Cryptography Reference
In-Depth Information
attacks that seek to modify the transaction data communicated between card
and terminal. In contrast, DDA can take place before the transaction details
have been established.
ONLINE AUTHENTICATION
Online authentication is the stronger check, which requires communication with
the card issuer. As with DDA, the objective of online card authentication is
for a terminal to gain entity authentication assurance of a payment card that
is involved in a transaction. This is provided by means of a simple challenge-
response protocol, based on a symmetric key that is shared by the card issuer and
the payment card, which stores it on the chip.
The only complication is that the terminal does not share this key, hence the
issuer must be contacted online in order to verify the response. More specifically:
1. The terminal generates transaction data (which includes the payment card
details) and a randomly generated challenge, which it then sends to the card.
2. The card computes a MAC on this data with the key that it shares with the
issuer. This MAC is called the
authorisation request cryptogram
, and is passed
on to the issuer.
3. The issuer computes its own version of the authorisation request cryptogram
and compares it with the value received from the card. The issuer is also able to
conduct a check that there are sufficient funds in the account to proceed with
the transaction.
There are also situations where a payment card may require entity authentication
of its issuer (for example, if it is being instructed to perform some internal
management procedures, such as resetting counters). This can be built into the
card authentication procedure as follows:
1. The card issuer treats the authorisation request cryptogram as a randomly
generated challenge and computes a MAC on it using the key that it shares with
the card. This response is sent to the card.
2. The card uses the key it shares with the card issuer to check this response. If it
matches then it successfully authenticates the card issuer.
TRANSACTION CERTIFICATES
At the end of each transaction a
transaction certificate
(TC) is generated. This is
a MAC computed on the details and outcome of the transaction and is passed
back to the card issuer. The TC is computed using the key shared by the card and
the card issuer. The TC is normally only required as evidence in the event of a
subsequent dispute about certain aspects of the transaction.
SECURITY OF MANAGEMENT FUNCTIONS
A number of important management functions concerning security features of
the payment card can be remotely managed by sending instructions to the card.
