Using EMV Cards for Single Sign-On
نویسندگان
چکیده
At present, network users have to manage a set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once to an entity termed the ‘Authentication Service Provider’ (ASP) and are subsequently logged into disparate network Service Providers (SPs) without necessarily having to re-authenticate. The information about the user’s authentication status is handled between the ASP and the desired SP in a manner transparent to the user. In this paper we propose an SSO scheme where user authentication is based on payment cards conforming to the EMV industry standard. The card itself, in conjunction with the EMV architecture, takes the role of the ASP. The associated SSO protocol does not require online card issuer participation, preserves user mobility and does not put user’s financial data at risk.
منابع مشابه
Extending EMV Payment Smart Cards with Biometric On-Card Verification
Nowadays, many bank cards are smart cards (i.e. integrated-circuit cards) based on the EMV specifications for payment systems. This paper specifies how biometric on-card verification can be integrated into EMV debit and credit cards in a backwards-compatible way. The biometric verification does not change the EMV transaction flow outside the cardholder-verification step. The proposed payment sy...
متن کاملRelaying EMV Contactless Transactions using Off-The-Shelf Android Devices
Dutch banks introduced contactless payments in April 2014, and have been promoting the use of contactless cards since then. Contactless payments are based on the EMV specification, the worldwide standard for contact and contactless transactions. EMV Contact is a well-researched field and many vulnerabilities have been found. Although EMV Contactless is newer and less researched, a few vulnerabi...
متن کاملImproving Test Conformance of Smart Cards versus EMV-Specification by Using on the Fly Temporal Property Verification
Electronic payment transactions using smart card are based on the Europay Mastercard Visa (EMV) specifications. This standard appeared in 1995 in order to ensure security and global interoperability between EMV-compliant smart cards and EMV-compliant payment terminals throughout the world. Another purpose of EMV specifications is to permit a secure control of offline credit card transaction app...
متن کاملHarvesting High Value Foreign Currency Transactions from EMV Contactless Cards Without the PIN
In this paper we present an attack which allows fraudulent transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value transactions without the cardholder's PIN when the transaction is carried out in a fore...
متن کاملe-EMV: Emulating EMV for Internet payments using Trusted Computing technology
The introduction of Static Data Authentication (SDA) compliant EMV cards with their improved cardholder verification and card authentication capabilities has resulted in a dramatic reduction in the levels of fraud seen at Point of Sale (POS) terminals. However, with this POS-based reduction has come a corresponding increase in the level of fraud associated with Internet-based Card Not Present (...
متن کامل