Toggle Main Menu Toggle Search

Open Access padlockePrints

POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards

Lookup NU author(s): Dr Martin Emms, Dr Leonardus Arief, Joe Hannon, Professor Aad van Moorsel



The introduction of contactless payment cards into the global EMV payment system introduces a potential vulnerability, in that non-authorised de-vices can interact with the card, even when still in the cardholder’s wallet. This paper presents a solution addressing this issue, in which the card prevents mali-cious access to its sensitive data and functionality. The card issues an authenti-cation request which the Point of Sale (POS) terminal must sign with its bank issued private key, before the card will divulge any sensitive information. The proposed solution uses Elliptic Curve Cryptography, a combination of ECQV implicit certificates and ECDSA signatures, which provide both cryptographic strength and efficient use of the limited message size in EMV. There are 23.8 million EMV POS terminals installed globally; the design therefore focuses on integrating POS authentication without altering the EMV protocol. Finally, the paper presents an innovative solution for revocation of the POS terminal keys.

Publication metadata

Author(s): Emms M, Arief B, Hannon J, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2013

Pages: 18

Print publication date: 13/11/2013

Source Publication Date: November 2013

Report Number: 1401

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne