1. Datacard Confidential
EMV Key Management
Why Should You Care?
Guy Berg
Global Industry Consultant
Advanced Payment Technologies
Datacard Group
651.354.6808
Guy_berg@datacard.com
2. Datacard Confidential 2
What Do these Operations have in Common?
Dynamic Cryptogram
Dynamic Data
Authentication
Digital Signatures
Tokenization
On-line Authentication
Off-line
Authentication
Cryptography
Data Security
Key Management
3. Datacard Confidential 3
• Key Management System Core Functions
– Generating Keys
– Importing Keys
– Exporting keys
– Distributing keys
– Protecting keys
What is Key Management?
6. Datacard Confidential 6
Off-line Authentication Keys and Certificates
Payment
Brand
Acquirer
JCBMC V DAM
Certificate
Authority
PrivatePublic
Issuer Public Key
Certificate
Issuer
Public
Private
JCBMC V DAM
Cert
7. Datacard Confidential 7
• Updating EMV data on already issued cards
• EMV Scripts
EMV Post Issuance Keys
Payment
Brand
Acquirer
MDK Encryption Key
MDK MAC Key
MDK AC Key
8. Datacard Confidential 8
• Updating EMV data on already issued cards
• EMV Card Update Scripts
EMV Post Issuance Keys
Payment
Brand
Acquirer
MDK Encryption Key
MDK MAC Key
MDK AC Key
Product 1 Key set 1
Product 2 Key set 2
Product 3 Key set 3
Product 4 Key set 4
Product 5 Key set 5
Product 6 Key set 6
Product….. Key ……
16. Datacard Confidential 16
Key Management Evolution
• Only used for EMV cards and PINs
• Key requirements were not well
understood
• Tools were in an embryonic state
• Few people had key management
knowledge
Step 1: PIN Key Management
Step 2: PCI Data Security Compliance
Step 3: EMV Key Management
17. Datacard Confidential 17
Key Management Evolution Continues…..
SE
SE
SE
TSM
Issuer 1
Issuer 1
Issuer 1
Issuer 1
Issuer 1
Issuer 1
TSM
TSM
20. Datacard Confidential 20
• Tactical EMV Migration Questions
– Where will keys be generated?
– How often will keys be changed over time?
– What will be the process for rolling over keys?
– How will you transport keys to each location?
• One at a time in components?
• Encrypted under a KEK (Key Encrypting Key)
– How will you assure the key security through the complete
issuance process?
• What are your future plans for Key Management
Key Management Considerations
21. Datacard Confidential
EMV Key Management
Why Should You Care?
Guy R. Berg
Global Industry Consultant
Datacard Group
651.354.6808
Guy_berg@datacard.com