Implementing Electronic Card Payment Systems (Artech House Computer Security Series)

2017-07-07 02:10:07

I

ICC architecture

hardware resources, 239-40

selection criteria, 239-42

software platform, 241-42

ICC emulator, 265

ICC hardware resources, 239-40

choice, 239

cost, 240

See also ICC architecture

ICCs, 9

card application, 67-68

command and response format, 65-66

computer elements, 57-58

contacts, 58

defined, 57

EEPROM space, 261-62

EMV ¢ , 86, 99

EMV ¢ debit/credit transaction, 149, 150

enciphered PIN verification, 192

file system, 60-64

functional requirements, 238

hardware structure, 57

interoperable payment application, 80-90

life cycle, 61

minimal requirements, 231

multiapplication , 242-53

operating rules, 55

PIN encipherment private key, 248

PIN encipherment public key certificate, 135, 249

proprietary payment application, 69-80

public key certificate, 135, 248

public key certificate requirement, 128-29

public key certificate verification, 138-40

signature generation by, 170-72

software architectures, 59

specifications by issuers , 236-39

technology, 56-69

terminal application, 68

ICC software platform, 241-42

cost, 241, 242

Java cards, 242

See also ICC architecture

Impersonation, 27-29, 298-99

cardholder, 364

defined, 364

issuer, 364

See also Communications channel Threats; Threats

Indirect application selection service, 110-12

defined, 110

directory structure and, 110-12

illustrated , 113

implementation, 118

Interface decomposition, 359

INTERNAL AUTHENTICATE command, 263

Interoperable payment application, 80-90

asymmetric cryptographic support, 87-90

BER-TLV encoding, 82-84

command/response formats, 87

customized file system organization, 84-86

overview, 80-82

self-determined encoding, 82-84

solution, 82

See also ICCs

ISO/IEC 7816 standard, 54, 56

Issuer

action codes, 201-2

authentication, 221-22, 368

authentication error, 276, 283-84

business contexts, 257-58

in counterfeit transactions, 235

CVM List criteria, 270

defined, 14

fallback requirements, 232

in fraudulent transactions, 235-36

host (IH), 37

ICC specifications, 236-39

impersonation, 364

in message flows, 41-45

multiapplication ICC restrictions, 246

node (IN), 37

public key, 131

public key certificate, 135

public key certificate requirement, 127-28

public key certificate verification, 136-38

script processing error, 277

security policy, 202-3

in signed static application data, 140-41

Issuer business case, 253-55

financial service availability, 253-54

operational cost reduction, 255

security improvement, 254-55

Issuer scripts, 222-25

post-issuance commands, 225

templates processing, 222-24

See also EMV ¢ debit/credit

Категории

Search