1 / 21

Agenda

Agenda. Parts that need to be secured Card authentication Key management. Security with S mart-cards. Avoid use of fake cards for off-line transactions Detect use of skimmed cards in on-line transaction Secure sensitive data sent to the card from the issuer.

seth
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda • Parts that need to be secured • Card authentication • Key management Mårten Trolin

  2. Security with Smart-cards • Avoid use of fake cards for off-line transactions • Detect use of skimmed cards in on-line transaction • Secure sensitive data sent to the card from the issuer Mårten Trolin

  3. Parts That Need to Be Secured • Card – terminal authentication • Card – issuer interaction • Scripts sent to card by issuer Mårten Trolin

  4. Card – Terminal Authentication • The issuer has a certificate signed by the payment net (VISA, Europay or MasterCard) • The payment net acts as CA (Certificate Authority) • The issuer signs its card with its private key and puts the signature on the card • The issuer’s public key certificate is placed on the card • The terminal knows the root (CA) certificate • Using the root certificate, the terminal can verify the signature presented by the card is valid. Mårten Trolin

  5. Card certificate Certificate verified against root certified during transaction Issuer Signed certificate Root certificate Payment net Overview of Keys Used Mårten Trolin

  6. On card Static Data Authentication (SDA) • Each card is equipped with a signature on important card data. • No secret key on card. • Data signed include card number, expiration data, verification methods etc. • The signed data is sent to the terminal when transaction is started. • Same data and signature used every time (therefore static). Mårten Trolin

  7. PAN Header Sequence number Data Authenticaion Code (DAC) Verification methods Other parameters... Signed Static Application Data, Generation Hashed valued Encrypt with issuer private key Signed Static Application Data Mårten Trolin

  8. PAN Header Sequence number Data Authenticaion Code (DAC) Verification methods Other parameters... Hashed valued Signed Static Application Data, Verification Signed Static Application Data Decrypt with issuer public key Mårten Trolin

  9. On card Dynamic Data Authentication (DDA) • Each card is equipped with a private key and a public key. • The public key is in a public key certificate signed by the issuer. • At transaction time, the card signs random data with its private key. • The terminal checks the signature and verifies the certficate chain. • Different data used every time (therefore dynamic). Mårten Trolin

  10. Certificate Chain Unpredictable Number Generation of signature with card private key Digital Signature Dynamic Data Authentication Mårten Trolin

  11. Comparison – SDA vs. DDA Mårten Trolin

  12. Card – Issuer Authentication • Issuer needs a permanent proof that the transaction has taken place. • Protection against fraud that comes from the merchant. • Based on symmetric cryptography • Issuer places a key on the card at issuing. • Issuer keeps the same key for use in authorization processing. Mårten Trolin

  13. Keys for card-issuerauthentication Issuer Payment net Overview of Keys Used Sent during transaction Mårten Trolin

  14. Application Cryptograms • In every request to the issuer, the cards computes a MAC over certain parameters. • This MAC is called application cryptogram. • The exact algorithm is defined between the issuer and the card. Mårten Trolin

  15. Issuer Authentication and Secure Messaging • If the issuer sends a MAC in the response, the card can verify that the message originates at the issuer. • When secure messaging is used, data sent from the issuer to the card is authenticated and/or encrypted. • Necessary for script processing • Change of risk parameters requires the messages to be secured with a MAC. • Change of PIN requires the new PIN to be enciphered. Mårten Trolin

  16. Amount Currency Date Transaction type Other transaction parameters... Computing Application Cryptograms Application cryptogram (8 bytes) MAC computation with card key Mårten Trolin

  17. Computing Response Cryptogram (ARPC) XOR last two bytes with the response from issuer Encrypt with card key Application Response Cryptogram (ARPC,8 bytes) Application cryptogram (8 bytes) Mårten Trolin

  18. Key Derivation • Each key to be put on the card is derived from an issuer master key. • An issuer has (at least) one master key for each key type to be placed on the card. • The derivation process is performed by taking card data and encrypt it with the corresponding master key. • The card information used is PAN (i.e., card number) and sequence number. Card information Encryption Issuer master key Unique card key Mårten Trolin

  19. Session Keys Session information • For security reasons it is often a good idea to use different keys for each transaction. • Keys used only for one transaction are called session keys. Encryption Unique card key Session key Mårten Trolin

  20. Deriving Session Keys • Session keys are derived from the card key and session information. • The session information can be the transaction counter, ATC, or some other information sent in the transaction. • The data used for session key generation must be available to the issuer to allow the issuer to create the same key. • Transaction counter is sent in clear. • Other data used for key generation must be availablethrough other means. Mårten Trolin

  21. Summary • Smart-cards protects the merchant, issuer and card-holder against fraud from counterfeited cards and fake transactions. • For card – terminal authentication different levels of security is possible, e.g., SDA vs. DDA. • Card – issuer authentication gives an electronic seal on transaction data. Mårten Trolin

More Related