Research Article
Building General-Purpose Security Services on EMV Payment Cards
@INPROCEEDINGS{10.1007/978-3-642-36883-7_3, author={Chunhua Chen and Shaohua Tang and Chris Mitchell}, title={Building General-Purpose Security Services on EMV Payment Cards}, proceedings={Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2013}, month={2}, keywords={GAA EMV key establishment security service}, doi={10.1007/978-3-642-36883-7_3} }- Chunhua Chen
Shaohua Tang
Chris Mitchell
Year: 2013
Building General-Purpose Security Services on EMV Payment Cards
SECURECOMM
Springer
DOI: 10.1007/978-3-642-36883-7_3
Abstract
The Generic Authentication Architecture (GAA) is a standardised extension to the mobile telephony security infrastructures that supports the provision of security services to network applications. We have proposed a generalised version of GAA which enables almost any pre-existing infrastructure to be used as the basis for the provision of generic security services, and have examined a GAA instantiation supported by Trusted Computing. In this paper we study another instantiation of GAA, this time building on the widely deployed EMV security infrastructure. This enables the existing EMV infrastructure to be used as the basis of a general-purpose authenticated key establishment service in a simple and uniform way, and also provides an opportunity for EMV-aware third parties to provide novel security services. We also discuss possible applications and issues of privacy and trust.