Betting $11.6 millions on Android’s host card emulation
Introduced on Android 4.4 (KitKat) and publicly supported by Visa and MarsterCard, Host Card Emulation (HCE) relies on a secured cloud-based transaction to allow contactless payments and services through any NFC-enabled mobile device. The mobile application connects the consumer’s bank to the retailer’s point of sale using NFC, whilst all the sensitive user and banking data is stored and accessed from the bank’s secure cloud servers where the transaction is processed.
By emulating a smart card, HCE bluntly takes telecom operators and smart card vendors out of the equation since banks no longer have to retribute them for hosting some of the secure services on the SIM card or an embedded secure element inside the mobile phone. Instead, they implement cloud-based secure elements so the payment processing app is not just running on its own (on a vulnerable mobile platform).
This may well put an end to the long battle between Telcos, mobile mobile manufacturers and banks for the NFC transaction pie.
Both Visa and MasterCard have announced tools and support applications for banks to adopt HCE as an alternative to renting memory space on the SIM. Of course for the transaction to take place, an internet connection is required, but rather than requiring an always-on connection, digital tokens could be issued at times of connection by the banks’ secure cloud, only valid for short intervals of time.
MasterCard who has already been proving HCE on small scale trials with Capital One and Banco Sabadell, plans to unveil its secure remote payment specifications by mid-2014.
Closing the deal, Inside Secure paid USD 11.6 million in cash and could pay an additional USD 4.5 million in 2015 subject to completion of certain 2014 business milestones. The company already offers hardware-based and software-based encryption solutions but it is acquiring some very interesting software developments from Metaforic, crucial to secure Host Card Emulation (HCE)-based mobile payments.
Founded in 2006, Metaforic took the gold award at last year’s American Technology Awards in the Cyber Security category for its self-defending software immune system dubbed Metaforic Core.
The Metaforic software analyzes code transparently as it runs, with thousands of so-called antibody agents distributed throughout the code to check the program and each other. While impacting computing performance by less than 1%, Metaforic antibodies are said to be resistant to detection and automated removal techniques, and if any change is made to the executable, multiple antibodies detect the change and respond.
Another interesting product now in Inside Secure’s portfolio is Metaforic’s code concealer, which enables software developers to hide sensitive data such as encryption keys in software and to obfuscate sensitive code. In short, code disassembly and dissemination are used to make the software more difficult to understand and to reverse-engineer. This code concealment approach can be hardened with the software immunization described above.
The acquisition will not only expand Inside Secure’s IP licensing revenues, it brings in Metaforic’s know-how and customer base in the mobile and payment industries. Over the last two years, Inside Secure was licensing Metaforic’s technology for its content protection (DRM) solutions.
Chief Executive Officer of Inside Secure, Remy de Tonnac is a firm believer of HCE-based, cloud-based mobile payment solutions which he expects to become mainstream since they have been endorsed by Visa and MasterCard.
“The Metaforic acquisition is superbly aligned with Inside Secure’s strategy. It will uniquely position Inside Secure as the only company able to provide security solutions for enterprise secure access, digital entertainment and financial services markets, the three key market drivers for mobile security” Tonnac said in a statement.
Visit Inside Secure at www.insidesecure.com