Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.

Similar presentations


Presentation on theme: "Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management."— Presentation transcript:

1 Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management

2 Mar 18, 2003Mårten Trolin2 Security with Smart-cards Avoid use of fake cards for off-line transactions Detect use of skimmed cards in on-line transaction Secure sensitive data sent to the card from the issuer

3 Mar 18, 2003Mårten Trolin3 Parts That Need to Be Secured Card – terminal authentication Card – issuer interaction Scripts sent to card by issuer

4 Mar 18, 2003Mårten Trolin4 Card – Terminal Authentication The issuer has a certificate signed by the payment net (VISA, Europay or MasterCard) – The payment net acts as CA (Certificate Authority) The issuer signs its card with its private key and puts the signature on the card The issuer’s public key certificate is placed on the card The terminal knows the root (CA) certificate – Using the root certificate, the terminal can verify the signature presented by the card is valid.

5 Mar 18, 2003Mårten Trolin5 Overview of Keys Used Payment net Issuer Signed certificate Root certificate Card certificate Certificate verified against root certified during transaction

6 Mar 18, 2003Mårten Trolin6 Static Data Authentication (SDA) Each card is equipped with a signature on important card data. – No secret key on card. Data signed include card number, expiration data, verification methods etc. The signed data is sent to the terminal when transaction is started. Same data and signature used every time (therefore static). On card

7 Mar 18, 2003Mårten Trolin7 Signed Static Application Data, Generation PAN Sequence number Verification methods Other parameters... Hashed valued Header Data Authenticaion Code (DAC) Encrypt with issuer private key Signed Static Application Data

8 Mar 18, 2003Mårten Trolin8 Signed Static Application Data, Verification PAN Sequence number Verification methods Other parameters... Hashed valued Header Data Authenticaion Code (DAC) Decrypt with issuer public key Signed Static Application Data

9 Mar 18, 2003Mårten Trolin9 Dynamic Data Authentication (DDA) Each card is equipped with a private key and a public key. The public key is in a public key certificate signed by the issuer. At transaction time, the card signs random data with its private key. The terminal checks the signature and verifies the certficate chain. Different data used every time (therefore dynamic). On card

10 Mar 18, 2003Mårten Trolin10 Dynamic Data Authentication Certificate Chain Unpredictable Number Digital Signature Generation of signature with card private key

11 Mar 18, 2003Mårten Trolin11 Comparison – SDA vs. DDA Static Data AuthenticationDynamic Data Authentication Cheaper cards – no need for RSA functionality on card Expensive cards – card needs to perform RSA encryption Fast – no processing on cardSlower – card needs to produce RSA signature Seeing one transaction is enough to produce a card that will be approved off-line Seeing one transaction gives nothing

12 Mar 18, 2003Mårten Trolin12 Card – Issuer Authentication Issuer needs a permanent proof that the transaction has taken place. Protection against fraud that comes from the merchant. Based on symmetric cryptography – Issuer places a key on the card at issuing. – Issuer keeps the same key for use in authorization processing.

13 Mar 18, 2003Mårten Trolin13 Overview of Keys Used Payment net Issuer Keys for card-issuer authentication Sent during transaction

14 Mar 18, 2003Mårten Trolin14 Application Cryptograms In every request to the issuer, the cards computes a MAC over certain parameters. This MAC is called application cryptogram. The exact algorithm is defined between the issuer and the card.

15 Mar 18, 2003Mårten Trolin15 Issuer Authentication and Secure Messaging If the issuer sends a MAC in the response, the card can verify that the message originates at the issuer. When secure messaging is used, data sent from the issuer to the card is authenticated and/or encrypted. Necessary for script processing – Change of risk parameters requires the messages to be secured with a MAC. – Change of PIN requires the new PIN to be enciphered.

16 Mar 18, 2003Mårten Trolin16 Computing Application Cryptograms Amount Currency Transaction type Date Other transaction parameters... MAC computation with card key Application cryptogram (8 bytes)

17 Mar 18, 2003Mårten Trolin17 Computing Response Cryptogram (ARPC) Application cryptogram (8 bytes) XOR last two bytes with the response from issuer Encrypt with card key Application Response Cryptogram (ARPC, 8 bytes)

18 Mar 18, 2003Mårten Trolin18 Key Derivation Each key to be put on the card is derived from an issuer master key. – An issuer has (at least) one master key for each key type to be placed on the card. The derivation process is performed by taking card data and encrypt it with the corresponding master key. – The card information used is PAN (i.e., card number) and sequence number. Encryption Issuer master key Card information Unique card key

19 Mar 18, 2003Mårten Trolin19 Session Keys For security reasons it is often a good idea to use different keys for each transaction. Keys used only for one transaction are called session keys. Encryption Unique card key Session information Session key

20 Mar 18, 2003Mårten Trolin20 Deriving Session Keys Session keys are derived from the card key and session information. The session information can be the transaction counter, ATC, or some other information sent in the transaction. The data used for session key generation must be available to the issuer to allow the issuer to create the same key. – Transaction counter is sent in clear. – Other data used for key generation must be available through other means.

21 Mar 18, 2003Mårten Trolin21 Summary Smart-cards protects the merchant, issuer and card-holder against fraud from counterfeited cards and fake transactions. For card – terminal authentication different levels of security is possible, e.g., SDA vs. DDA. Card – issuer authentication gives an electronic seal on transaction data.


Download ppt "Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management."

Similar presentations


Ads by Google