Secure Channel
MineSec SDK allows the application developer to design and implement its own secure communication channel between the mobile application and backend systems.
All communication between the application and the backend must be protected by a secure channel. No payment data or MPoC assets may be transmitted unless the secure channel is established.
The application developer is responsible for ensuring that the secure channel meets applicable PCI MPOC requirements.
Cryptographic Protection
The secure channel must provide:
- Confidentiality (encryption)
- Integrity
- Authentication
This is typically implemented using TLS 1.2 or later with strong cipher suites, or an equivalent secure protocol.
Mutual Authentication
The secure channel must authenticate:
- The application to the backend, and
- The backend to the application.
Authentication must occur before any payment, PIN, or MPoC-protected data is exchanged. Certificate pinning or embedded trust anchors may be used to strengthen trust.
Session Security
Each secure channel session must:
- Use unique cryptographic keys,
- Prevent replay attacks,
- Prevent man-in-the-middle (MITM) attacks, and
- Prevent protocol or cipher downgrade attacks.
Trust Reuse
After the application is provisioned, secure channels must reuse the established trust. The application must not re-provision itself on every connection.
MPoC Data Protection
All sensitive MPoC assets (e.g., PAN, PIN, cryptographic data, attestation data) remain protected by the MineSec MPoC SDK using application-level encryption and authentication.
The application must not attempt to decrypt, modify, or bypass this protection, even though it controls the underlying transport secure channel.