EMV cards with additional Functions - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

EMV cards with additional Functions

Description:

100 person years experience in smartcard and related secure ... Stage four: Disallowed merchant. Revisit: Alternative Authentication. Acoustic based card demo ... – PowerPoint PPT presentation

Number of Views:510
Avg rating:3.0/5.0
Slides: 28
Provided by: barryho9
Category:

less

Transcript and Presenter's Notes

Title: EMV cards with additional Functions


1
EMV cards with additional Functions
2
Presentation Objectives
  • Orientation
  • Who Ecebs are and what we do
  • Explore the possibilities of
  • Using other functions with EMV
  • Orthogonal applications
  • Complimentary applications (Payment aware)
  • Other Payment
  • Using EMV for other functions
  • Non Payment I.e. Authentication and PKI
  • Payment EMV beyond Credit/Debit

3
Who are Ecebs?
  • Based in East Kilbride, Scotland
  • Advanced technology company
  • Experts in Smartcard based projects
  • Dedicated to building long term business
    relationships

4
What is our background ?
  • gt 100 person years experience in smartcard and
    related secure IT systems development
  • Motorola, Apple, CESG(UK Govt) Oracle,
    MasterCard/MXI, Unisys..
  • Engaged with blue chip clients
  • I.e.MasterCard Intl, Austria Card (Central Bank
    of Austria), ITSO (UK Govt Dept of Transport),
    Capita (FTSE 100)
  • and others..

5
What do we do?
  • Provide World Class Software Products and
    Services
  • Develop Smartcard Software On and Off card
  • Card Operating Systems

6
What are we about ?
  • OUR MISSION.. is to enable your Smartcard
    solutions in minimum time, with minimum overhead,
    for maximum return.
  • OUR VISION.. think up a Smartcard application in
    the morning, watch it working in the afternoon.
  • OUR STRATEGY.. Deliver superior innovative
    technology, products and systems, based on best
    of breed methodologies and architectures.

7
Presentation Objectives
  • Orientation
  • Who Ecebs are and what we do
  • Explore the possibilities of
  • Using other functions with EMV
  • Orthogonal applications
  • Complimentary applications (Payment aware)
  • Other Payment
  • Using EMV for other functions
  • Non Payment I.e. Authentication and PKI
  • Payment EMV beyond Credit/Debit

8
What is a SmartCard?
  • The crucial, consumer-side component in the
    provision of value-added services via electronic
    infrastructures.

What is a SmartCard System?
The electronic infrastructure used to deliver a
service, valuable enough to require protection
from fraud and misuse. Smartcards and smartcard
systems must be built with security features and
attributes to enable correct service provision
namely Integrity, Authenticity, Confidentiality,
Non Repudiation
9
Applications vs. Functions
  • Definition of an Application
  • Technologists view - A set of code and data
    running on certain platform(s) designed to behave
    as required.
  • Business Analysts view A set of behaviours
    designed to provide a specific service running on
    various platforms(s) using whatever code and/or
    data is required.
  • General You dont need necessarily need separate
    code and data to provide separate applications
  • Cards You dont need a MAOS to provide multiple
    applications

10
Orthogonal Applications
  • Case Study EMV with Health Records
  • No interaction between applications beyond common
    data set management
  • Cardholder ID
  • Common infrastructure opportunity limited to
    Multi-app Terminal platforms
  • Display health records at ATM ?

11
EMV Non Payment
  • Degree of interaction/interoperability depends on
    commonality of shared data and logic case by
    case
  • Payment aware Applications
  • Use EMV to pay for application specific services
  • Tickets and Tolls
  • Govt benefits Managed Payment

12
Payment aware Apps
  • Case Study EMV ITSO
  • Integrated Transport Smartcard Organisation
  • Open Standard for Interoperable Mass Transit
    Ticketing
  • Includes Stored Value travel rights purse
  • Card must be contactless for ITSO, contact for
    EMV
  • Interaction is when paying for a ticket with EMV.
  • Terminal manages both apps independent of each
    other, with no interaction required.
  • Scheme infrastructures can peacefully
    co-exists I.e. no interdependencies
  • Issues relate to Card Issuance and Management
  • Who issues card ? Who certifies card?
  • Solution based on a co-branding framework

13
EMV Other App
14
EMV Other Payment
  • Degree of interaction depends on functionality
    similarities. If Other App is
  • Legacy Credit/Debit
  • Shared common data and parameters should enable
    close interaction and interoperability
  • Legacy E-Purse
  • Degree of interaction(shared data) depends on
    compatibility case by case
  • Interoperability Opportunities
  • Reload e-Purse through EMV Infrastructure
  • Spend e-Purse funds with EMV Debit

15
Presentation Objectives
  • Orientation
  • Who Ecebs are and what we do
  • Explore the possibilities of
  • Using other functions with EMV
  • Orthogonal applications
  • Complimentary applications (Payment aware)
  • Other Payment
  • Using EMV for other functions
  • Non Payment I.e. Authentication and PKI
  • Payment EMV beyond Credit/Debit

16
Functionality overlap ?
  • Card Multi-Functionality
  • Commonalities in data management and processing.
  • Scheme Architectures
  • Commonalities in Customer database(s) Key and App
    Management
  • Markets Overlap
  • Payment cards
  • Ticketing cards
  • Club cards
  • Medical cards
  • Citizen ID Cards
  • SIM Cards

17
EMV Sequence Diagram
Time
18
EMV Functional Overview
  • Transaction sequence of events
  • Card Authentication
  • Cardholder Authentication (CVM)
  • Terminal Action Analysis
  • Card Action Analysis
  • Off line/On line
  • Script Processing

19
EMV and Authentication
  • Card Holder Verification needs two-factor
  • CHV is local Person to Card
  • What you have
  • What you know
  • What you are
  • PIN is one form of Card Holder Verification
  • What you know
  • Biometric
  • What you are
  • Acoustic
  • What you have remote over out of band channel

20
EMV based ID Authentication
21
EMV based Authentication
  • Advantages
  • Technically feasible with lower investment than
    other architectures
  • Re-use of EMV based functions
  • Re-use/enhancement of Customer Database
  • Personal details
  • Keys ?
  • Disadvantages
  • Market confusion with other Digital ID schemes
  • PKI, X.509
  • Liability?
  • More secure with DDA cards

22
Lite with Dual Brand EMV
  • Compliant with EMV 96 and 2000
  • Specifications reviewed by Visa and EPI.
  • Meets EPI/ MCI M/Chip Lite product
    specifications
  • Also meets VISA VSDC 1.3.2 product specifications
  • Includes Powerful Secure File System
  • Personalize-able Security and File Structures
  • Penetration Resistant 3DES
  • All functions configurable at Personalisation
  • Based on low cost Silicon
  • ATMEL AT05SC1604R
  • Available NOW !

23
Lite with Dual Brand EMV
  • Configure at personalisation
  • VSDC or MChip Lite
  • Protocol
  • Terminal Risk Management
  • Card Action Analysis

EMV features configured at Personalisation
Security Config at Perso
CONFIGURED AT PERSO
EEPROM
EMV specific Logic
Secure File System Cmds and Logic
SDA, No PSE, Clear PIN, Issuer Auth, Card Risk
Management, Script Processing
Application Layer Fixed in ROM
VSDC
MCHIP Lite
FIXED AT SILICON MANFACTURE
API
Command Parser / Router
Comms T0 T1
EEPROM Driver Module
Crypto Lib DPA/SPA DES 3DES
Life Cycle Manager
HAL Service Layer
ROM
24
EMV based Managed Payment
  • Case study Demo Govt benefits
  • Stage one Benefits load and management
  • Stage two redemption (permitted spend)
  • Stage three redemption expired
  • Stage four Disallowed merchant

25
Revisit Alternative Authentication
  • Acoustic based card demo
  • Browser based
  • Can also function with telephony

26
Multi Function Open Issues
  • Commercial
  • Who issues the card, owns the customer
    relationship
  • Co-branding
  • Liability
  • Operational
  • Issuance
  • Card, App,Key, and Infrastructure Management

27
Conclusion
  • Integrating other functionality to EMV cards is
    highly feasible
  • Level of interaction of EMV with other functions
    is highly case dependant
  • Level of complexity is highly case dependant
  • Many opportunities exist to significantly enhance
    the EMV business case by integrating other
    functions

28
Thank You
BarryHochfield_at_Ecebs.com
www.Ecebs.com
Write a Comment
User Comments (0)
About PowerShow.com