Creating an In-Aisle Purchasing System from Scratch

Jonathan LeBlanc Twitter: @jcleblanc

• Apple / Android pay type integrations

• Secure hardware prototype integrations with microelectronics

• Non-register integrations

• Generating, handling, and securing tokens

• Building an unbound physical payment architecture

• Creating secure payment transmission through potentially poorly secured hardware

A Bit on Tokens

Tokenization Luhn Algorithm

Token Durability Types

• Durable: Long lived (~ 48 months), allows customer tracking, merchant preferred.

• Transaction: One time use, more secure, ideal for small businesses not tracking customers.

Process Create a surrogate value for customer credit card data

Attributes • 13 – 19 digits in length• Passes Luhn check validation

For our use case

Starting Value 4539248095434517Reverse Digits 7154345908429354

Multiply even digits by 27+(2)+5+(8)+3+(8)+5+(18)+0+(16)+4+(4)+9+(6)+5+(8)

Subtract 9 from numbers above 97+(2)+5+(8)+3+(8)+5+(9)+0+(7)+4+(4)+9+(6)+5+(8)

Sum all digits 90Mod 10 verify 0 (remainder)

The Luhn Algorithm

Apple / Android pay tokenization system

EMV payment tokenisation specification

Merchant register is changed to hardware transfer bridge

Network handles direct merchant requests. Vault stores surrogate to token lookup.

Customer to Device Interaction

Secure Element Host-based Card Emulation

Arduino with NFC or BLE Shield

Beacon BLE Hardware

How do you protect privileged information during data transmission?

Asynchronous Cryptography: Securing Data Through Transmission

Device Fingerprinting

Getting Paired Devices

{ requsterid: ‘1234’, usertoken: ‘443478943234’, device: { ... }, payment: { price: ’20.22’, currency: ‘CAD’, quantity: ‘2’ }}

Example Payload for Risk Assurance Data

The API Network

/device issue / delete a requester ID for a verified hardware device or terminal.

/pay issue / update / cancel a verified payment from a customer.

/key issue / update / delete a new encryption key set for a customer device (phone).

API Endpoints Needed

When generating new user tokens, how can we reduce the possibility of token collision?

Example Packages (Node) • node-uuid • hat

Reducing Collision Risk • hat.rack() function • Additional params to node-uuid or hat to further randomize the

generated token

Using Respected Modules

The Token Vault

Token Vault Security• Strong physical and logical security measures per industry standards

(PCI DSS, OWASP, etc).• Secured internal network• Strong cryptography and security protocols• Restrict user access and roles to system• System is protected from vulnerabilities• ...

• Transactions are restricted to domains that are registered to valid token requesters.

Credit Card Vaulting

Credit Card InformationAddress InformationCard Holder Name...

7e29c5c48f44755598dec3549155ad66f1af4671091353be4c4d7694d71dc866

https://developer.paypal.com/docs/api/vault/

CAP Theorem

• Consistency: Data to and from different nodes in the distributed system should always be identical.

• Availability: The vault is always available to service requests.

• Partition Tolerance: The distributed system can continue to work even in the event of underlying data communications network failure, or hardware failure in a node.

If consistency is dropped, how do we ensure that the payment token retrieved is the correct and newest one?

Multiple Record Storage

Surrogate Token Payment Token Delete

5256771698017130 d66f1af4671091353be4c true

5355427967576526 d66f1af4671091353be4c false

5535770792529787 7e29c5c48f4475523ef56 false

Wrapup Links• Host Card Emulation (Android):

https://developer.android.com/guide/topics/connectivity/nfc/hce.html

• EMV Tokenisation specification: https://www.emvco.com/specifications.aspx?id=263

• Asynchronous cryptography example: https://github.com/iddatasecuritybook/chapter7/tree/master/asymmetric-crypto

• Android Build info: http://developer.android.com/reference/android/os/Build.html

Thank you!Slides: slideshare.net/jcleblanc

Jonathan LeBlanc Twitter: @jcleblanc