Implementing Electronic Card Payment Systems (Artech House Computer Security Series)

Chapter 2: Payment Card Processing

Figure 2.1: Payment card processing things one can see.

Figure 2.2: Network and back-office processing of payment card transactions.

Figure 2.3: Roles involved in payment card processing.

Figure 2.4: Payment network topology.

Figure 2.5: On-line transaction in a dual message network with on-line clearing.

Figure 2.6: On-line transaction in a dual message network with off-line clearing.

Figure 2.7: On-line transaction in a single message network.

Figure 2.8: Off-line transaction in a single message network with on-line clearing.

Figure 2.9: Off-line transaction in a dual message network with off-line clearing.

Chapter 3: Chip Migration

Figure 3.1: Hardware structure of the single-chip computer in the card.

Figure 3.2: Two software architectures for chip cards.

Figure 3.3: The organization of the card's file system.

Figure 3.4: Four types of elementary file data structures.

Figure 3.5: Command/ response pair (C-APDU/ R-APDU).

Figure 3.6: Terminal application and card application in a client server configuration.

Figure 3.7: Mapping of data objects into the card's file system.

Figure 3.8: Computation of the dynamic authenticator.

Figure 3.9: Verification of the dynamic authenticator.

Figure 3.10: EMV mapping of data objects in elementary files.

Figure 3.11: File system in an EMV card.

Figure 3.12: Variable command data input with DOL mechanism.

Chapter 4: EMV Compliant Data Organization

Figure 4.1: The EMV protocol stack and its mapping to EMV 2000 .

Figure 4.2: Recursive representation of constructed data objects.

Figure 4.3: FCI of an ADF.

Figure 4.4: Example of a PDOL encoding.

Figure 4.5: Partial name selection mechanism.

Figure 4.6: Example of an AEF Data Template in a directory file.

Figure 4.7: FCI of a DDF.

Figure 4.8: Directory structure and indirect application selection service.

Figure 4.9: FCI of the PSE.

Chapter 5: EMV Certificates

Figure 5.1: EMV certification chain.

Chapter 6: Debit and Credit with EMV

Figure 6.1: Interchange between the ICC and the terminal for an EMV debit/credit transaction.

Figure 6.2: Payment network processing of an EMV debit/credit transaction.

Figure 6.3: Initiate application processing.

Figure 6.4: Read application data.

Figure 6.5: Overview of the off-line SDA.

Figure 6.6: Overview of the off-line DDA.

Figure 6.7: Overview of the enciphered PIN verification performed by ICC.

Figure 6.8: Biased selection function for on-line authorization.

Chapter 7: EMV Chip Migration Issues

Figure 7.1: Definition of the issuer ICC specification.

Figure 7.2: Allocation tables for card applications.

Figure 7.3: Card layout with EMV debit/credit and other functionality.

Figure 7.4: Card file structure corresponding to the proposed layout.

Figure 7.5: CRM system from the input/output perspective.

Chapter 8: Remote Card Payments and EMV

Figure 8.1: Payment card processing in remote transactions.

Figure 8.2: Internet protocol suite.

Figure 8.3: Overview of the TLS handshake protocol.

Figure 8.4: SET model for remote card payments.

Figure 8.5: SET certification hierarchy.

Figure 8.6: Establishment of a SET channel.

Figure 8.7: Remote transaction with SET payment method.

Figure 8.8: SET functional components .

Figure 8.9: Wallet server in remote payment card processing.

Figure 8.10: SET transaction flow in the thin client architecture.

Figure 8.11: Transaction flow of the chip electronic commerce.

Appendix A: Security Framework

Figure A.1: Definition of a security framework.

Appendix B: Generic Security Threats

Figure B.1: Communication channel wiretapping.

Appendix C: Security Services

Figure C.1: Generic communication protocol stack.

Appendix D: Security Mechanisms

Figure D.1: Unified model for symmetric and asymmetric encryption systems.

Figure D.2: Secret key wrapping.

Figure D.3: Data authentication using a MAC.

Figure D.4: Ordinary signing protocol.

Figure D.5: PIN encrypted with a public key cryptosystem.

Appendix G: E-Commerce and M-Commerce Related Technologies

Figure G.1: Payment card processing in remote transactions.

Figure G.2: Browsing/ ordering channel over the Internet.

Figure G.3: Browsing/ ordering WAP channel over the GSM network.