Cryptography Reference
In-Depth Information
offered by so-called
chip-and-PIN
cards, more correctly referred to as
Europay
MasterCard Visa
(EMV) cards, named after the three major global payment
card schemes operating in Europe who worked together to establish a common
interoperable standard for payment card security. We then discuss the use of
payment cards in online transactions. Finally we consider the use of payment
cards as tokens for authenticating to other services.
12.4.2
Magnetic stripe cards
Most payment cards have magnetic stripes. Even payment cards with chips
often retain the magnetic stripe and may resort to using it when they are
deployed in environments that do not support EMV. The following description
of cryptography used by magnetic stripe cards is based on the practices of Visa
and MasterCard.
PIN PROTECTION
Our first example of cryptography being used by payment cards concerns online
authentication of a user who inserts their magnetic stripe payment card into an
ATM. Before releasing any funds, the ATM needs to know whether the user is
genuine and whether they are entitled to make the requested withdrawal.
The process begins when the user is asked to enter their PIN into the ATM.
The ATM clearly cannot verify this PIN on its own, so it needs to refer the PIN
to the user's issuing bank. Since PINs are sensitive, this information should be
encrypted. It is impractical for every ATM to share an encryption key with every
issuing bank, so a process of key translation (see Section 10.4.1) is used:
1. The ATM encrypts the PIN and the authentication request message using a key
shared by the ATM and the acquiring bank responsible for that ATM (each ATM
should have a unique key of this type).
2. The acquiring bank decrypts the ciphertext and then re-encrypts it under a key
known as the
acquirer working key
, which is a key shared by the acquiring bank
and the PCO.
3. The PCO decrypts the ciphertext and re-encrypts it using an
issuer working key
,
which is a key that the PCO shares with the issuing bank.
4. The issuing bank decrypts the ciphertext and makes the necessary checks of
the PIN and the authentication request message. The response is then relayed
back to the ATM.
Symmetric cryptography is used for this application mainly for legacy reasons,
since this type of application predates the invention of public-key cryptography.
However, symmetric cryptography is also feasible to use in this situation because
the underlying infrastructure is 'closed' and thus symmetric keys can be managed.
The symmetric algorithm employed is 2TDES (see Section 4.4.4). Again this is a
legacy choice, since the original specifications used single DES.
