Gareth Ellis - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Gareth Ellis

Description:

Title: PowerPoint Presentation Author: Transaction Systems Architects, Inc. Last modified by: Created Date: 6/18/2001 2:36:45 PM Document presentation format – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 25
Provided by: Trans76
Category:

less

Transcript and Presenter's Notes

Title: Gareth Ellis


1
Session 5a Key and PIN Management
  • Gareth Ellis
  • Senior Solutions Consultant

2
Agenda
  • EMV Key Management - overview
  • EMV Key Impacts on Issuance
  • PIN Management

3
Key Management Overview
4
EMV Security Features
  • EMV requires secure key management to enable the
    following functions
  • Card authentication
  • Offline
  • Online
  • Cardholder verification
  • Issuer authentication
  • Non-repudiation of transactions
  • Secure EMV script delivery
  • Transport of keys between domains
  • For this both Triple DES (symmetric) and PKI
    (asymmetric) are used

5
Symmetric keys how does DES work?
  • Single key to both encrypt and decrypt
  • Key is generated by a mathematical process
  • Encryption combines data and key using a
    non-secret formula
  • Key must be kept secret
  • in the chip in HSMs/Host of issuer
  • not at acquirers

6
EMV Triple DES keys
  • Online Transaction Keys - stored in secure
    portion of memory in the chip and on the Issuing
    Host
  • Online authentication keys Master Key used to
    create a card key
  • Scripting keys
  • Transport keys - used to ensure the secure
    transport of sensitive data during Issuance
  • Card Manufacturer
  • Data Preparation
  • Bureau/Personalisation Machine

7
Public Key Infrastructure
8
Asymmetric keys how does PKI work?
  • Related pairs of keys public and private
  • Keys are generated by a complex mathematical
    process
  • Encryption combines data and key using a
    non-secret formula
  • Decryption is only possible using the other key
    of the same pair
  • one key must be kept secret, the other one can be
    public

9
How to use of PKI keys in EMV
  • Offline Data Authentication Example
  • Load MasterCard EMV Public key on every terminal
  • Send card data to MasterCard and they encrypt
    card data using the MasterCard EMV Private key
  • During a transaction, card sends encrypted card
    data to the terminal
  • Terminal uses MasterCard public key to decrypt
    encrypted data
  • Terminal determines the unencrypted card data
  • Card passes same card data to terminal
  • Terminal compares card data only MasterCard
    could have put that data on the card

10
Certification Process for Static Data
Authentication
  • Use Data prep device to generate Issuer Key pair
  • Send the Issuer public key to the card scheme
  • Scheme returns issuer public key signed with the
    scheme private key (Issuer Certificate)
  • These are input into the data prep device and
    validated
  • The issuer certificate is personalised onto each
    card

11
Enhanced Security on Card (PKI - SDA)
  • Static Data Authentication - SDA
  • Holds
  • A Certificate for the authentication of the
    issuer (Issuer Public key signed with Card Scheme
    Private key)
  • A static digital signature for card
    authentication (data signed by Issuer Private
    key)

12
Enhanced Security on Card (PKI - DDA)
  • Dynamic Data Authentication - DDA
  • Holds
  • A Certificate for the authentication of the
    issuer
  • A Certificate for card authentication
  • Dynamic generation of the digital Signature for
    authentication

13
Combined Dynamic Data Authentication (CDA) and
Application Cryptogram Generation
  • CDA uses the same authentication operation as for
    DDA, but also combines the transaction cryptogram
    in the signature

Transaction Information
14
EMV Key Impacts on Issuance
15
Magnetic stripe card issuance (key management
aspect)
HSM
Card Issuers CMS
Personalisation Data File normally not encrypted
(no sensitive data)
  • Limited number of (symmetric only) secret keys
    required
  • PIN Verification Value (PVV)
  • Card Verification Value (CVV)

Perso domain
16
Smart card issuance (key management aspect)
Card Issuers CMS
Generate Offline Pin encrypt it under Transport
Key
HSM
Need to generate asymmetric keys and certify them
Storage of (symmetric) master keys and transport
keys
Prep Device
Smart Card System
EMV key data needs to be secured using HSMs
HSM
Storage of transport keys
Chip Data Conv.
Smart Card Personalisation
Chip perso
HSM
17
How to add EMV (crypto) data to Cards?
  • Data preparation phase, you can use
  • Smart Card Management systems
  • data prep devices or
  • These systems
  • Generate, store and manage keys for each
    application
  • Send Public keys to Certificate Authorities
  • Stores the certificates returned from CAs in a
    database
  • Adds the smart card data for each card to
    Embossing File
  • Personalisation writing EMV data to the card
  • Can use Smart Card Management Systems or software
    from Printer vendors
  • Need to decrypt secret data from Data Prep and
    re-encrypt it to send it to the card
  • Need to use issuer keys to open each card to
    write to the chip

18
EMV Impacts to PIN Management
19
Magnetic stripe PIN management
  • PIN required for certain transactions
  • on-line PIN verification using DES, 3-DES
  • Offset mechanism for PIN change
  • PINs are never stored, but re-computed
  • Issuer system controls PIN on-line
  • blocking and unblocking PIN
  • changing PIN

20
EMV PIN management
  • Chip contains offline PIN value for offline
    verification
  • Other applications may use same PIN
  • Without Offline PIN, CAP is not possible
  • EMV offers scripting mechanism to (un)block and
    change the PIN
  • Implicit and explicit PIN unblock

21
Synchronisation issues
  • PIN information rests in (at least) 2 places
  • In authorisation system for online PIN
    verification
  • In PIN generation domain (when issuing cards)
  • New in the chip
  • Counting failed PIN attempts
  • Blocking and unblocking the PINs
  • Changing the value of the PINs, recovering from
    error situations

22
Security issues
  • Counting failed PIN attempts
  • Security of PIN-change script defined by EMV, but
    how to initiate PIN-change securely?
  • Enter old PIN 2x new PIN, encrypted under
    acquirer key!
  • PIN change in not-on-us situations
  • Not supported by standards
  • UK banks have developed reciprocal solution, but
    not generally applicable

23
Changing PIN in the field
ATM
24
Overview
Card Issuers CMS
PIN Management system
Data Prep System
HSM
Script assembly
ATM
Script execution
HSM
25
PIN Management conclusions
  • (Offline) PIN is becoming best practice
  • PIN change facilities are needed to remember PINs
    on many cards
  • Implementing offline PIN touches many systems
  • Probably the hardest part of implementing Offline
    PIN is customer education!

26
(No Transcript)
27
Offline PIN verification
28
PIN injection during card issuance
Card Issuers CMS
HSM
2 Reformat PIN and Translate
Data Preparation
Data Prep System
HSM
Script assembly
Smart Card Personalisation
Translate PIN Under Session Key
Script execution
HSM
Write a Comment
User Comments (0)
About PowerShow.com