Some critical remarks on “dynamic data authentication” as specified in EMV '96
Every banking card will soon include an electronic chip and, after a transitional period, the magnetic stripe will disappear. For ensuring a worldwide interchange, Europay International S.A., MasterCard International Incorporated and Visa International Service Association have been cooperating for the last three years in the production of the so-called EMV specifications; the latest release specifies a method for dynamic data authentication. We analyzed that method which requires a pair of RSA keys in every card; such a method is highly questionable. We propose an alternate method which eliminates the detected problems while offering significant benefits at system level.
KeywordsSmart Card Certification Authority Secure Messaging Magnetic Stripe Public Verification
Unable to display preview. Download preview PDF.
- 1.Gustavus J. Simmons, Ed., Contemporary Cryptology, The Science of Information Integrity, IEEE Press, Piscataway, 1992Google Scholar
- 2.Groupement des Cartes Bancaires, Spécifications et Normes de la Carte à Mémoire Bancaire, Paris, January 1984Google Scholar
- 3.Europay, Mastercard, Visa, EMV '96 Specifications, Version 3.0, Europay, Waterloo; MasterCard, Purchase; Visa, San Mateo, 30 June 1996Google Scholar
- 4.International Standard, ISO/IEC 7816-4: 1995, Information technology, Integrated Circuit(s) Cards with Contacts, Part 4: Interindustry commands for interchange, ISO/IEC Central Secretariat, GenevaGoogle Scholar
- 5.Louis Claude Guillou, Jean-Jacques Quisquater, “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessors Minimizing Both Transmission and Memory,” in Lecture Notes in Computer Science, Vol 330, Advances in Cryptology, pp. 123–128, Proc. Eurocrypt '88, Davos, Switzerland, May 25–27, 1988, GG Günther, Ed., Springer Verlag, Berlin, 1989Google Scholar
- 6.Jean-Jacques, Myriam, Muriel and Michaël Quisquater, Louis Claude, Marie-Annick, Gaïd, Anna, Gwénolé and Soazig Guillou, “How to explain zero-knowledge protocols to your children,” in Lecture Notes in Computer Science, Vol 435, Advances in Cryptology, pp 628–631, Proc. Crypto '89, Santa Barbara, California, Aug. 20–24, 1989, G. Brassard, Ed., Springer Verlag, Berlin, 1990Google Scholar
- 7.Louis Claude Guillou, “Comprehensive Approach to Zero-Knowledge Techniques; Application to Authentication Mechanisms for Smart Cards,” Doc N1185, ISO/IEC JTC 1/SC27 Secretariat, DIN, Berlin, October 1995Google Scholar
- 8.Draft International Standard, ISO/IEC 9798-5: 1997, Information technology, Security techniques, Entity authentication, Part 5: Mechanisms using zero-knowledge techniques, ISO/IEC Central Secretariat, GenevaGoogle Scholar
- 9.Draft International Standard, ISO/IEC 9796-2: 1997, Information technology, Security techniques, Digital signature schemes giving message recovery, Part 2: Mechanisms using a hash-function, ISO/IEC Central Secretariat, GenevaGoogle Scholar
- 10.International Standard, ISO/IEC 7816-6: 1996, Information technology, Integrated Circuit(s) Cards with Contacts, Part 6: Interindustry data elements, ISO/IEC Central Secretariat, GenevaGoogle Scholar