Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Similar presentations

Presentation on theme: "Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management."— Presentation transcript:

1 Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management

2 2 Agenda EMV Key Management - overview EMV Key Impacts on Issuance PIN Management

3 Key Management Overview

4 4 EMV Security Features EMV requires secure key management to enable the following functions –Card authentication Offline Online –Cardholder verification –Issuer authentication –Non-repudiation of transactions –Secure EMV script delivery –Transport of keys between domains For this both Triple DES (symmetric) and PKI (asymmetric) are used

5 5 Symmetric keys: how does DES work? Single key to both encrypt and decrypt Key is generated by a mathematical process Encryption combines data and key using a non-secret formula Key must be kept secret: –in the chip & in HSMs/Host of issuer –not at acquirers

6 6 EMV Triple DES keys Online Transaction Keys - stored in secure portion of memory in the chip and on the Issuing Host –Online authentication keys – Master Key used to create a card key –Scripting keys Transport keys - used to ensure the secure transport of sensitive data during Issuance –Card Manufacturer –Data Preparation –Bureau/Personalisation Machine

7 7 Public Key Infrastructure

8 8 Asymmetric keys: how does PKI work? Related pairs of keys – public and private Keys are generated by a complex mathematical process Encryption combines data and key using a non-secret formula Decryption is only possible using the other key of the same pair –one key must be kept secret, the other one can be public

9 9 How to use of PKI keys in EMV Offline Data Authentication Example: 1.Load MasterCard EMV Public key on every terminal 2.Send card data to MasterCard and they encrypt card data using the MasterCard EMV Private key 3.During a transaction, card sends encrypted card data to the terminal 4.Terminal uses MasterCard public key to decrypt encrypted data 5.Terminal determines the unencrypted card data 6.Card passes same card data to terminal 7.Terminal compares card data – only MasterCard could have put that data on the card

10 10 Certification Process for Static Data Authentication Use Data prep device to generate Issuer Key pair Send the Issuer public key to the card scheme Scheme returns issuer public key signed with the scheme private key (Issuer Certificate) These are input into the data prep device and validated The issuer certificate is personalised onto each card

11 11 Enhanced Security on Card (PKI - SDA) Static Data Authentication - SDA Holds: –A Certificate for the authentication of the issuer (Issuer Public key signed with Card Scheme Private key) –A static digital signature for card authentication (data signed by Issuer Private key)

12 12 Dynamic Data Authentication - DDA Holds: –A Certificate for the authentication of the issuer –A Certificate for card authentication Dynamic generation of the digital Signature for authentication Enhanced Security on Card (PKI - DDA)

13 13 Combined Dynamic Data Authentication (CDA) and Application Cryptogram Generation CDA uses the same authentication operation as for DDA, but also combines the transaction cryptogram in the signature Transaction Information

14 EMV Key Impacts on Issuance

15 15 Magnetic stripe card issuance (key management aspect) Card Issuers CMS Perso domain Personalisation Data File normally not encrypted (no sensitive data) Limited number of (symmetric only) secret keys required: PIN Verification Value (PVV) Card Verification Value (CVV) HSM

16 16 Chip Data Conv. HSM Smart Card Personalisation Card Issuers CMS Chip perso HSM Smart Card System Smart card issuance (key management aspect) Storage of (symmetric) master keys and transport keys EMV key data needs to be secured using HSMs Storage of transport keys Need to generate asymmetric keys and certify them HSM Prep Device Generate Offline Pin & encrypt it under Transport Key

17 17 How to add EMV (crypto) data to Cards? Data preparation phase, you can use –Smart Card Management systems –data prep devices or These systems –Generate, store and manage keys for each application –Send Public keys to Certificate Authorities –Stores the certificates returned from CAs in a database –Adds the smart card data for each card to Embossing File Personalisation – writing EMV data to the card –Can use Smart Card Management Systems or software from Printer vendors –Need to decrypt secret data from Data Prep and re-encrypt it to send it to the card –Need to use issuer keys to open each card to write to the chip

18 EMV Impacts to PIN Management

19 19 Magnetic stripe PIN management PIN required for certain transactions –on-line PIN verification using DES, 3-DES Offset mechanism for PIN change PINs are never stored, but re-computed Issuer system controls PIN on-line –blocking and unblocking PIN –changing PIN

20 20 EMV PIN management Chip contains offline PIN value for offline verification Other applications may use same PIN Without Offline PIN, CAP is not possible EMV offers scripting mechanism to (un)block and change the PIN Implicit and explicit PIN unblock

21 21 Synchronisation issues PIN information rests in (at least) 2 places In authorisation system for online PIN verification In PIN generation domain (when issuing cards) New: in the chip Counting failed PIN attempts Blocking and unblocking the PINs Changing the value of the PINs, recovering from error situations

22 22 Security issues Counting failed PIN attempts Security of PIN-change script defined by EMV, but how to initiate PIN-change securely? Enter old PIN + 2x new PIN, encrypted under acquirer key! PIN change in not-on-us situations Not supported by standards UK banks have developed reciprocal solution, but not generally applicable

23 23 Changing PIN in the field Host 1- Change PIN 2 – Update PIN 3 –Response + Script 5 – Reverse Update ATM Card 4 – Script Confirmation - Fail

24 24 Overview Script assembly HSM Card Issuers CMS Script execution HSM Data Prep System PIN Management system Host ATM Card

25 25 PIN Management conclusions (Offline) PIN is becoming best practice PIN change facilities are needed to remember PINs on many cards Implementing offline PIN touches many systems Probably the hardest part of implementing Offline PIN is customer education!


27 27 Offline PIN verification

28 28 PIN injection during card issuance Script assembly HSM Data Preparation Smart Card Personalisation Card Issuers CMS Script execution HSM Data Prep System Translate PIN Under Session Key 2: Reformat PIN and Translate 1: Add encrypted Offline PIN to embossing data HSM

Download ppt "Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management."

Similar presentations

Ads by Google