Scribd Logo
Upload

Welcome to Scribd!

  • 415 views

    EMV Key Managment AC ENC MAC

    Uploaded by

    jhon jairo rojas suarez
    This document discusses the importance of key management for EMV payments. It outlines the core functions of a key management system, including generating, importing, exporting, distributing, and protecting keys. It also explains how different key types are used for online and offline authentication, dynamic cryptograms, digital signatures, and more. The document emphasizes that keys are vital to EMV security and that maximizing key security is important. It also discusses considerations for key distribution, transportation, and management evolution over time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    EMV Key Managment AC ENC MAC

    Uploaded by

    jhon jairo rojas suarez
    415 views21 pages
    This document discusses the importance of key management for EMV payments. It outlines the core functions of a key management system, including generating, importing, exporting, distributing, and protecting keys. It also explains how different key types are used for online and offline authentication, dynamic cryptograms, digital signatures, and more. The document emphasizes that keys are vital to EMV security and that maximizing key security is important. It also discusses considerations for key distribution, transportation, and management evolution over time.

    Original Description:

    Original Title

    EMV Key managment AC ENC MAC

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses the importance of key management for EMV payments. It outlines the core functions of a key management system, including generating, importing, exporting, distributing, and protecting keys. It also explains how different key types are used for online and offline authentication, dynamic cryptograms, digital signatures, and more. The document emphasizes that keys are vital to EMV security and that maximizing key security is important. It also discusses considerations for key distribution, transportation, and management evolution over time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    415 views21 pages

    EMV Key Managment AC ENC MAC

    Uploaded by

    jhon jairo rojas suarez
    This document discusses the importance of key management for EMV payments. It outlines the core functions of a key management system, including generating, importing, exporting, distributing, and protecting keys. It also explains how different key types are used for online and offline authentication, dynamic cryptograms, digital signatures, and more. The document emphasizes that keys are vital to EMV security and that maximizing key security is important. It also discusses considerations for key distribution, transportation, and management evolution over time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 21

    EMV Key Management

    Why Should You Care?


    Guy Berg
    Global Industry Consultant
    Advanced Payment Technologies
    Datacard Group
    651.354.6808
    Guy_berg@datacard.com

    Datacard Confidential
    What Do these Operations have in Common?

    On-line Authentication
    Key Management

    Dynamic Cryptogram Digital Signatures

    Cryptography Dynamic Data


    Authentication

    Data Security Off-line


    Authentication

    Tokenization

    Datacard Confidential 2
    What is Key Management?

    •  Key Management System Core Functions


    –  Generating Keys
    –  Importing Keys
    –  Exporting keys
    –  Distributing keys
    –  Protecting keys

    Datacard Confidential 3
    On-line Authentication Key

    Dynamic Cryptogram

    Payment Acquirer
    Brand

    Dynamic Cryptogram
    ARQC

    Issuer

    Shared Key

    Datacard Confidential 4
    On-line Authentication Keys

    Dynamic Cryptogram

    Payment Acquirer
    Brand

    Product 1 Key 1
    Product 2 Key 2
    Product 3 Key 3
    Product 4 Key 4
    Product 5 Key 5
    Product 6 Key 6
    Issuer Product….. Key ……

    Datacard Confidential 5
    Off-line Authentication Keys and Certificates
    Public MC V AM D JCB

    Certificate
    Authority
    Private

    Cert
    Payment Acquirer
    Brand MC V AM D JCB

    Public Private

    Issuer Public Key


    Certificate

    Issuer

    Datacard Confidential 6
    EMV Post Issuance Keys
    •  Updating EMV data on already issued cards
    •  EMV Scripts

    Payment Acquirer
    Brand

    MDK Encryption Key

    MDK MAC Key

    MDK AC Key

    Datacard Confidential 7
    EMV Post Issuance Keys
    •  Updating EMV data on already issued cards
    •  EMV Card Update Scripts

    Payment Acquirer
    Brand

    Product 1 Key set 1


    MDK Encryption Key
    Product 2 Key set 2
    MDK MAC Key
    Product 3 Key set 3
    MDK AC Key Product 4 Key set 4
    Product 5 Key set 5
    Product 6 Key set 6
    Product….. Key ……

    Datacard Confidential 8
    Smart Card Inventory Security
    Transport Keys

    Datacard Confidential 9
    Why is Key Management Important?

    Keys are the Heart of


    EMV Protection

    Maximizing key security


    is vital to EMV

    Datacard Confidential 10
    Who Has to Manage EMV Keys

    •  Payment Brand
    •  Issuers
    •  Issuer Authorization Processors
    •  Issuer Card Personalization Bureaus
    •  Acquirers

    Datacard Confidential 11
    Key Distribution
    Key type Auth EMV Script CMS Data Perso / Service Provider /
    System Generator Prep Bureau VISA NET
    PVK/ Key ü ü ü
    MDKac ü ü ü ü
    MDKenc ü ü
    MDKmac ü ü
    MDKidn ü ü ü
    MDKicvv ü ü ü
    KEK ü ü
    ZMK ü ü ü

    Datacard Confidential
    Key Transportation
    Key Ceremony

    Datacard Confidential 13
    Keys Transport using KEKs

    Shared Key Shared Key


    Encrypting Key Encrypting Key

    Shared Key

    Datacard Confidential 14
    EMV Key Exchanges

    Product 1 Issuer
    Product 1
    Product 2
    Product 1
    Product 3 Product 1

    Product 4 Product 1

    Product 1
    Product 5
    Product 1
    Product …..
    Product …

    Issuer service Authorization


    bureau processor

    Datacard Confidential 15
    Key Management Evolution
    Step 1: PIN Key Management
    Step 2: PCI Data Security Compliance
    Step 3: EMV Key Management

    •  Only used for EMV cards and PINs


    •  Key requirements were not well
    understood
    •  Tools were in an embryonic state
    •  Few people had key management
    knowledge

    Datacard Confidential 16
    Key Management Evolution Continues…..

    SE
    Issuer 1
    TSM

    Issuer 1

    Issuer 1
    TSM SE

    Issuer 1

    Issuer 1
    TSM
    SE
    Issuer 1

    Datacard Confidential 17
    Continue to Evolve

    Issuer 1

    Issuer 1
    Virtual
    Issuer 1 Cards or
    Wallets

    Issuer 1

    Issuer 1

    Issuer 1

    Datacard Confidential 18
    Key Management Evolution

    Datacard Confidential 19
    Key Management Considerations
    •  Tactical EMV Migration Questions
    –  Where will keys be generated?
    –  How often will keys be changed over time?
    –  What will be the process for rolling over keys?
    –  How will you transport keys to each location?
    •  One at a time in components?
    •  Encrypted under a KEK (Key Encrypting Key)
    –  How will you assure the key security through the complete
    issuance process?
    •  What are your future plans for Key Management

    Datacard Confidential 20
    EMV Key Management
    Why Should You Care?
    Guy R. Berg
    Global Industry Consultant
    Datacard Group
    651.354.6808
    Guy_berg@datacard.com

    Datacard Confidential

    You might also like