Advertisement

Some critical remarks on “dynamic data authentication” as specified in EMV '96

  • Louis Claude Guillou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1318)

Abstract

Every banking card will soon include an electronic chip and, after a transitional period, the magnetic stripe will disappear. For ensuring a worldwide interchange, Europay International S.A., MasterCard International Incorporated and Visa International Service Association have been cooperating for the last three years in the production of the so-called EMV specifications; the latest release specifies a method for dynamic data authentication. We analyzed that method which requires a pair of RSA keys in every card; such a method is highly questionable. We propose an alternate method which eliminates the detected problems while offering significant benefits at system level.

Keywords

Smart Card Certification Authority Secure Messaging Magnetic Stripe Public Verification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Gustavus J. Simmons, Ed., Contemporary Cryptology, The Science of Information Integrity, IEEE Press, Piscataway, 1992Google Scholar
  2. 2.
    Groupement des Cartes Bancaires, Spécifications et Normes de la Carte à Mémoire Bancaire, Paris, January 1984Google Scholar
  3. 3.
    Europay, Mastercard, Visa, EMV '96 Specifications, Version 3.0, Europay, Waterloo; MasterCard, Purchase; Visa, San Mateo, 30 June 1996Google Scholar
  4. 4.
    International Standard, ISO/IEC 7816-4: 1995, Information technology, Integrated Circuit(s) Cards with Contacts, Part 4: Interindustry commands for interchange, ISO/IEC Central Secretariat, GenevaGoogle Scholar
  5. 5.
    Louis Claude Guillou, Jean-Jacques Quisquater, “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessors Minimizing Both Transmission and Memory,” in Lecture Notes in Computer Science, Vol 330, Advances in Cryptology, pp. 123–128, Proc. Eurocrypt '88, Davos, Switzerland, May 25–27, 1988, GG Günther, Ed., Springer Verlag, Berlin, 1989Google Scholar
  6. 6.
    Jean-Jacques, Myriam, Muriel and Michaël Quisquater, Louis Claude, Marie-Annick, Gaïd, Anna, Gwénolé and Soazig Guillou, “How to explain zero-knowledge protocols to your children,” in Lecture Notes in Computer Science, Vol 435, Advances in Cryptology, pp 628–631, Proc. Crypto '89, Santa Barbara, California, Aug. 20–24, 1989, G. Brassard, Ed., Springer Verlag, Berlin, 1990Google Scholar
  7. 7.
    Louis Claude Guillou, “Comprehensive Approach to Zero-Knowledge Techniques; Application to Authentication Mechanisms for Smart Cards,” Doc N1185, ISO/IEC JTC 1/SC27 Secretariat, DIN, Berlin, October 1995Google Scholar
  8. 8.
    Draft International Standard, ISO/IEC 9798-5: 1997, Information technology, Security techniques, Entity authentication, Part 5: Mechanisms using zero-knowledge techniques, ISO/IEC Central Secretariat, GenevaGoogle Scholar
  9. 9.
    Draft International Standard, ISO/IEC 9796-2: 1997, Information technology, Security techniques, Digital signature schemes giving message recovery, Part 2: Mechanisms using a hash-function, ISO/IEC Central Secretariat, GenevaGoogle Scholar
  10. 10.
    International Standard, ISO/IEC 7816-6: 1996, Information technology, Integrated Circuit(s) Cards with Contacts, Part 6: Interindustry data elements, ISO/IEC Central Secretariat, GenevaGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Louis Claude Guillou
    • 1
  1. 1.France Telecom, Branche Développement, CNETDirection des Services de Diffusion et MultimédiaCesson Sévigné cedex 9France

Personalised recommendations