - Signed distribution agreement with Intercede
• August - Presented at the Financial Services Commission’s Fintech Demoday
• November - Shinhan Card agrees to use TZ OTP - Woori Bank signs cooperative agreement
• July 2014 - Completed development of TZ OTP - Opened Paytok mobile transaction service - Participated in a Financial Security Institute sponsored study to enhance mobile card security
• November - Completed development of TZ SIGN
• December - BC Card proved concept of payment system based on TZ OTP
- World first to develop TUI
2016 2014~2015 2009~2013