Cryptography Reference
In-Depth Information
the CAP reader, which computes a response using the symmetric key on the
EMV card (again, based on CBC-MAC). Finally, the customer provides the
bank with the displayed response.
Sign
. This is stronger version of the
response
mechanism, which involves the
CBC-MAC being computed on basic transaction data (amount and recipient
account) as well as the challenge value. This can be used to provide a type of
'digital signature' on the transaction. This is an example of the 'asymmetric
trust relationship' use of MACs to provide non-repudiation that we discussed
in Section 7.2.2.
The use of CAP has been gaining in popularity amongst European banks, where its
provision of relatively strong two-factor authentication based on EMV cards does
appear to have reduced certain types of fraud, such as those based on phishing
attacks.
12.4.6
Payment card key management
We now briefly review some of the main key management issues relating to the
cryptography employed by payment cards.
KEY MANAGEMENT SYSTEM
While the cryptography used by magnetic stripe cards is entirely symmetric,
EMV uses a hybrid of symmetric and public-key cryptography. While PCOs
allow issuing and acquiring banks to manage the keys of their own customers, the
PCOs provide overarching key management services that link up these banks and
facilitate secure transactions.
The model depicted in Figure 12.8 that underlies payment card transactions
is essentially the same as the connected certification model that we presented in
Figure 11.4. We argued in Section 11.3.2 that this model is suitable for public-key
certificate management across a large distributed organisation. It is thus a good
model to adopt given the distributed nature of a PCO's network of banks.
KEY GENERATION
A PCO generates its own master public-key pair. PCOs maintain master RSA
key pairs of different lengths in order to cope with potential improvements in
factorisation techniques.
Individual banks are responsible for the generation of all keys that are placed
on their own cards. Banks are also responsible for generating their own RSA key
pairs, which they submit to the PCOs for certification. The symmetric keys are all
2TDES keys. The keys stored on a customer's card are typically derived from the
user's PANand amaster derivation key. The keys stored on the card are never used
directly (in contrast to our slightly oversimplified description). Instead, session
keys are derived from these long-term keys and a transaction counter, which is
