Tài liệu Slide giới thiệu thẻ thanh toán EMV doc

• For a magnetic stripe card there are essentially two aspects to the infrastructure: • Card Issuance – Data generation, personalisation and issuance – PIN mailer in some cases • Card Us

Trang 1

Smart Cards and EMV 1

Smart Cards

and EMV

Michael J Ganley

Trang 2

• Introduction to smart cards

• Smart card infrastructure

• Introduction to EMV

• EMV Cryptography

• Concluding remarks

Trang 3

Introduction to Smart Cards

Trang 4

What is a Smart Card?

• A smart card (also called a chip card or an integrated circuit card

• A Subscriber Identification Module (SIM), used in a mobile phone, is essentially a cut-down smart card.

• A smart card may be a contact card or a contact-less (proximity) card ; some cards are of both types ( combi-card ); a contact card requires a

card reader to allow communication with the card.

• A smart card application may be extremely simple (essentially a

memory card, such as a phone card) or very complex (e.g a credit

application); cards may be single application or multiple application.

Trang 5

Smart Card Architecture

RA

M

bonds

Wire-EEPRO M

Trang 6

Smart Card Memory

RAM Operating System

Application Data &

OS Extensions

OS Work Space

1000 times slower

to write than RAM

Trang 7

Operating Systems

• Most smart cards, today, have proprietary operating systems.

• Java Card – smart card capable of running a Java program.

– Communicates with OS via Java Card Virtual Machine.

– “Write once, run anywhere” concept.

• Multos – proprietary OS, endorsed by MasterCard (amongst others).

– High levels of security (ITSEC level 6 for some chips).

– Demonstrates basic principle of “the higher the complexity, the lower the assurance level”.

– Mondex electronic purse is a Multos application.

• Windows for Smart Cards – MicroSoft initiative, now largely disappeared.

• Open Platform – “a global and open multi-industry interoperable framework”, promoted by Visa (amongst others).

Trang 8

Smart Card Security (1)

• Physical Security

– Chip construction (micro-technology); protected layers

– Address and data lines that logically belong together are intermingled in different

layers

– Phantom transistors are embedded in the circuitry to make examination more difficult – Upper and lower limits for clock frequency hinder the examination of the circuitry.

• Logical Security

– The operation of the card is controlled by an operating system No information that is

not meant to be read out can be discovered from the card.

– “Firewalling” of applications

Trang 9

Smart Card Security (2)

Trang 11

Typical Applications (1)

Trang 12

Typical Applications (2)

• For example:

– Credit/debit (e.g EMV)

– Electronic purse (e.g Visa Cash, Mondex, Geldkarte)

– Loyalty (e.g Shell)

• Multi-application (for example):

– Malaysia GMPC card – identity card, passport, health records, driving licence (inc endorsements), electronic

purse, biometrics.

– “Citizen Card” – transport card, access to local services, etc (e.g Aberdeen, Cornwall).

Trang 13

The “Holy Grail”

• The ideal situation is for everybody to have a single

smart card that contains all necessary applications and can be used everywhere.

Trang 14

Smart Card Infrastructure

Trang 15

Magnetic Stripe Cards (1)

• It is instructive to consider, initially, the infrastructure for magnetic stripe cards and

then compare that with the smart card infrastructure (ignoring the billing side of things).

• For a magnetic stripe card there are essentially two aspects to the infrastructure:

• Card Issuance

– Data generation, personalisation and issuance

– PIN mailer (in some cases)

• Card Usage

– Transaction (Cardholder, Retailer, Acquirer and Issuer)

– Lost or stolen card, forgotten PIN (etc)

Trang 16

Magnetic Stripe Cards (2)

Card Issuer

Personalisation System Raw Materials

Card Data

PIN Mailer Card

Acquirer Terminal

Transaction System

Trang 17

Smart Cards

• For a smart card there are essentially three aspects to the infrastructure:

• Card Issuance

– Chip manufacture, card fabrication

– Public Key Infrastructure (in some cases)

– Data generation (some secret), personalisation and issuance

– PIN mailer (in some cases)

• Card Usage

– Transaction (Cardholder, Retailer, Acquirer and Issuer)

• Post Issuance (Card Management System)

– Lost or stolen card, forgotten PIN (etc)

– Load new applications, update or delete existing applications

Trang 18

Personalisation System Chip Manufacturer

Card Data

Unpersonalised Card Chip

Raw Materials

Trang 19

Smart Cards - Usage

Card Issuer

Acquirer Terminal

Security of overall transaction is

between the card and the Card Issuer

Trang 20

Smart Cards – Post Issuance

Issuer Card Management System and P3

Trang 21

Introduction to EMV

Trang 22

What is EMV?

• Europay, M asterCard and V isa

• EMV2000: Integrated Circuit Card Specification for Payment Systems.

– Complies with the ISO 7816 standards

• As well as specifying the functional requirements of a payment

application, it defines a framework for chip based applications However,

is only concerned with the Terminal side of transaction processing.

• The UK is currently rolling-out EMV-based chip cards

– Full compliance by 2005

– Liability issues

Trang 23

Context

• EMV2000: Integrated Circuit Card Specification for Payment Systems, Version 4.0

– Book 1: ICC to Terminal Interface Requirements

– Book 2: Security and Key Management

– Book 3: Application Specification

– Book 4: Cardholder, Attendant and Acquirer Interface Specifications

• Security Architecture based on Book 2

• Full alignment between Europay and MasterCard

• Minor differences between Visa and MasterCard

Trang 24

EMV Type Approval

• The Level 1 Type Approval process tests compliance with

electromechanical characteristics, logical interface, and transmission protocol requirements defined in part 1 of the EMV specifications.

requirements defined in the remainder of the EMV specifications.

– This includes the security requirements, including the physical security of devices

(Book 2).

Trang 25

EMV Cryptography

Trang 26

Cryptographic Techniques

Trang 27

EMV Security Techniques

• Security Requirements

– card authentication to terminal

• Static or Dynamic Data Authentication (SDA,

DDA) – transaction integrity

• application cryptogram (MAC)

– secure messaging

• confidentiality (encryption) and integrity (MAC)

– PIN encryption at point of entry (optional)

Trang 28

EMV Security Techniques

• Algorithms

– 3-DES, RSA, SHA-1

– possibly new algorithms in the future (e.g ECDSA)

• Mechanisms

– RSA digital signatures and public key certificates

• EMV format certificates

– card unique 3-DES keys, derived from Master Keys – unique session keys for encryption and MAC

Trang 29

Public Key Certificate (EMV)

Public Key Certificate

EMV formatting

Certificate Core

General information about the user and the application

Public Key Remainder

Hash Result

Hash of data

Trang 30

Certificate Validation

• Use the public key of the Trusted Third Party (that

signed the certificate) to encrypt the certificate.

• Check EMV format of revealed data (header, trailer,

certificate format).

• Hash the data (not header, trailer, hash result),

including public key remainder.

• Validate the calculated hash result against the hash

result contained in the revealed data.

• Extract the public key (modulus and exponent) from

the revealed data and the public key remainder

Trang 31

Card Authentication

• Before a card transaction can take place, certain card data is

authenticated by the terminal

• There are two methods of card authentication, both involving RSA

and EMV certificates.

–Static Data Authentication (SDA)

–Dynamic Data Authentication (DDA)

• In both cases, a Payment System public key certificate is stored in

the terminal and an Issuer public key certificate is stored on the card.

–Payment System certificate is self-signed

–Issuer certificate is signed by the Payment System CA

• Payment System CA is the “root” of the CA hierarchy

Trang 32

Static Data Authentication (SDA)

• Static data on the card is signed using the RSA

private key of the Issuer and the result is stored on the card.

– Static Authentication Data includes:

• Primary Account Number (PAN)

• Application Expiry Date

• Issuer Parameters

• SDA is used to validate that certain data elements

on the card have not changed since the card was

issued.

• SDA does not prevent replay attacks.

Trang 33

CER TIFIE D

PK CA distributed to Acquirer for loading in Terminal

Trang 34

IC Terminal

IC Card

Card provides to terminal:

Signature OK

Terminal:

• Uses PK CA to retrieve the Issuer’s PK ISS which is certified by the CA

• Uses PK ISS to verify the digital signature of the card data

• Card data with Issuer’s

digital signature

Card static data

• PK ISS certified by

Certification Authority (CA)

CER TIFIE D

SDA - Authorisation Phase

Trang 35

Dynamic Data Authentication (DDA)

• DDA provides authenticity and integrity of ICC

and terminal dynamic application data (signed by ICC private key).

• Allows detection of unauthorised alteration of ICC

data after the card has been personalised.

• Prevents replay attacks and ICC counterfeiting.

• DDA involves a Terminal Unpredictable Number

and Dynamic ICC Data.

Trang 36

CER TIFIE D

PK CA distributed to Acquirer for loading in Terminal

(ICC)

SK IC

Private Key (ICC)

Trang 37

DDA - Authorisation Phase

IC Terminal

IC Card

Card provides to terminal:

Signature OK

• Uses PK CA to retrieve the Issuer’s PK ISS which is certified by the CA

• Uses PK IC to verify the digital signature on the card and terminal data

• PK ISS certified by

Certification Authority (CA)

CER TIFIE D

• PK IC certified by Issuer

CER TIFIE D

• Uses PK ISS to retrieve the ICC

PK IC which is certified by the Issuer

• Digital signature on the UN and the ICC

Dynamic Data generated using SK IC

Terminal:

Terminal provides to card:

• Unpredictable Number (UN)

INTERNAL AUTHENTICATE

Trang 38

PIN Encryption (Optional)

Trang 39

Offline PIN Encryption

• Offline PIN encryption is an optional process in EMV which

provides for encryption of entered PIN between a secure PIN Pad (may be integrated in Terminal) and an ICC.

• A Secure PIN Pad is a tamper-evident device

• Use RSA public key encryption with a choice of keys:

– ICC Public Key (PKIC), or

– ICC PIN Encipherment Public Key (PKPE)

– PKIC is the same key as used in DDA; PKPE is a different public key (held in certified form) on the card.

Trang 40

Offline PIN Processing

Validate PK IC or

PK PE

GET CHALLENGE

Unpredictable Number (UN)

PK IC or PK PE and UN

PIN Pad generates random

padding

Create data block to include

PIN, UN and random padding

and encrypt with PK IC or

PK PE

Cardholder enters PIN

Encrypted PIN Data

VERIFY (includes Encrypted PIN Data)

Decrypt Encrypted PIN Data, using

SK IC or SK PE and validate UN and

PIN

IC Terminal Secure PIN Pad

IC Card

Trang 41

Transaction Security

Trang 42

Transaction Security

• EMV transaction security is based on the use of 3-DES session

keys, derived using certain random data and an ICC Master Key.

• The ICC Master Key is derived from the card PAN and PAN

Sequence Number and an Issuer Master Key.

• The ICC Master Key is unique for each card and is stored in

the card.

• The Issuer Master Key is stored at the Authorising host

system, which calculates the ICC Master Key and (hence) the session keys “on-the-fly”.

• Different Issuer Master Keys are used for transaction integrity

and for secure messaging.

Trang 43

ICC Master Key Derivation

Issuer Master

Key (double

length)

PAN + PAN Sequence Number

Trang 44

ICC Master Keys

• An ICC may hold up to four ICC Master Keys, as follows, each

derived from the corresponding Issuer Master Key:

To derive session key for secure messaging confidentiality (encryption)

To derive ICC Dynamic Number for use

in Dynamic Data Authentication (DDA)

Trang 45

Session Key Derivation

• Session keys are derived from the appropriate ICC Master Key and transaction

or unpredictable data.

the ICC’s Application Transaction Counter (ATC) and an Unpredictable Number (UN) supplied by the terminal are used as input (see next slide).

• Session keys for secure messaging are derived using the same technique, but with

different “random” data.

straight 3-DES encryption of the ATC and UN (suitably padded).

Trang 46

AC Session Key Derivation

Trang 47

Application Cryptogram Calculation

• Application Cryptogram (AC) is simply a MAC calculated with a 3-DES session

key (derived from the ICC Master Key).

• Algorithm defined in ANSI X9.19 and ISO 9797-1

• SK(L) = Session Key (left half)

• SK(R) = Session Key (right half)

Trang 48

Secure Messaging

• Secure messaging is used between the Issuer’s host system and the

smart card, to allow (for example) update of certain card

parameters, application unblock or PIN change/unblock.

• Secure messaging provides data integrity and origin

authentication (via a MAC) and confidentiality (encryption).

– Encryption uses 3-DES Cipher Block Chaining (CBC).

– MAC calculated as previously described

• Secure messaging session keys are derived for both services, using

the technique previously described (using IMKSMI and IMKSMC).

Trang 49

Transaction Processing

Trang 50

Transaction Processing

• Once application selection, card authentication (SDA or DDA),

optional PIN verification (etc) have taken place, then transaction processing begins.

• The basic security mechanism for transaction processing is the

Application Cryptogram (AC, calculated using the session key

SKAC).

• There are three types of AC:

– Transaction Certificate (TC), for offline processing

– Application Authentication Cryptogram (AAC), for rejected transaction

– Authorisation Request Cryptogram (ARQC), for online authorisation

Trang 51

Application Cryptogram Generation

Terminal creates Terminal Data (Amount, Date, …, Terminal Verification Results) and Unpredictable Number

GENERATE AC

(includes Terminal Data and UN)

ICC calculates AC session

key (SK AC ), using ATC and

UN

ICC calculates AC on

Terminal Data and ICC Data

(Card Verification Results)

using SK AC Cryptogram (TC, AAC Application

or ARQC)

Terminal processing

continues accordingly

IC Terminal

IC Card

Trang 52

ARQC and Issuer Processing

IC Terminal

Issuer Host Issuer Master Key (MK AC )

Card and transaction data and ARQC

Host calculates IMK AC using

MK AC and ICC PAN/PAN Sequence Number

Host calculates SK AC using IMK AC and ATC/UN

Host verifies ARQC and generates an ARPC Response Code (ARC)

ARPC and ARC

ARPC = 3-DES(IMKAC)[ARQC  ARC]

Trang 53

ARPC Verification

GENERATE AC

(includes ARPC and

ARC)

ICC verifies ARPC, using

IMK AC , ARQC and ARC

ICC calculates AC (either TC or

AAC)

Terminal processing

continues accordingly

IC Terminal

IC Card

Tiêu đề	Smart cards and emv
Tác giả	Michael J Ganley
Trường học	Unknown
Chuyên ngành	Smart Cards and EMV
Thể loại	Tài liệu
Năm xuất bản	Unknown
Thành phố	Unknown

Định dạng
Số trang	56
Dung lượng	1,89 MB