1 / 29

Chip Electronic Commerce SET Open Vendor Meeting 3 February, 1998

Chip Electronic Commerce SET Open Vendor Meeting 3 February, 1998. John Wankmueller MasterCard International. Agenda. Review of SET V2.0 Nov 97 Meeting, Purchase NY Chip Technical Working Group Meeting - Notes Proposed Process - Next Steps / Action Items

anakin
Télécharger la présentation

Chip Electronic Commerce SET Open Vendor Meeting 3 February, 1998

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chip Electronic CommerceSET Open Vendor Meeting 3 February, 1998 John Wankmueller MasterCard International

  2. Agenda • Review of SET V2.0 Nov 97 Meeting, Purchase NY • Chip Technical Working Group Meeting - Notes • Proposed Process - Next Steps / Action Items • An Analysis/Discussion of EMV-CEC Options • EMV / Non-EMV

  3. Review of SET V2.0 Nov 97 Meeting, Purchase NY

  4. Chip Technical Working Group Meeting - Notes • The SET V2 Group Should Provide a Detailed Analysis of the Proposed SET V1.0 EMV Integration Options • Duplicative Functions May Have Been Introduced, • Possibly Much Less Efficient Than S/W Based SET V1.0 • The Technical Group Wants a “Generic” Chip Card Extension Instead of the Proposed EMV Specific One.

  5. Chip Technical Working Group Meeting - Notes (Cont.) • SET V2.0 Should Support Non EMV Card Solutions. • Broaden the Scope to Accommodate Purse and Micro-Transactions • Make Sure Chip Support Can Be Implemented As a “Plug-in” SET V2 Module

  6. Chip Technical Working Group Meeting - Notes (Cont.) • The EMV-CEC “No C/H SET Key” Option Needs to Be Evaluated If It Meets Merchant Needs • We Need to Identify What Functions and Added Security Chip Cards Bring to SET • Should We Support Multi-Payment Applications on One Chip Card. (Should SET V2.0 Support Payment Method Selection Within a Chip Card)

  7. Proposed Process - Next Steps / Action Items (Cont.) • SET V2.0 Must Support the Transmission of the EMV “Final TC” to the Merchant/Acquirer. (Need a Full Understanding of All Business and Technical Requirements) • Provide a Detail Design of a Generic Chip Card Extension, (a 1 Byte Block Type Identifier and a Non-Structured Opaque Data Block)

  8. EMV Chip EC OptionsAnalysis John Wankmueller, Principal MasterCard International

  9. Cardholder Authentication EMV and SET • SET ==> 2 Distinct Cardholder Authentication Options 1) No Cardholder Authentication 2) Cardholder Authentication Through Private RSA 1024 Bit Key • An EMV Point Of Sale (POS) Capable Card Can Also Be Used to Provide Hardware Based Authentication for EC Transactions. • Stronger Than Using a SET Software Protected Secret Key • Also Adds Portability of Secret Key

  10. Card Authentication in a remote environment • All EC transactions need to be sent on-line to the Issuer for approval • The Issuer can unequivocally authenticate the card using the EMV • card generated ARQC • No need to duplicate authentication of the card (no need to have • the Acquirer as well as the Issuer authenticate the card) • EMV SDA, for remote environments not secure enough (easy to replay)

  11. EMV-SET Options Process Final TC (SET V1 Can NOT Handle) • SET Ver 2.0 Option A,B,C -Duplicate Point of Sale Environment • This Is a SET V2 Item Drop Final TC EMV-CEC (SET V1 Can Handle) • Option 3: • No SET Cardholder Keys (or Certificates) Anywhere • Option 2: • Adds SET Cardholder Keys (and Certificates) to the Cardholder PC, • Option 1: • Moves SET Cardholder Keys (and Certificates) to the Card, • Requires a Non-Generic “SET Modified” EMV Application in the Card

  12. Chip Reader Acquiring Gateway SET Ver 2.0 Option A- Add All EMV Messages Before Any SET Messages Merchant Server Cardholder PC ICC Authenticate Card New Messages Scheme Pay Request ARQC ARPC Scheme Pay Resp Pinit Req Pinit Res TC Preq AuthReq SET V1.0 Messages AuthRes Pres Cap Req Cap Res

  13. Chip Reader Acquiring Gateway SET Ver 2.0 Option BInsert New Message Pair in the Middle ICC Cardholder PC Merchant Server SET Pinit Req or other SET Pinit Res or other Authenticate Card ARQC New Messages Scheme Pay Request ARPC Scheme Pay Resp TC SET Preq or other SET AuthReq or other SET Pres or other SET AuthRes or other SET Cap Req or other SET Cap Res or other

  14. Chip Reader Acquiring Gateway SET Ver 2.0 Option C- Add TC Message Pair to End of SET ICC Merchant Server Cardholder PC Purchase Init Request Purchase Init Response Authenticate card ARQC Preq Scheme Payment Request Auth Req Pres ARPC Auth Res Scheme Payment Resp TC NewSETMessages TC Req TC Res CapReq CapRes

  15. SET SET Acquirer(S) Chip Reader Merchant(S) Acquirer(K) Merchant(K) Acquiring Gateway ICC Cardholder PC with SET S/W Merchant Server EMV-CEC Option 3 with SET V1.0No SET Cardholder Keys (or Certificates) Anywhere SET Keys S - Signature Key K - Key Exchange Key Purchase Init Request Purchase Init Response Authenticate card ARQC Preq -Unsiged SET Message + ARQC Scheme Payment Request Auth Req + ARQC SET Messages Pres ARPC Auth Res Scheme Payment Resp TC CapReq CapRes

  16. Option 3: No Cardholder SET Keys - Anywhere • Uses a “Generic” EMV Card • Uses the SET Option - No Cardholder Private Keys or Certificates • No Cardholder Signed SET Messages. • No SET Data in the Chip, Does Not Require RSA Capable Cards • No Cardholder SET Keys Held in the PC,

  17. Option 3: No Cardholder SET Keys - Anywhere (Cont.) • EMV’s on-Line Authentication (With ARQC) Replaces SET C/H Signature (The ARQC Created by the Chip Card Is Validated by the Issuer) • Provides Card Authentication Portability (ARQC Always Produced - All Environments) • Requires the Issuance of Only an EMV Card Per Account (Back End Issuer’s Systems Use Exactly the Same Authentication Processing As Face to Face Transactions.)

  18. SET Acquirer(S) Chip Reader Acquirer(K) Acquiring Gateway ICC EMV-CEC Option 2: w/SET1.0 Cardholder Keys (and Certs) on the PC SET Keys S - Signature Key K - Key Exchange Key SET CardHolder(S) SET Cardholder Certificate Chain Merchant(S) Merchant(K) Cardholder PC with SET S/W Merchant Server Purchase Init Request Purchase Init Response Authenticate card ARQC Preq -*SW Signed * SET Message + ARQC Scheme Payment Request Auth Req + ARQC SET Messages Pres ARPC Auth Res Scheme Payment Resp TC CapReq CapRes

  19. Option 2: Adds SET Cardholder Keys (and Certificates) to the Cardholder PC • Uses an Unmodified Generic POS EMV Card • Adds a SET Cardholder Private Keyin thePC. (C/H SET Signatures Performed by the “PC”), No SET Processing Is Performed in the Chip. • Card Authentication Is Performed Twice. (EMV on-Line Authentication (With ARQC) Validated by the Issuer, SET C/H Signature)

  20. Option 2: Adds SET Cardholder Keys (and Certificates) to the Cardholder PC (Cont.) • Pros • Lessens Portability. (SET Software Protected Keys Are Not Portable) • Can Be Used to Tie Down an EMV Card’s Use to One Particular PC. • Issuers May Have Already Issued Cardholder SET Certificates. • (Supports the Transition to EMV Chip Cards) • Minimum Changes to SET to Add the Transport of EMV Data. • Cons • Requires Issuing Both an EMV Card and a SET C/H Certificates • Added Cost to Issuers to Support SET • Possible Slower Overall Transaction Time for Acquirers • May Confuse the Market Into Believing This Option Provides Greater Overall Security Because Two Authenticating Mechanisms Must Be Better Than One.

  21. EMV-CEC Option 1 - SET1.0Cardholder Keys (and Certificates) in the card SET Acquirer(S) Chip Reader Acquirer(K) Acquiring Gateway SET Keys S - Signature Key K - Key Exchange Key SET CardHolder(S) SET Cardholder Certificate Chain Merchant(S) Merchant(K) ICC with SET H/W Signing Cardholder PC with SET S/W Merchant Server Purchase Init Request Purchase Init Response Authenticate card ARQC Preq -*H/W Signed * SET Message + ARQC Scheme Payment Request Auth Req Auth Req + ARQC SET Messages Scheme Payment Resp Pres ARPC Auth Res TC CapReq CapRes

  22. Option 1: Moves SET Cardholder Keys (and Certificates) to the card • Requires a Non-Generic EMV Card. The Credit/Debit Application Inside the Chip Must Be Modified for Electronic Commerce Use to Support Setdata Signing Function Inside the Card • C/H SET Private Key, Hardware Protected in the Chip, Is Used to Sign the SET Message to the Merchant. • Entire Cardholder SET Public Key Certificate Chain (4 to 5 Certificates) Must Be Stored in the Chip. • Requires a Change to the EMV Specification. New Parameter Values to EMV's Internal Authenticate Command Need to Be Specified.

  23. Option 1: Moves SET Cardholder Keys (and Certificates) to the card (Cont.) • EMV's ARQC) Used in Addition to a SET Cardholder Signature • Explicitly Adds a Second SET Hardware Signature, Message Is Signed Directly in the Chip Card (Uses Its EMV Secret Key for ARQC, Uses Its Imbedded SET 1024 Private Key to Sign SET Data) • A Different ROM Mask Required to Distinguish Between Signing Types. • *Every Electronic Commerce CAD Must Support Option 1 Cards and Be Able to Read and Process the SET Data in Them.

  24. Option 1: Moves SET Cardholder Keys (and Certificates) to the card (Cont.) Pros • Provides Portability (Like Option 3) Cons • Requires Non “Generic” Modified EMV Cards • Provisions a Duplicate Card Authentication Function • Requires Issuance of Both an EMV Card and SET C/H Certs and Change Chip Card Personalization Procedures • **All Electronic Commerce Cads Must Support Option 1- Mandates More Function Than POS Terminals • May Confuse the Market Into Believing This Option Provides Greater Overall Security

  25. EMV / Non-EMV

  26. Electronic Commerce and Chip (Non-EMV / EMV ) • Current Situation • (Where We Are Today) • Desired Situation • (Where We Want to Be) • How Do We Get There • (A Proposed Process to Get There)

  27. Current Situation (Where We Are Today) • French B0’ Cards • 20+ Millions of Cards (Not EMV Today) • Moving to EMV in the Future • Germany • Large Volume (Multiple Millions) of Non-EMV Chip Cards • Most Chip Issuing Countries • Chip Cards Used Mostly for Non-Payment Applications • If Payment Then Non Credit or Debit • Non Inter-Operable

  28. Desired Situation (Where We Want to Be) • Globally Accepted EMV Compliant and Inter-Operable Payment Applications • One Common Chip Chip Operating System • Multiple Application Operating Systems • Silicon Platform Independent • A Truly Inter-Operable Card and Terminal Reader Infrastructure - All Payment Chips Cards Accepted at All Payment Chip Readers

  29. How Do We Get There - A Proposed Process On the Road to Electronic Commerce EMV • Engage in Tests and Pilots Using Currently Available Infrastructure • Build Flexibility Into Our Technical Design to Accommodate Acceptable Market Trials • Obtain Commitment to Move Toward EMV for Credit and Debit Products • Ensure All Technical Design Complies and Integrates Easily With EMV Applications • Expand Current Scope Beyond Just Credit and Debit (Micro-Payments …)

More Related