Implementing Electronic Card Payment Systems (Artech House Computer Security Series)

2017-07-07 02:10:07

S

SDA

MAC-based, 392

off-line, 162-65

processing error, 275

signature-based, 393

See also Security mechanisms

Secret key wrapping, 376

Secure Hash Algorithm, 378

Secure messaging for confidentiality, 367

Secure socket layer (SSL), 5, 6, 26

Security, 24-34

application layer protocols, 306

CAM, 263-67

improved, 254-55

IP, 305

protection, in transaction profile, 76

remote card payment, 295-306

SET vs. TLS, 332-33

terminal cost and, 80

threats, 296-300

track 3

parameters, 23-24

transport layer (TLS), 26, 305-6

Security application module (SAM), 76

dynamic authenticator verification, 79

as issuer's remote agent, 78

support of, 78

Security framework, 359-61

cryptographic primitives, 360-61

illustrated , 359

interface decomposition, 359

security mechanisms, 360

security services, 360

threat analysis, 360

Security mechanisms, 360, 373-97

cardholder verification mechanisms, 387-92

cryptographic hash functions, 376-80

DDA mechanisms, 394-97

digital signature schemes, 380

encryption, 373-76

MDC, 377-79

public key certificates, 384-87

SDA mechanisms, 392-93

See also Security; Security framework

Security policies, 201-3

acquirer, 203

issuer, 202

Security politics, 233-36

defined, 233

in policy determination, 234

See also EMV ¢ regulatory framework

Security services, 300-304, 367-71

access control, 369

anonymity, 300-302

authenticode, 302

cardholder non- repudiation , 303-4, 369

confidentiality, 301, 367

data authentication, 301-2, 369

entity authentication (ES), 302-3, 367-68

realization, 304-6, 370-71

with secure channel, 370

with secure communications over insecure channel, 370-71

in security framework, 360

tamper resistance, 369

timeliness, 369

See also Remote card payment security

SELECT command, 104-6, 119, 120, 121

SET, 6

acceptability, 333-35

authentic and/or confidential channel, 317-19

certification authority, 313-15

channel establishment, 319

competitiveness , 336

data authentication, 320

digital certificates, 311

dual signatures, 321-22

entity authentication, 320

functional components , 335

infrastructure, 6

installing, registering, running, 334

model, 311

model illustration, 312

non-repudiation, 321

payment authorization, 323, 328-31

payment capture, 323-24, 331-32

payment method, 322-32

payments, 291-92

payment scheme setup, 311-15

public key certificates, 312-13

purchase processing, 323, 324-28

registration of participants , 315-16

remote transaction overview, 322-24

secure, channel, 317-21

security, 332-33

security comparison, 333

thin client architecture, 338-40

TLS vs., 336-40

See also Remote card payments

Settlement

defined, 49

institution, 15

organizations, 49

SHA-1 algorithm, 378

Sharable data objects, 250-51

defined, 250

mapping, 251

See also Data objects

Short Message Service (SMS), 420, 421

Signature-based SDA mechanism, 393

Signature generation

with digital signature with recovery, 411-12

with PKCS#1, 414-15

Signature verification

with digital signature with recovery, 412-13

with PKCS#1, 415

Signed static application data, 140-45

AFL, 141-42

defined, 125

generating, 143-44

issuing, 140-44

static data creation, 142-43

verification, 144-45

See also EMV ¢ certificates

Signing procedure, 381

Single message network, 44

Sniffing, 296-97

Static authenticator, 30-31

Static card authentication, 368

Static data authentication, 89

Subscriber Identity Module (SIM), 420

Application Toolkit (STK), 420, 421

defined, 420

Subsidiary account numbers (SANs), 22

Symmetric enciphered PIN verification, 389

Symmetric encryption, 374-75

Symmetric key cryptography, 76-80

System trace audit number (STAN), 35

Категории

Search