DOCSLIB.ORG

(Chip and PIN) Project EMV Card

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(Chip and PIN) Project EMV Card EMV (Chip and PIN) Project Student: Khuong An Nguyen Supervisor: Professor Chris Mitchell Year: 2009-2010 Full Unit Project EMV card 1 Contents Figures ......................................................................................................................................... 6 Tables .......................................................................................................................................... 7 1. Introduction ........................................................................................................................ 8 1.1 Electronic payment ......................................................................................................... 8 1.2 Scope of project .............................................................................................................. 8 1.3 Contents of report .......................................................................................................... 8 2. Definitions and abbreviations .......................................................................................... 11 2.1 Definitions .................................................................................................................... 11 2.2 Abbreviations ................................................................................................................ 12 3. Project overview ............................................................................................................... 14 3.1 Project nature ............................................................................................................... 14 3.2 Project components ..................................................................................................... 14 3.2.1 Software system .................................................................................................... 15 3.2.2 Smart card reader .................................................................................................. 15 3.2.3 EMV Credit/Debit card .......................................................................................... 16 3.2.4 Supporting software and hardware ...................................................................... 16 3.3 Project objectives ......................................................................................................... 16 3.4 Project development plan ............................................................................................ 17 4. Background ....................................................................................................................... 18 4.1 EMV (Chip and PIN) introduction ................................................................................. 18 4.1.1 Smart card introduction ........................................................................................ 18 4.1.2 EMV (Chip and PIN) introduction .......................................................................... 19 4.2 File system structure overview ..................................................................................... 21 4.2.1 General smart card file system overview .............................................................. 21 4.2.2 EMV file system overview ..................................................................................... 21 4.3 EMV payment transaction ............................................................................................ 22 4.4 Payment transaction protection mechanism ............................................................... 23 4.4.1 Card Authentication Methods ............................................................................... 24 4.4.2 Cardholder Verification Methods .......................................................................... 24 4.4.3 Plaintext offline PIN verification ............................................................................ 26 5. Command analysis ............................................................................................................ 29 5.1 Application Protocol Data Unit ..................................................................................... 29 2 5.1.1 Command APDU .................................................................................................... 29 5.1.2 Response APDU ..................................................................................................... 29 5.2 EMV commands ............................................................................................................ 30 5.2.1 SELECT command .................................................................................................. 30 5.2.2 READ RECORD command ....................................................................................... 31 5.2.3 GET DATA command .............................................................................................. 32 5.2.4 VERIFY command ................................................................................................... 32 5.2.5 GET PROCESSING OPTIONS command .................................................................. 33 5.3 Response command analysis ........................................................................................ 33 5.3.1 Payment application R-APDU analysis ................................................................... 33 5.3.2 GET PROCESSING OPTIONS R-APDU analysis ........................................................ 34 5.3.3 Cardholder verification R-APDU analysis ............................................................... 35 5.3.4 Personalised information R-APDU analysis ........................................................... 36 6. EMV communication protocol construction .................................................................... 37 6.1 Approach discussion ..................................................................................................... 37 6.2 Protocol algorithm ........................................................................................................ 37 7. High level design ............................................................................................................... 40 7.1 System functionalities overview ................................................................................... 40 7.2 General system architecture ........................................................................................ 41 7.3 Hardware architecture ................................................................................................. 41 7.4 Software system architecture ...................................................................................... 42 7.5 Sequence diagram ........................................................................................................ 42 7.6 User Interface ............................................................................................................... 43 7.6.1 Card input interface ............................................................................................... 43 7.6.2 Payment application interface .............................................................................. 44 7.6.3 Card authentication interface ............................................................................... 44 7.6.4 Cardholder verification interface .......................................................................... 45 7.6.5 Personalised information interface ....................................................................... 45 7.6.6 Offline PIN verification interface ........................................................................... 46 8. Detailed design ................................................................................................................. 47 8.1 Java programming ........................................................................................................ 47 8.2 Classes specification ..................................................................................................... 47 8.2.1 Card input class ...................................................................................................... 47 3 8.2.2 Payment application class ..................................................................................... 49 8.2.3 Transaction initialisation class ............................................................................... 51 8.2.4 Security protection class ........................................................................................ 52 8.2.5 Card authentication class ...................................................................................... 53 8.2.6 Cardholder verification class ................................................................................. 55 8.2.7 Plaintext offline PIN verification ............................................................................ 58 8.2.8 Personalised information class .............................................................................. 60 8.2.9 Report generation class ......................................................................................... 61 8.2.10 Graphical User Interface class .............................................................................. 64 8.3 Data dictionary ............................................................................................................. 65 8.4 Java algorithm..............................................................................................................
Load more

Recommended publications
  • PDF Version Oct/Nov 2019
    IDWEST FLYER M AGAZINE OCTOBER/NOVEMBER 2019 Published For & By The Midwest Aviation Community Since 1978 midwestflyer.com 1,658 nm | 274 ktas | 6 people 1,000 nm | 260 ktas | 6 people 1,343 nm | 213 ktas | 6 people FINALLY! 1,658 nm | 274 ktas | 6 people A CARD FOR PILOTS. 1,000 nm | 260 ktas | 6 people 2% CASH BACK1 Fuel, Flight Schools, & FBO's Switch today to the new AOPA credit card, and stop paying too much on your aviation purchases. 1,343 nm | 213 ktas | 6 people A CASH BACK1 REDEMPTION IS APPLIED AS A STATEMENT CREDIT. QUARTERLY BONUS POINT CAP OF 2,500 POINTS*. learn more at AOPA.org/creditcard * CERTAIN POINTS AND PURCHASES RESTRICTIONS APPLY, SEE FULL REWARDS TERMS AND CONDITIONS FOR FULL DETAILS AT AOPA.ORG/CREDITCARD. 1.REWARDS POINTS CAN BE REDEEMED FOR CASH BACK OR OTHER REDEMPTION ITEMS PROVIDED THROUGH AOPA PILOT REWARDS. A CASH BACK REDEMPTION IS APPLIED AS A STATEMENT CREDIT. THE STATEMENT CREDIT WILL REDUCE YOUR BALANCE BUT YOU ARE STILL REQUIRED TO MAKE AT LEAST YOUR MINIMUM PAYMENT. A MINIMUM OF 2,500 POINTS IS NEEDED TO REDEEM FOR CASH BACK. VALUES FOR NON-CASH BACK REDEMPTION ITEMS SUCH AS MERCHANDISE, GIFT CARDS, AND TRAVEL MAY VARY. OCTOBER/NOVEMBER 2019 MIDWEST FLYER MAGAZINE 3 Vol. 40. No. 6 ContentsContents ISSN: 0194-5068 OCTOBER/NOVEMBER 2019 ON THE COVER: Three biplanes flying over Clear Lake, Iowa (from top to bottom): Brian Aukes of Huxley, Iowa, flying the “Red Baron” -- a 450 Stearman (PT-27), IDWEST FLYER once flown by the Red Baron Stearman Squadron; Matthew Sawhill of Ankeny, Iowa, flying AGAZINE OCTOBER/NOVEMBER 2019 a Stock Stearman (PT-17); and Dan Sokolowski of Clear Lake, Iowa, flying “Blondie” -- a M Stock Stearman (N2S-2), which was a trainer flown by the Women Airforce Service Pilots (WASP) at Avenger Field in Sweetwater, Texas, during World War II.
    [Show full text]
  • U.S. Department of the Interior Integrated Charge Card Program Policy
    U.S. Department of the Interior Integrated Charge Card Program Policy Issued by the Office of Acquisition and Property Management and Office of Financial Management Introduction Welcome to the Department of the Interior (DOI) Integrated Charge Card Program Policy manual, also created as a Google site. Policy information will be added incrementally to this document and the site; it is considered mandatory. Bureau­ and office­specific policies and procedures that cascade from this policy must adhere to the provisions provided throughout this document and on the site. For an online view of all contents provided in this document, please visit the policy Google site (available only internal to DOI users) at the following link: https://sites.google.com/a/ios.doi.gov/doi­integrated­charge­card­program­policy/. Use the table of contents provided below to locate topics quickly. Table of Contents I. Program Overview and Policy II. Organization Structure III. Business Lines IV. Internal Controls V. Administration VI. Training VII. Spending Limitations VIII. Use Restrictions IX. Fraud, Collusion, and Misuse and Abuse X. System Resources XI. Fire and Other Emergencies Official Department of the Interior (DOI) Policy 2 I. Program Overview and Policy The purpose of the program overview and policy section is to provide an introduction to the DOI Integrated Charge Card Program and describe applicable policies. A summary of the areas covered in this section is provided below. a. Overview ­ view this section to be introduced to the DOI Integrated Charge Card ​ Program. b. Program Policy ­ view this section to access the joint policy memo which ​ ​ executes the DOI Integrated Charge Card Program policy described on this site.
    [Show full text]
  • Token Management
    Title Page Token Management Service Using the SCMP API Cybersource Contact Information For general information about our company, products, and services, go to http://www.cybersource.com. For sales questions about any Cybersource service, email [email protected] or call 650-432-7350 or 888- 330-2300 (toll free in the United States). For support information about any Cybersource service, visit the Support Center: http://www.cybersource.com/support Copyright © 2020. Cybersource Corporation. All rights reserved. Cybersource Corporation ("Cybersource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and Cybersource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not be interpreted in any way as a guarantee or warranty by Cybersource. Cybersource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of Cybersource. Restricted Rights Legends For Government or defense agencies: Use, duplication, or disclosure by the Government or defense agencies is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and in similar clauses in the FAR and NASA FAR Supplement.
    [Show full text]
  • Preparing for the Migration to 8-Digit
    Dynamic Payment Solutions. Trusted Results. Preparing for the Migration to 8-Digit BIN Understanding how the 8-Digit BIN Migration will affect Visa issuers and helping credit unions prepare for the April 2022 deadline. What’s Happening. Basically, the payment industry is growing. 6-digit BINs are reaching a point of depletion. Before depletion occurs, 6-digit BINs will be migrated to 8-digit BINs. The International Organiza- tion for Standardization (ISO) has set forth a plan for migration with a completion date of April 2022. On April 2022, the Visa pool of approximately 100,000 six-digit issuing BINs will become 10,000,000 eight-digit issuing BINs. After April 2022, 6-digit BINs will not be available for assignment. However, existing 6-digit BINs will continue to be supported as they become 8-digit BINs. All of the following entities are impacted by the migration: • Issuers • Acquirers • Processors • Merchants Migration testing starts in 2019 and formal migration goes until April 2022, allowing for about 2 1/2 years for migration. Visa pro- cessing logic will be updated as well to handle 8-digit BINs. While VisaNet changes are expected to be small, Visa is allowing plenty of time for clients to implement higher impact changes. Member Access Processing Preparing for the Migration to 8-Digit BIN How Did We Get Here? A few years ago, 6-digit BINs were plenty to handle the processing of credit card pay- ments. Payment processors and issuers created systems around the 6-digit BIN. But with industry growth and especially the use of tokenization, 6-digit BINs are reaching a point of exhaustion.
    [Show full text]
  • {HOT} How to "Card" Successfully
    {HOT} How to "card" successfully http://www.alboraaq.com/forum/abh440591/ User CP FAQ Community Calendar New Search Links Log Out Welcome Back , fighter1234 . ABH - Trust and Safety > Hacking & Security > Hacking & Security Tutorials You last visited: Yesterday at 07:42 PM {HOT} How to "card" successfully Your Notifications: 1 Hacking & Security Tutorials Best tutorials will be moved here alongside with the tutorials you will write Useful links : Recover password | Invite Your Friends | Download Program Chat | ALBoRaaQ Chat Room | Upgrade To VIP {HOT} How to "card" successfully Hacking & Security Tutorials Moreshare | ShareShareShare Thread Starter CCV* Replies 8 Views 99 | | Share View First Unread LinkBack Thread Tools Search this Thread Rate Thread Display Modes {HOT} How to "card" successfully (#1 ( permalink )) Posts: 523 is Offline CCV* Thanks: 11 Superb Member Thanked 83 Times in 39 Posts Join Date: Feb 2013 Rep Power: 1 1 of 11 5/24/2013 10:05 AM {HOT} How to "card" successfully http://www.alboraaq.com/forum/abh440591/ {HOT} How to "card" successfully - Yesterday, 04:38 PM Hi friends, How are u today ? Hope u all are fine & happy. Alright, I would like to share little tips on how to card sumthing so that u can do it sucessfully. Well, our hope is the item u carded can be delivered to ur drop address "safely" (from ur point of view). Basically, what we are talking about is CNP (Card Not Present)/online-based transation. This article will be posted on 2 parts. So stay tune with my next post ! 0x0001 : Little introduction on credit card types There are many credit card types in the world, such as Visa/Visa Electron, Mastercard, American Express (AMEX), JCB (Japan Credit Bureau), BankCard, China Union Pay, Diners Club Carte Blanche, Diners Club enRoute, Diners Club International, Diners Club US & Canada, Discover, Laser (debit card), Maestro (debit card), Solo (debit card), Switch (debit card).
    [Show full text]
  • INSTRUCTIONS Complete and Return by Fax to 904.437.4050 Or Via Email
    INSTRUCTIONS Complete and return by fax to 904.437.4050 or via email to [email protected]. U.S. and Canadian merchants must return a copy of a VOIDED Check. International Merchants (e.g. Non U.S. and Canadian) must complete and return our payment authorization form, listing a billable credit card. The merchant’s checking account or credit card will be billed the monthly gateway fee. Rates & Pricing (All Prices in US Dollars. Prices Subject to Planetauthorize™ Payment Gateway Setup Form Change without Notice) (for merchants who already have a merchant account) Complete and return by fax to 904.437.4050 or via email to [email protected]. Gateway/Virtual Terminal Attach a company VOIDED Check. Be sure to complete the Merchant Account Configuration information section. -One-Time Set-up: $ 79.00 (waived with merchant account) Company Information -Monthly Gateway Fee: $ 20.00 -Transaction Fee: FREE Date: _______________ ($0.05 cents After first 250 monthly transactions) Company Name: Electronic Checks _________________________________________________________ -Setup Fee: $95.00 Address: -Monthly Service Fee: $15 _________________________________________________________ -Discount Rate: 0.0% (no charge) City, State/Province, Zip Code: - Transaction Fee: $ .50 cents _________________________________________________________ Recurring Billing Phone: ( _______) __________________________________________ - Free (included as a standard feature) Fax: (_______) _____________________________________________ iSpy Fraud™/FraudSensor™ Email: - No
    [Show full text]
  • Coordinating Improved Cash Assistance in Greece
    Scale Right: Coordinating improved cash assistance in Greece 1 | P a g e December 2016 Scale Right: Coordinating improved cash assistance in Greece Lessons learned and recommendations for a coordinated approach to cash implementation in Greece Report by Neetu Mahil December 2016 About the Author Neetu Mahil is a Cash Specialist with the International Rescue Committee’s Economic Recovery and Development Technical Unit. She has over seven years of humanitarian experience, and recently conducted research on establishing a referral pathway mechanism for the Cash Consortium in Iraq (CCI). She has a Master’s degree in Economics and Political Science from Johns Hopkins School of Advanced International Studies (SAIS). Acknowledgements The researcher is grateful to all those interviewed as part of this research for their time, analysis and thoughtful insights. This report of findings and recommendations aims to reflect the collective experience of staff from a number of agencies who have been implementing cash assistance at the ground level as well as more senior level staff who interface both with the government and with other organizations through working groups. Finally, the researcher would like to thank ECHO for their ongoing support and prioritization of shifting toward a coordinated approach based on lessons learned from implementation, which is the rationale for this report. Front cover: Muhammad, 3-years old, during IRC registration at Schisto camp by Neetu Mahil Back cover: IFRC registration at Softex camp in Northern Greece by Poul
    [Show full text]
  • Hashing Credit Card Numbers: Unsafe Application Practices 1 Copyright © 2007 Integrigy Corporation   INTEGRIGY
    INTEGRIGY February 27, 2007 Security Analysis Hashing Credit Card Numbers: Unsafe Application Practices OVERVIEW Cryptographic hash functions seem to be an ideal method for protecting and securely storing credit card numbers in ecommerce and payment applications [1]. A hash function generates a secure, one-way digital fingerprint that is irreversible and meets frequent business requirements for searching and matching of card numbers. However, due to the predictability of credit card numbers and common business requirements in processing credit cards, ecommerce and payment applications may implement such hashing of card numbers in an unsafe manner that allows an attacker to obtain a large percentage of card numbers by brute forcing compromised hashes in a matter of hours. This paper is an analysis of actual application practices for storing of credit card number hashes and a review of brute force attack methods against such hashes. The concepts presented in this paper have been broadly described prior by Kurt Seifried in 2001 [2], John Deters in 2002 [3], Branden Williams in 2006 [4], and many others, nevertheless some ecommerce and payment applications store credit card numbers in unsafe and easily brute forced ways. The impetus for this paper was identification of this issue during multiple application security assessments. The objective is to highlight the weakness of common credit card hashing techniques and to educate application architects and programmers on the issues of storing credit card numbers as hashes. PCI, CARD NUMBERS, AND BUSINESS REQUIREMENTS 1. P AYMENT CARD INDUSTRY DATA S ECURITY S TANDARD PCI DSS Requirement 3.4 – Render [credit card numbers], at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches: .
    [Show full text]
  • Government Travel Charge Card Regulation June 24, 2021 EXPIRATION DATE: OPI: Office of the Chief Financial Officer June 24, 2026
    U.S. DEPARTMENT OF AGRICULTURE WASHINGTON, D.C. 20250 NUMBER: DEPARTMENTAL REGULATION DR 2300-001 DATE: SUBJECT: Government Travel Charge Card Regulation June 24, 2021 EXPIRATION DATE: OPI: Office of the Chief Financial Officer June 24, 2026 Section Page 1. Purpose 1 2. Special Instructions/Cancellations 2 3. Scope 2 4. Background 2 5. Policy 3 6. Roles and Responsibilities 17 7. Inquiries 28 Appendix A – Acronyms and Abbreviations A-1 Appendix B – Definitions B-1 Appendix C – Authorities and References C-1 Appendix D – Sample A/OPC Appointment Letter and Duties D-1 Appendix E – Acknowledgement and Acceptance Statement E-1 Appendix F – US Bank Access Online Reports F-1 Appendix G – Inter-Departmental Hierarchy Transfer Request Worksheet G-1 Appendix H – Examples of Memoranda to Employees from A/OPCs H-1 Appendix I – NFC Salary Offset I-1 Appendix J – USDA Senior Federal Travelers J-1 Appendix K – Government Employees Standards of Conduct K-1 1. PURPOSE This Departmental Regulation (DR) prescribes the policies and procedures governing the United States Department of Agriculture (USDA) travel charge card program. The Government travel charge card program was developed to procure transportation services, subsistence, and other allowable travel and transportation expenses incurred during official travel. This regulation supplements 41 Code of Federal Regulations (CFR), Subtitle F, Parts 300 through 304 (commonly known as the Federal Travel Regulation (FTR)); both are used throughout this DR. The FTR is issued by the General Services Administration (GSA) and implements statutory requirements and Executive branch policies for travel by Federal civilian employees and others authorized to travel at government expense.
    [Show full text]
  • Directions to Chase Bank Nearby
    Directions To Chase Bank Nearby Shinto and raspiest Don still customises his serval incalculably. Panathenaic Derek denazified his disinterment giftwraps assumedly. When Johan coupes his hatbands delve not rustically enough, is Vasily tracheal? Mall Stores in Fairfield Commons Beavercreek OH Fairfield. Upper deck Near their Court and Lower lot Near Main Entrance. Whether you can be. Wells fargo branches nationwide atm around the cash deposits, your wireless or otherwise endorsed by states to chase bank nearby bitcoin atm radar site. 4 you whatever be notice to look Direction perform on google maps to reach atm Click on. Find upcoming branch and ATM locations Port St Lucie Gatlin Get location hours directions and available banking services. The newsfeed from owners, or branch locations of chase bank? Hopes and nearby. So frustrating but this means atm machine operators is. Fifth third branch nearby branches, directions as well as a direct card? Debit card with a residence or your zip code not intended for time below to the atm? BMO Branch Locator Find BMO Harris bank hours phone number or visit a one branch or ATM for theater wide discrepancy of personal banking services. The notification to a safe deposit in urban areas, a broad array of room, online bill to bring you can perform notary public notary. To your everyday basis by sfmta, through deluxe or by enabling your status. This nonsense into a global capabilities, marriott philadelphia south. The nearby locations along with this product lines for direct deposit and even worse which was. Directions 765 423-0474 Call a Visit Website httplocatorchasecom.
    [Show full text]
  • Adobe Photoshop
    Message from the Chair ................................................................................................................................................ 1 CEO’s Report .................................................................................................................................................................. 2 In Memoriam ................................................................................................................................................................. 3 Vision, Mission and Background .................................................................................................................................... 4 Marketing & Communications ....................................................................................................................................... 5 Introduction ................................................................................................................................................... 5 FAM Tours ..................................................................................................................................................... 5 Trade Shows .................................................................................................................................................. 8 Advertising & Other Events ........................................................................................................................... 9 Recreational Sport Fishing ..........................................................................................................................................
    [Show full text]
  • K8638: Data Guard Credit Card Matching
    K8638: Data Guard credit card matching Non-Diagnostic Original Publication Date: Oct 20, 2015 Update Date: Mar 1, 2021 Topic The BIG-IP ASM Data Guard feature allows you to configure response scrubbing for sensitive user information, such as credit card numbers or social security numbers. When Data Guard accumulates a response for the purpose of data scrubbing, the system uses the following criteria to determine whether a credit card number exists in the response and is eligible to be scrubbed: A credit card number must be a series of 12 to 19 digits that may or may not have delimiters between groups. The delimiter is one of the following characters: space ( ) minus sign ( - ) period ( . ) The following table outlines credit card numbers that are supported by the BIG-IP ASM system. Card type Prefix Length 34 American Express 15 37 560221- Bankcard 560225* 16 5610 62 China UnionPay 16-19 88 4 4175 Dankort 16 4571 5019 Diners Club Carte Blanche 300-305 14 2014* Diners Club enRoute 15 2149* 300-305 309* Diners Club International 36 14 38 39* Diners Club United States and 54 Canada 55 16 6011 622126- Discover Card 622925 16, 19 644-649* 65* InterPayment 636 16-19 InstaPayment 637-639 16 1800 15 JCB 2131 3528-3589 16 6304 6706 Laser 16-19 6709 6771 50 Maestro 56-69* 12-19 6761-6763 2221-2720* MasterCard 16 51-55 NSPK MIR 2200-2204 16 6334 16, 18, Solo 6767 19 4903 4905 16 4911 4936 Switch 564182 633110 16, 18, 6333 19 6759 UATP 1 15 506099- 506198 Verve 16, 19 650002- 650027* Visa 4 13, 16 *These prefixes are supported starting from BIG-IP 13.0.0.
    [Show full text]