Académique Documents
Professionnel Documents
Culture Documents
Dr Wasim Raad Computer Engineering Department King Fahad University Petroleum & Minerals Dhahran-Saudi Arabia
Purse Charger
(Bank or third party)
Card Holder
(User)
.Retail POS
collecting Highway tax
EMV
Established 1999 by Europay International, Mastercard International & VISA International EMV IC card Spec for payment ensures Cross payment Interoperability between Cards and terminals Latest version:EMV2000 version 4.0(support for lower voltage cards & contactless interface Currently there are greater than 200 million Mastercard, Maestro & Cirrus Chip cards worldwide( more than 80 million of these support EMV)
Smart Card
Smart Card Market : VISA Smart Credit/Debit (CCCP) Magnetic Credit Authorization Terminal Smart Credit Authorization Terminal
2000. Stop manufacturing easy entry card and terminal as well Differentiate a commission rate for interchange : Chip Card versus M/S card 2002. All the new terminals should work on Visa Smart Credit/Debit card Recommendation of PIN Pad. 2000 2002 2005 2008
2005. All the new cards should be equipped with Visa Smart Credit/Debit card in functions. 2008. All the Card must be issued with functions of Visa Smart Credit/Debit Card. All the terminals must work on Smart Credit/Debit Card
Muhammad Wasim Raad 5
Authentication
Card Data : - SDA Certificate - Issuer Public Key Certificate
1. Card Sends : - selected card data - card data certificate - issuer public-key certificate
2. Terminal decodes issuer public key using scheme public key. 3. Verifies card certificate using issuer public key 4. Compares with hashed form of the card data
Authentication (contd)
Dynamic Authentication
Challenge-based. The terminal issues a challenge to the card, The card signs the card serial number and this challenge. The terminal verifies this signature. The card must incorporate the public-key encryption functions. The private key is permanently stored in the card and protected by physical security features. Key management issue.
Muhammad Wasim Raad 7
Authentication (contd)
Reset card Answer to reset Select Application Send Application Data Auth. card & terminal Terminal risk management Request cryptogram
Card risk management Send cryptogram (Perform online Transaction) Send Results (Complete Transaction)
Electronic Cash
Electronic cash is a general term that describes the attempts of several companies to create a value storage and exchange system that operates online in much the same way that governmentissued currency operates in the physical world. Concerns about electronic payment methods include: Privacy Security Independence Portability Muhammad Wasim Raad Convenience
Must be anonymous, just like regular currency Safeguards must be in place to prevent counterfeiting Must be independent and freely transferable regardless of nationality or storage mechanism
Muhammad Wasim Raad 10
Electronic Cash
11
Off-line
Customer holds cash on smart card or electronic wallet Fraud and double spending require tamper-proof encryption
Muhammad Wasim Raad 12
Electronic Cash
Advantages
Electronic cash transactions are more efficient and less costly than other methods. The distance that an electronic transaction must travel does not affect cost. The fixed cost of hardware to handle electronic cash is nearly zero. Electronic cash does not require that one party have any special authorization.
Disadvantages
Electronic cash provides no audit trail. Because true electronic cash is not traceable, money laundering is a problem. Electronic cash is susceptible to forgery. So far, electronic cash is a commercial flop.
Muhammad Wasim Raad 13
Cash is inconvenient
not machine-readable humans carry limited amount risk of loss, theft
Electronic Purse
EFT-POS
Magnetic, Credit/Debit Card EMV Smart Card Electronic Purse : MONDEX, CEPS, KEP, Ministry of Commerce, Industry & Energy 1) KEP (Korean Electronic Purse) Korea Financial Telecommunications & Clearings Institute 2) Mondex Electronic Purse Cheju Island (Resort) Project ASEM Project
Muhammad Wasim Raad 16
17
Octopus Applications
Public Transport and related
3 railways, 6000 buses, ferries, Peak Tram, Tramways, public light bus Car parks Parking meters
Muhammad Wasim Raad 19
20
Octopus Applications
Recreational facilities
Public swimming pools Racecourses
Non-payment service
Access Control for residential estates School Attendance
Muhammad Wasim Raad 21
Octopus
Transaction time < 300 milliseconds Transaction fees: HK$0.02 + 0.75%
$10 transaction costs $0.095 (0.95%)
Applications
Transit Telephones Road tolls Point-of-sale Access control
Payment Cards
8-128 Kb Data rate 115 Kb/sec ISO 7816 compliant Visa-certified PIN management and verification 3DES algorithm for authentication, secure messaging Epurse with payment command set (debit, SOURCE: credit, balance, floor limit management) GEMPLUS
Muhammad Wasim Raad 24
EMV = EUROPAY INTL, MASTERCARD, VISA MPCOS = MULTI PAYMENT CHIP OPERATING SYSTEM
28
GSM Cellnet and Barclaycard developped wireless finantial service smart card SIM activates users Cellnet GSM phone Provides a Barclay services menu
Muhammad Wasim Raad 29
31
Mondex
Smart-card-based, stored-value card (SVC) Subsidiary of MasterCard NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM ATM does not know transfer protocol; connects with secureWasim Raad at bank Muhammad device 32
Spending at merchants having a Mondex value
Mondex
Subsidiary of MasterCard Smart-card-based, stored-value card (SVC) NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal Muhammad Wasim Raad
33
35
Mondex Overview
36
Mondex Security
Active and dormant security software
Security methods constantly changing ITSEC E6 level (military)
38
Cashless ATM
PCMCIA Reader/Writer
Electronic Wallet
SOURCE: HITACHI
39
40
41
42
43
13
44
45
Supports both versions of Paypass transaction 250K issued for 250K (contactless M/Chip 4, or Contactless Track 2 Japan Residential data) and in fact can execute ANY existing ID card MULTOS application over the contactless interface.
Keycorp / Philips Contactless MULTOS, 16K EEPROM, MIFARE Type A contactless interface, Prototypes available now
Supports Mifare ticketing only. Full contactless Muhammad Wasim MULTOS application execution planned for Q3 Raad 2004
46
Visa Wave
First Commercial Visa contact less card Global Platform EMV Visa debit/credit for more than 2000 consumer
47
Online credit & debit Speed, convenience, & reward to drive cash replacement faster Differentiating payment services Online Authorization Draft capture Electronic settlement Online credit & debit Enriched consumer shopping experience Possible Objective by 2010: Electronic Payment 70% Cash & Checks 30%
Credit card acceptance by retailers Zip zap machine Negative card list
48
ViVOpay 3000
ViVOpay 4000
ViVOtech has shipped 100,000 contactless readers in last 18 months. Mostly in the U.S.
49
50
SOURCE: SAMSUNG
51
52
Case Studies
53
Provide a secure storage for digital certificates and personal identification Convenience-Multifunction Card like the JAVA Card and very portable Log recent activities Can Provide automatic Logins to designated websites without having to remember passwords and login Muhammad Wasim Raad procedures
54
Conclusion
With EMV expected to move to Smart Cards by 2007, huge boom expected. Cards will become truly multifunctional. Application Downloading. Interoperability issue solved
55
References
www.smartcardbasics.com www.gemplus.com http://www.acs.com.hk/ http://www.smartcardcentral.com/ http://www.cardtechnology.com/
56