e-EMV

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

e-EMV: emulating EMV for internet payments with trusted computing technologies

Full text

Pdf (351 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 3rd ACM workshop on Scalable trusted computing table of contents

Alexandria, Virginia, USA

SESSION: Applications of trusted computing table of contents

Pages: 81-92

Year of Publication: 2008

ISBN:978-1-60558-295-5

Authors

Shane Balfe	Royal Holloway, University of London, Egham, United Kingdom
Kenneth G. Paterson	Royal Holloway, University of London, Egham, United Kingdom

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 16, Downloads (12 Months): 124, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456455.1456468 What is a DOI?

ABSTRACT

This paper shows how the functionality associated with EMV-compliant payment cards can be securely emulated in software on platforms supporting Trusted Computing technology. We describe a detailed system architecture encompassing user enrolment, card deployment (in the form of software), card activation, and subsequent transaction processing. Our proposal is compatible with the existing EMV transaction processing architecture, and thus integrates fully and naturally with already deployed EMV infrastructure. We show that our proposal, which effectively makes available the full security of PoS transactions for Internet-based CNP transactions, has the potential to significantly reduce the opportunity for fraudulent CNP transactions.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Abadi and T. Wobber. A Logical Account of NGSCB. In Proceedings of the 24th International Conference on Formal Techniques for Networked and Distributed Systems, volume 3235 of LNCS, pages 1--12. Springer Verlag, 2004.
	2	M. Al--Meaither and C. J. Mitchell. Extending EMV to Support Murabaha Transactions. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pages 95--108. NTNU, 2003.
	3	A. Alsaid and C. J. Mitchell. Preventing Phishing Attacks Using Trusted Computing Technology. In Proceedings of the 6th International Network Conference, pages 221--228, 2006.
	4	AMD. AMD64 architecture programmer's manual: Volume 2: System programming, AMD Publication no. 24594 rev. 3.11 edition, 2006.
	5	APACS. Card Fraud Losses Continue to Fall. http://www.apacs.org.uk/, March 2007.
	6	APACS. Card Fraud The Facts 2007. http://www.apacs.org.uk/, April 2007.
	7	Boris Balacheff , David Chan , Liqun Chen , Siani Pearson , Graeme Proudler, Securing intelligent adjuncts using trusted computing platform technology, Proceedings of the fourth working conference on smart card research and advanced applications on Smart card research and advanced applications, p.177-195, February 2001, Bristol, United Kingdom
	8	S. Balfe, A.D. Lakhani, and K.G. Paterson. Securing Peer-to-Peer networks using Trusted Computing. In C.J. Mitchell, editor, Trusted Computing, pages 271--298. IEE Press, 2005.
	9	S. Balfe and K.G. Paterson. Augmenting Internet-based Card Not Present Transactions with Trusted Computing: An Analysis. Technical report, Technical report RHUL-MA-2006-9-v2, (Department of Mathematics, Royal Holloway, University of London). http://www.rhul.ac.uk/mathematics/techreports.
	10	Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	11	Ernie Brickell , Jan Camenisch , Liqun Chen, Direct anonymous attestation, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030103]
	12	PCI Security Standards Council. Payment Card Industry Data Security Standard -- Version 1.1. https://www.pcisecuritystandards.org/, 2006.
	13	Rachna Dhamija , J. D. Tygar , Marti Hearst, Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada [doi>10.1145/1124772.1124861]
	14	EMVCo. Book 3 -- Application Specification, 4.0 edition, December 2000.
	15	EMVCo. EMV Specifications Version 4.1. http://www.emvco.com, June 2004.
	16	Sebastian Gajek , Ahmad-Reza Sadeghi , Christian Stuble , Marcel Winandy, Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing, Proceedings of the The Second International Conference on Availability, Reliability and Security, p.120-127, April 10-13, 2007 [doi>10.1109/ARES.2007.59]
	17	Eimear Gallery , Allan Tomlinson, Conditional Access in Mobile Systems: Securing the Application, Proceedings of the First International Conference on Distributed Frameworks for Multimedia Applications, p.190-197, February 06-09, 2005 [doi>10.1109/DFMA.2005.17]
	18	Yacine Gasmi , Ahmad-Reza Sadeghi , Patrick Stewin , Martin Unger , N. Asokan, Beyond secure channels, Proceedings of the 2007 ACM workshop on Scalable trusted computing, November 02-02, 2007, Alexandria, Virginia, USA [doi>10.1145/1314354.1314363]
	19	D. Grawrock. The Intel Safer Computer Initiative: Building Blocks for Trusted Computing, chapter Protected Input and Output, pages 143--164. Intel Press, 2006.
	20	Vivek Haldar , Deepak Chandra , Michael Franz, Semantic remote attestation: a virtual machine directed approach to trusted computing, Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, p.3-3, May 06-07, 2004, San Jose, California
	21	Els Van Herreweghen , Uta Wille, Risks and potentials of using EMV for internet payments, Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p.18-18, May 10-11, 1999, Chicago, Illinois
	22	IBM-Global-Services. IBM Global Business Security Index Report, February 2005.
	23	Intel-Corporation. LaGrande Technology Preliminary Architecture Specification, Intel Publication no. D52212 edition, May 2006.
	24	C. Jackson, D. Boneh, and J. Mitchell. Attack of the transaction generators. http://crypto.stanford.edu/SpyBlock/spyblock.pdf.
	25	Vorapranee Khu-smith , Chris J. Mitchell, Using EMV Cards to Protect E-commerce Transactions, Proceedings of the Third International Conference on E-Commerce and Web Technologies, p.388-399, September 02-06, 2002
	26	Jonathan M. McCune , Bryan Parno , Adrian Perrig , Michael K. Reiter , Arvind Seshadri, Minimal TCB Code Execution, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.267-272, May 20-23, 2007 [doi>10.1109/SP.2007.27]
	27	P. Meadowcroft. Combating card fraud. http://www.scmagazine.com/uk/news/article/459478/combatingcardfraud/, January 2005.
	28	Chris Mitchell, Trusted Computing (Professional Applications of Computing) (Professional Applications of Computing), IEEE Press, Piscataway, NJ, 2005
	29	Cristian Radu, Implementing Electronic Card Payment Systems, Artech House, Inc., Norwood, MA, 2002
	30	Ahmad-Reza Sadeghi , Marcel Selhorst , Christian Stüble , Christian Wachsmann , Marcel Winandy, TCG inside?: a note on TPM specification compliance, Proceedings of the first ACM workshop on Scalable trusted computing, November 03-03, 2006, Alexandria, Virginia, USA [doi>10.1145/1179474.1179487]
	31	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada [doi>10.1145/1065907.1066038]
	32	A--R. Sadeghi, C. Stüble, and N. Pohlmann. European Multilateral Secure Computing Base: Open Trusted Computing for You and Me. http://www.prosec.rub.de/, 2004.
	33	U.S. Securities and Exchange Commission. Form 10-K -- The TJX Companies, INC. http://www.sec.gov/, 2007.
	34	Arvind Seshadri , Mark Luk , Ning Qu , Adrian Perrig, SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA
	35	SETCo. SET Secure Electronic Transaction 1.0 Specification -- The Formal Protocol Definition, May 1997.
	36	Elaine Shi , Adrian Perrig , Leendert Van Doorn, BIND: A Fine-Grained Attestation Service for Secure Distributed Systems, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.154-168, May 08-11, 2005 [doi>10.1109/SP.2005.4]
	37	TCG. Trusted computing: Opportunities and challenges. https://www.trustedcomputinggroup.org/downloads/tcgpresentations/, 2004.
	38	TCG. Interoperability Specification for Backup and Migration Services, 1.0 revision 1.0 edition, 2005.
	39	TCG. TCG Specification Architecture Overview Revision 1.2, 1.2 revision 93 edition, 2006.
	40	TCG. TCG Mobile Trusted Module Specification, 1.0 revision 1 edition, 2007.
	41	TCG. TPM Main: Parts 1-3: Design Principles, Structures and Commands, 1.2 revision 103 edition, 2007.
	42	The Sunday Times. Don't Use Cards at Petrol Stations. http://business.timesonline.co.uk/, Febuary 18 2007.
	43	Visa. 3-D Secure Protocol Specification: System Overview. http://international.visa.com/fb/paytech/secure/main.jsp, May 2003.
	44	Visa. CISP -- List of Validated Payment Applications. http://usa.visa.com/merchants/, October 2007.
	45	Visa. CISP Bulletin 102307 -- Visa Announces New Payment Application Security Mandates. http://usa.visa.com/merchants/, October 2007.