Browse by author
Lookup NU author(s): Dr Martin Emms, Dr Leonardus Arief, Joe Hannon, Professor Aad van Moorsel
The introduction of contactless payment cards into the global EMV payment system introduces a potential vulnerability, in that non-authorised de-vices can interact with the card, even when still in the cardholder’s wallet. This paper presents a solution addressing this issue, in which the card prevents mali-cious access to its sensitive data and functionality. The card issues an authenti-cation request which the Point of Sale (POS) terminal must sign with its bank issued private key, before the card will divulge any sensitive information. The proposed solution uses Elliptic Curve Cryptography, a combination of ECQV implicit certificates and ECDSA signatures, which provide both cryptographic strength and efficient use of the limited message size in EMV. There are 23.8 million EMV POS terminals installed globally; the design therefore focuses on integrating POS authentication without altering the EMV protocol. Finally, the paper presents an innovative solution for revocation of the POS terminal keys.
Author(s): Emms M, Arief B, Hannon J, van Moorsel A
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2013
Pages: 18
Print publication date: 13/11/2013
Source Publication Date: November 2013
Report Number: 1401
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1401.pdf
