The Research And Design For Authentication On EMV

With the increasing of criminality in the bank card, Europay International, MasterCard International and Visa International jointly sponsor the global standard for electronic financial transactions in 1994. EMV is the industry abbreviation for the consortium of the three companies. Its specifications are based on the ISO7816 standards and have been enhanced by EMVCo for particular requirements of debit and credit cards. Now EMV has been the internationally recognized standards for chip payment cards. Visa and MasterCard encourage companies to migrate the payment cards from magnetic card to smart card. They draft a time-table to upgrade POS terminal and ATM terminal. China will adopt the EMV standard from Jan.l 2006. However, chip migration does not just mean to embed a chip to a card, it also includes the work to change the interrelated system, especially to design a safe and valid system for smart card's PIN verification.After introducing the definition of smart card, which is very important to authentication, this paper compares four existing types of authentication, and then draws the conclusion that it is better to use the two factors authentication in the finance system. Then this paper focuses on the following two aspects, one is the specification on EMV2004, and the other is authentication. It especially analyzes the request of security on EMV in detail, and emphasizes the following four parts: key management, themethod which derives the applied key from smart card, security mechanism for smart card and the request of security for terminal. Besides, this paper explains the format of secure message in transmission, external authentication and internal authentication. Furthermore, it studies the correlative algorithms for authentication, such as DES, RSA, SHA, PKI etc., analyses the security of these algorithms and makes some improvement so that they can be adapted to our design.With the researches above, this paper applies DUKPT to the process of authentication, and designs a security scheme for data transmission based on the PKI architecture. With the help of the scheme, the authentication is done not only according to the secure request of EMV, but also regarding to the cost. It also realizes the main embedded system, the smart card reader and the communication interface to connect different embedded systems.The paper has two innovations. One is the scheme of authentication in the finance system which combines DUKPT technique and PKI architecture together. The other innovation is the design of Encrypted PIN Pad (EPP). In order to comply with the PCI standard drafted by Visa and MasterCard, this paper designs the PIN Pad with many new features. For example, the PIN Pad uses tamper detection and response mechanisms, a new way to protect PIN Pad from drills, lasers, chemical solvents, opening covers, splitting the casing and using ventilation openings. The test of the PIN Pad proves that it has reached the PCI standard.At last, this paper summarizes the problems in the research and design for Authentication on EMV and gives the corresponding resolutions. Then it expects the promisingforeground of EMV.