EMV: Integrated Circuit Card Specificationsfor Payment Systems
Jan Krhovjak
Faculty of Informatics, Masaryk University
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 1 / 13
EMV Basic Information
Outline
Introduction to EMV
Offline data authenticationI Static data authenticationI Dynamic data authentication
User authenticationI Signature basedI PIN based
Automatic risk managementI Terminal risk managementI Terminal action analysisI Card action analysis
Conclusion
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 2 / 13
EMV Basic Information
Introduction to EMV
EMV 4.1 specifications consist of four books (786 pages)I Application Independent ICC to Terminal Interface RequirementsI Security and Key ManagementI Application SpecificationI Cardholder, Attendant, and Acquirer Interface Requirements
Basic terminologyI Merchant, payeeI Cardholder, customer, payer, or simply userI Card issuer, cardholder’s bank, or simply bank
F No distinguishing (for this presentation) between issuer or acquirer bank
I Fraud, a deception made for a personal gainF All parties should be protected against the fraudF Unauthorized and illegal use of a credit card to purchase property
I ICC, an acronym for integrated circuit(s) card
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 3 / 13
EMV Basic Information
Introduction to EMV
EMV 4.1 specifications consist of four books (786 pages)I Application Independent ICC to Terminal Interface RequirementsI Security and Key ManagementI Application SpecificationI Cardholder, Attendant, and Acquirer Interface Requirements
Basic terminologyI Merchant, payeeI Cardholder, customer, payer, or simply userI Card issuer, cardholder’s bank, or simply bank
F No distinguishing (for this presentation) between issuer or acquirer bank
I Fraud, a deception made for a personal gainF All parties should be protected against the fraudF Unauthorized and illegal use of a credit card to purchase property
I ICC, an acronym for integrated circuit(s) card
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 3 / 13
EMV Offline Data Authentication
Basic Principles of Offline Data Authentication
The goal is offline detection of fake (altered/duplicated) cardsI Based on asymmetric cryptography (namely on RSA)
F RSA public key must be always 3 or 216 − 1
I Existence of a certification authority (CA) is requiredF Integrity of transmitted public keys must be secured
I Each EMV terminal must contain actual CA public key
Supported mechanismsI Static data authentication (SDA)I Dynamic data authentication (DDA)I Combined DDA and application cryptogram generation (CDA)
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 4 / 13
EMV Offline Data Authentication
Basic Principles of Offline Data Authentication
The goal is offline detection of fake (altered/duplicated) cardsI Based on asymmetric cryptography (namely on RSA)
F RSA public key must be always 3 or 216 − 1
I Existence of a certification authority (CA) is requiredF Integrity of transmitted public keys must be secured
I Each EMV terminal must contain actual CA public key
Supported mechanismsI Static data authentication (SDA)I Dynamic data authentication (DDA)I Combined DDA and application cryptogram generation (CDA)
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 4 / 13
EMV Offline Data Authentication
SDA: Static Data Authentication I
Basics of SDAI Performed by terminalI Confirms legitimacy of critical ICC-resident static dataI Detects unauthorized alteration of data after personalization
Settings and process of SDAI Public key of CA is stored in each terminalI Public key of issuer bank is certified by CA and stored on ICCI Static application data are signed by issuer bank and stored on ICC
Security of SDAI Based on secrecy of private RSA keysI Counterfeiting/duplication not solved
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 5 / 13
EMV Offline Data Authentication
SDA: Static Data Authentication I
Basics of SDAI Performed by terminalI Confirms legitimacy of critical ICC-resident static dataI Detects unauthorized alteration of data after personalization
Settings and process of SDAI Public key of CA is stored in each terminalI Public key of issuer bank is certified by CA and stored on ICCI Static application data are signed by issuer bank and stored on ICC
Security of SDAI Based on secrecy of private RSA keysI Counterfeiting/duplication not solved
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 5 / 13
EMV Offline Data Authentication
SDA: Static Data Authentication I
Basics of SDAI Performed by terminalI Confirms legitimacy of critical ICC-resident static dataI Detects unauthorized alteration of data after personalization
Settings and process of SDAI Public key of CA is stored in each terminalI Public key of issuer bank is certified by CA and stored on ICCI Static application data are signed by issuer bank and stored on ICC
Security of SDAI Based on secrecy of private RSA keysI Counterfeiting/duplication not solved
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 5 / 13
EMV Offline Data Authentication
SDA: Static Data Authentication II
Diagram of SDA (taken from the original specification)
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 6 / 13
EMV Offline Data Authentication
DDA: Dynamic Data Authentication I
Basics of DDAI Performed by terminal&card (ICC with coprocessor required)I Confirms legitimacy of critical ICC-resident/generated data and data
received from terminalI Detects counterfeited/duplicated cards
Settings and process of DDAI Similar as for SDAI New unique ICC RSA key pair is stored on each card
F ICC private key is securely stored (can not leave the card)F ICC public key is signed & stored together with static application data
I Terminal sends random challenge to be signed by ICC private key
Security of DDAI Based on secrecy of private RSA keysI The chip card must be able to protect ICC private key
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 7 / 13
EMV Offline Data Authentication
DDA: Dynamic Data Authentication I
Basics of DDAI Performed by terminal&card (ICC with coprocessor required)I Confirms legitimacy of critical ICC-resident/generated data and data
received from terminalI Detects counterfeited/duplicated cards
Settings and process of DDAI Similar as for SDAI New unique ICC RSA key pair is stored on each card
F ICC private key is securely stored (can not leave the card)F ICC public key is signed & stored together with static application data
I Terminal sends random challenge to be signed by ICC private key
Security of DDAI Based on secrecy of private RSA keysI The chip card must be able to protect ICC private key
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 7 / 13
EMV Offline Data Authentication
DDA: Dynamic Data Authentication I
Basics of DDAI Performed by terminal&card (ICC with coprocessor required)I Confirms legitimacy of critical ICC-resident/generated data and data
received from terminalI Detects counterfeited/duplicated cards
Settings and process of DDAI Similar as for SDAI New unique ICC RSA key pair is stored on each card
F ICC private key is securely stored (can not leave the card)F ICC public key is signed & stored together with static application data
I Terminal sends random challenge to be signed by ICC private key
Security of DDAI Based on secrecy of private RSA keysI The chip card must be able to protect ICC private key
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 7 / 13
EMV Offline Data Authentication
DDA: Dynamic Data Authentication II
Diagram of DDA (taken from the original specification)
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 8 / 13
EMV Offline Data Authentication
CDA: Combined DDA and Application Cryptogram (AC)Generation
Basics of CDAI Performed by terminal&card in parallel with card action analysis
Settings and process of CDAI Similar as for DDAI Random challenge is a part of request for ACI Signed AC contains this random challenge
Security of CDAI Extra security for ACI Advantage if secure communication between terminal and ICC
can not be guaranteed
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 9 / 13
EMV Offline Data Authentication
CDA: Combined DDA and Application Cryptogram (AC)Generation
Basics of CDAI Performed by terminal&card in parallel with card action analysis
Settings and process of CDAI Similar as for DDAI Random challenge is a part of request for ACI Signed AC contains this random challenge
Security of CDAI Extra security for ACI Advantage if secure communication between terminal and ICC
can not be guaranteed
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 9 / 13
EMV Offline Data Authentication
CDA: Combined DDA and Application Cryptogram (AC)Generation
Basics of CDAI Performed by terminal&card in parallel with card action analysis
Settings and process of CDAI Similar as for DDAI Random challenge is a part of request for ACI Signed AC contains this random challenge
Security of CDAI Extra security for ACI Advantage if secure communication between terminal and ICC
can not be guaranteed
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 9 / 13
EMV User Authentication
Negotiation of authentication method
Supported methodsI Signature-based (handwritten)I PIN-based (offline/online, plaintext/encrypted)I Several combinations
Priority list of card-supported methods stored on ICCI Terminal selects the first terminal-supported method from this list
F Selected method is dependent on the terminal typeF One supported method can be ”no cardholder verification required”
I Successful verificationF At least one metod is successfully performedF The list is exhausted
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 10 / 13
EMV User Authentication
Negotiation of authentication method
Supported methodsI Signature-based (handwritten)I PIN-based (offline/online, plaintext/encrypted)I Several combinations
Priority list of card-supported methods stored on ICCI Terminal selects the first terminal-supported method from this list
F Selected method is dependent on the terminal typeF One supported method can be ”no cardholder verification required”
I Successful verificationF At least one metod is successfully performedF The list is exhausted
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 10 / 13
EMV User Authentication
Verification processing
Signature-based or online PIN-based authenticationI Same process as used in the case of magnetic strip cards
F PIN is formatted into PIN-block, encrypted by using 3DES, . . .
I Chip card should provide extra security against skimming
Offline encrypted PIN-based authenticationI New own RSA key pair is associated with PIN enciphermentI This key pair is stored/certified as the key for DDAI Original PIN necessary for verification is securely stored on ICCI PINpad/terminal must be physically/logically well secured
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 11 / 13
EMV User Authentication
Verification processing
Signature-based or online PIN-based authenticationI Same process as used in the case of magnetic strip cards
F PIN is formatted into PIN-block, encrypted by using 3DES, . . .
I Chip card should provide extra security against skimming
Offline encrypted PIN-based authenticationI New own RSA key pair is associated with PIN enciphermentI This key pair is stored/certified as the key for DDAI Original PIN necessary for verification is securely stored on ICCI PINpad/terminal must be physically/logically well secured
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 11 / 13
EMV Automatic Risk Management
Automatic Risk Management
Protects against offline undetectable threatsI Decides if transaction should be:
approved offline, declined offline, or transmitted online
Terminal risk managementI Floor limit checkingI Random transaction selectionI Velocity checking
Terminal&card action analysisI T: reject transaction offline ⇒
C: reject offlineI T: transaction should go online ⇒
C: go online ∨ reject offlineI T: transaction might be completed offline ⇒
C: go online ∨ reject offline ∨ approve offline
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 12 / 13
EMV Automatic Risk Management
Automatic Risk Management
Protects against offline undetectable threatsI Decides if transaction should be:
approved offline, declined offline, or transmitted online
Terminal risk managementI Floor limit checkingI Random transaction selectionI Velocity checking
Terminal&card action analysisI T: reject transaction offline ⇒
C: reject offlineI T: transaction should go online ⇒
C: go online ∨ reject offlineI T: transaction might be completed offline ⇒
C: go online ∨ reject offline ∨ approve offline
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 12 / 13
EMV Automatic Risk Management
Automatic Risk Management
Protects against offline undetectable threatsI Decides if transaction should be:
approved offline, declined offline, or transmitted online
Terminal risk managementI Floor limit checkingI Random transaction selectionI Velocity checking
Terminal&card action analysisI T: reject transaction offline ⇒
C: reject offlineI T: transaction should go online ⇒
C: go online ∨ reject offlineI T: transaction might be completed offline ⇒
C: go online ∨ reject offline ∨ approve offline
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 12 / 13
Conclusion
Conclusion & References
EMV introduces the Chip&PIN technologyI Chip cards provide more secured storage for sensitive data
F If SDA is not used ...
I PIN-based user authentication is more secure (for whom?)F If the secure method is negotiated ...
Several online references:I EMV 4.1 Specifications
http://www.emvco.com/cgi bin/detailspec.pl?id=5I EMV POS terminal interceptor
http://www.cl.cam.ac.uk/˜mkb23/interceptor/I Chip and SPIN webpage http://www.chipandspin.co.uk/ and article
http://www.cl.cam.ac.uk/˜mkb23/spin/spin.pdf
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 13 / 13
Conclusion
Conclusion & References
EMV introduces the Chip&PIN technologyI Chip cards provide more secured storage for sensitive data
F If SDA is not used ...
I PIN-based user authentication is more secure (for whom?)F If the secure method is negotiated ...
Several online references:I EMV 4.1 Specifications
http://www.emvco.com/cgi bin/detailspec.pl?id=5I EMV POS terminal interceptor
http://www.cl.cam.ac.uk/˜mkb23/interceptor/I Chip and SPIN webpage http://www.chipandspin.co.uk/ and article
http://www.cl.cam.ac.uk/˜mkb23/spin/spin.pdf
Jan Krhovjak (FI MU) EMV (Europay, MasterCard, Visa) 20. 3. 2006 13 / 13