Implementing Electronic Card Payment Systems

Acknowledgments xv Introduction 1(6) Magnetic stripe debit and credit cards 3(1) Chip migration with EMV™ 3(2) Remote debit and credit with EMV™ 5(2) Part I: Magnetic Stripe Debit and Credit Cards 7(44) Payment Card Processing 9(42) Payment card processing at a glance 10(3) Roles involved in payment card processing 13(2) Payment card brands 15(1) Credit and debit payment cards 16(1) Focusing on the magnetic stripe card 17(7) Embossed financial data 18(2) Financial data on the magnetic stripe 20(4) Threats and security protections 24(10) Channel protection versus eavesdropping 25(2) Cardholder verification versus impersonation 27(3) Static authenticator versus modifying financial data 30(1) Timeliness versus card counterfeiting 31(2) Merchant attacks and colluding attacks 33(1) Processing at the point of service 34(3) Payment network and interchange messages 37(8) Message structure 38(3) Message flows 41(4) On-line authorization 45(2) Clearing and settlement 47(4) References 50(1) Part II: Chip Migration with EMV™ 51(238) Chip Migration 53(38) A business case for chip migration 54(2) An overview of the chip card technology 56(13) Hardware and software structure of chip cards 57(3) Card file system and file referencing 60(5) Command and response format 65(1) Card application and terminal application 66(3) Proprietary payment application 69(11) Encoding data elements with a fixed format 71(2) Fixed file system organization 73(1) Preestablished command and response formats 73(3) Symmetric cryptographic technology 76(4) Interoperable payment application 80(11) Self-determined encoding of data elements 82(2) Customized file system organization 84(3) Variable formats for commands and responses 87(1) Asymmetric cryptographic support 87(3) References 90(1) EMV™ Compliant Data Organization 91(34) Organization of the EMV™ specifications 92(4) EMV™ data elements 96(3) EMV™ file system 99(16) ADFs 99(7) AEFs 106(2) Directory definition files 108(4) Payment system environment 112(3) EMV™ application selection 115(10) Building the candidate list from the PSE 118(1) Building the candidate list directly 119(2) Final application selection 121(1) References 122(3) EMV™ Certificates 125(22) Certification mechanism and algorithm 125(1) Public key certificate for RSA scheme 126(1) Entities and certifiers 127(2) Issuer requires a public key certificate 127(1) ICC requires a public key certificate 128(1) Entity public key remainder 129(1) EMV™ certification chains 129(3) Issuing EMV™ public key certificates 132(4) Data items included in the certificate 132(3) Generating the public key certificate 135(1) Verifying EMV™ public key certificates 136(4) Verification of the Issuer Public Key Certificate 136(2) Verification of the ICC Public Key Certificate 138(2) Issuing signed static application data 140(4) AFL 141(1) Creating the Static Data to Be Authenticated 142(1) Generate the Signed Static Application Data 143(1) Verifying the Signed Static Application Data 144(3) References 145(2) Debit and Credit with EMV™ 147(80) Overview of the EMV™ debit/credit transaction 148(4) Initiate application processing 152(4) TVR and TSI---two witnesses of terminal processing 152(1) PDOL and Get Processing Options 153(1) AIP and AFL 154(2) Read application data 156(4) AFL processing 156(2) Consistency rules for the data objects 158(2) Off-line data authentication 160(14) Selection of the off-line authentication mechanism 160(2) Off-line SDA 162(3) Off-line DDA 165(9) Processing restrictions 174(4) Application Version Number 174(1) Application usage control 175(3) Application effective/expiration dates checking 178(1) Cardholder verification 178(17) Cardholder verification methods in EMV™ 179(2) Data objects involved in cardholder verification 181(3) Common processing performed by the terminal 184(2) Off-line PIN processing 186(5) RSA digital envelope carrying the PIN 191(3) On-line PIN processing 194(1) Terminal risk management 195(6) Terminal floor limit 195(1) Random transaction selection 196(3) Velocity checking 199(2) Terminal action analysis 201(16) Action codes and security policies 201(2) The terminal proposes and the card disposes 203(1) Off-line denial of a transaction 204(2) On-line transmission of a transaction 206(1) Default action in a transaction 207(1) Compute Application Cryptogram with Generate AC 208(9) On-line processing and issuer authentication 217(5) Authorization request and response with chip data 218(3) Issuer Authentication 221(1) Issuer scripts 222(5) Processing of issuer script templates 222(3) Post-Issuance Commands 225(1) References 225(2) EMV™ Chip Migration Issues 227(62) EMV™ regulatory framework 228(8) Business objectives 229(2) Functional requirements 231(2) Security politics 233(3) Deriving ICC specifications by issuers 236(3) Selection criteria of the ICC architecture 239(3) ICC hardware resources 239(2) ICC software platform 241(1) Multiapplication ICC 242(11) Choice of a set of card applications 243(3) Card layout definition 246(7) Issuer's business case 253(2) Availability of the financial service 253(1) Improved security 254(1) Reduced operational costs 255(1) Adaptive initiate application processing 255(4) Design criteria for CAM selection 259(8) On-line CAM 260(1) Off-line static CAM 261(1) Off-line dynamic CAM 262(1) Security considerations regarding CAM 263(4) Design criteria for CVM 267(4) Enciphered PIN verified on-line 267(1) Plaintext/enciphered PIN verification by ICC 268(1) Requirements for the implementation of various CVM 269(1) Criteria for the definition of the CVM List 270(1) Processing restrictions 271(2) Application usage control 271(1) Application Version Number 272(1) Application effective/expiration dates 272(1) Card risk management 273(16) CRM Components 273(1) The set of CRM functions 274(4) CRM data 278(5) CRM function definitions 283(3) References 286(3) Part III: Remote Debit and Credit with EMV™ 289(70) Remote Card Payments and EMV™ 291(68) A model for remote card payments 293(2) Security aspects of remote card payments 295(11) Threats environment 296(4) Security services for remote transactions 300(4) Security services realization 304(2) Remote payment method based on TLS 306(4) TLS handshake protocol 307(2) TLS record protocol 309(1) Security limitations of the TLS protocol 309(1) SET-based solutions 310(22) SET model 311(1) Setup of the SET payment scheme 311(4) Registration of participants 315(2) Secure SET channel over insecure networks 317(4) SET dual signatures 321(1) SET payment method 322(10) TLS versus SET or wallet servers and EMV™ cards 332(8) Security makes the difference 332(1) Acceptability is a main concern 333(3) Improved solutions with wallet servers and EMV™ cards 336(4) Transaction processing for chip e-commerce 340(19) EMV™ application context in the cardholder system 342(4) Purchase initialization (PInitReq/PInitRes) 346(1) Cardholder verification 347(2) Terminal action analysis 349(1) Purchase request and response 350(3) Authorization request/response 353(2) Completion of the EMV™ transaction 355(1) References 356(3) Appendix A: Security Framework 359(4) Reference 361(2) Appendix B: Generic Security Threats 363(4) Appendix C: Security Services 367(6) C.1 Service description 367(3) C.2 Realization of security services 370(3) References 371(2) Appendix D: Security Mechanisms 373(26) D.1 Encryption 373(3) D.1.1 Symmetric encryption 374(1) D.1.2 Asymmetric encryption 375(1) D.2 Cryptographic hash functions 376(4) D.2.1 Hash function 377(2) D.2.2 MAC 379(1) D.3 Digital signature schemes 380(4) D.3.1 Signature scheme with appendix 382(1) D.3.2 Signature scheme with recovery 383(1) D.4 Public key certificates 384(3) D.4.1 Authenticity of public keys 384(1) D.4.2 Public key certificate generation 385(1) D.4.3 Public key certificate verification 386(1) D.5 Cardholder verification mechanisms 387(5) D.5.1 Manual signature 387(1) D.5.2 Enciphered PIN verified on-line 387(1) D.5.3 Plaintext PIN verification performed by the chip card 388(1) D.5.4 Symmetric enciphered PIN verification 389(1) D.5.5 Asymmetric enciphered PIN verification 390(1) D.5.6 Cardholder verification based on biometrics 391(1) D.6 SDA mechanisms 392(2) D.6.1 MAC-based SDA mechanism 392(1) D.6.2 Signature-based SDA mechanism 393(1) D.7 DDA mechanisms 394(5) D.7.1 MAC-based DDA 394(1) D.7.2 Digital signature--based DDA 395(1) D.7.3 One-time passwords 396(1) References 397(2) Appendix E: Block Ciphers 399(8) E.1 Definition and parameters 399(1) E.2 Modes of operation 400(2) E.3 DES, Triple-DES, and AES 402(2) E.4 MAC using a 64 bit-length block cipher 404(1) E.5 Key derivation 405(2) References 406(1) Appendix F: RSA Encryption and Signature Scheme 407(12) F.1 Key generation 407(2) F.2 Public and secret RSA operations 409(1) F.3 Digital signature giving message recovery 410(4) F.3.1 Signature generation 411(1) F.3.2 Signature verification 412(2) F.4 Digital signature and encryption with PKCS#1 414(5) References 416(3) Appendix G: E-Commerce and M-Commerce Related Technologies 419(10) G.1 E-commerce and m-commerce 419(1) G.2 SIM, STK, SMS, and WAP 420(1) G.3 Access devices for remote card payments 421(5) G.4 WAP protocol suite compared to Internet 426(3) References 427(2) About the Author 429(2) Index 431