Building General-Purpose Security Services on EMV Payment Cards
نویسندگان
چکیده
The Generic Authentication Architecture (GAA) is a standardised extension to the mobile telephony security infrastructures that supports the provision of security services to network applications. We have proposed a generalised version of GAA which enables almost any pre-existing infrastructure to be used as the basis for the provision of generic security services, and have examined a GAA instantiation supported by Trusted Computing. In this paper we study another instantiation of GAA, this time building on the widely deployed EMV security infrastructure. This enables the existing EMV infrastructure to be used as the basis of a general-purpose authenticated key establishment service in a simple and uniform way, and also provides an opportunity for EMV-aware third parties to provide novel security services. We also discuss possible applications and issues of privacy and trust.
منابع مشابه
Security of Electronic Payment Systems: A Comprehensive Survey
This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge universit...
متن کاملImproving Test Conformance of Smart Cards versus EMV-Specification by Using on the Fly Temporal Property Verification
Electronic payment transactions using smart card are based on the Europay Mastercard Visa (EMV) specifications. This standard appeared in 1995 in order to ensure security and global interoperability between EMV-compliant smart cards and EMV-compliant payment terminals throughout the world. Another purpose of EMV specifications is to permit a secure control of offline credit card transaction app...
متن کاملCloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless
Recent roll-outs of contactless payment infrastructures – particularly in Austria and Germany – have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are imp...
متن کاملSecurity Enhanced EMV-Based Mobile Payment Protocol
Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant's reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transa...
متن کاملExtending EMV to support Murabaha transactions
Conventional credit card transactions are not consistent with Islamic principles, as exemplified by the Islamic banking system and the ‘Murabaha sale’. On the other hand, EMV-compliant IC (Integrated Circuit) cards have been developed to secure traditional Point of Sale (POS) transactions. Thus, if Islamic principles are to be applied to card payments, a new and secure card payment process is r...
متن کامل