SlideShare une entreprise Scribd logo

Ep22 berg

A
alirezafiroozian

EMV Key Managment

Ingénierie
1  sur  21
Télécharger pour lire hors ligne
Datacard Confidential EMV Key Management Why Should You Care? Guy Berg Global Industry Consultant Advanced Payment Technologies Datacard Group 651.354.6808 Guy_berg@datacard.com
Datacard Confidential 2 What Do these Operations have in Common? Dynamic Cryptogram Dynamic Data Authentication Digital Signatures Tokenization On-line Authentication Off-line Authentication Cryptography Data Security Key Management
Datacard Confidential 3 •  Key Management System Core Functions –  Generating Keys –  Importing Keys –  Exporting keys –  Distributing keys –  Protecting keys What is Key Management?
Datacard Confidential 4 On-line Authentication Key Payment Brand Acquirer Dynamic Cryptogram Dynamic Cryptogram ARQC Issuer Shared Key
Datacard Confidential 5 On-line Authentication Keys Payment Brand Acquirer Dynamic Cryptogram Product 1 Key 1 Product 2 Key 2 Product 3 Key 3 Product 4 Key 4 Product 5 Key 5 Product 6 Key 6 Product….. Key ……Issuer
Datacard Confidential 6 Off-line Authentication Keys and Certificates Payment Brand Acquirer JCBMC V DAM Certificate Authority PrivatePublic Issuer Public Key Certificate Issuer Public Private JCBMC V DAM Cert
Datacard Confidential 7 •  Updating EMV data on already issued cards •  EMV Scripts EMV Post Issuance Keys Payment Brand Acquirer MDK Encryption Key MDK MAC Key MDK AC Key
Datacard Confidential 8 •  Updating EMV data on already issued cards •  EMV Card Update Scripts EMV Post Issuance Keys Payment Brand Acquirer MDK Encryption Key MDK MAC Key MDK AC Key Product 1 Key set 1 Product 2 Key set 2 Product 3 Key set 3 Product 4 Key set 4 Product 5 Key set 5 Product 6 Key set 6 Product….. Key ……
Datacard Confidential 9 Smart Card Inventory Security Transport Keys
Datacard Confidential 10 Why is Key Management Important? Keys are the Heart of EMV Protection Maximizing key security is vital to EMV
Datacard Confidential 11 •  Payment Brand •  Issuers •  Issuer Authorization Processors •  Issuer Card Personalization Bureaus •  Acquirers Who Has to Manage EMV Keys
Datacard Confidential Key Distribution Key type Auth System EMV Script Generator CMS Data Prep Perso / Bureau Service Provider / VISA NET PVK/ Key ü ü ü MDKac ü ü ü ü MDKenc ü ü MDKmac ü ü MDKidn ü ü ü MDKicvv ü ü ü KEK ü ü ZMK ü ü ü
Datacard Confidential 13 Key Transportation Key Ceremony
Datacard Confidential 14 Keys Transport using KEKs Shared Key Encrypting Key Shared Key Encrypting Key Shared Key
Datacard Confidential 15 EMV Key Exchanges Issuer Issuer service bureau Authorization processor Product 1 Product 2 Product 3 Product 4 Product 5 Product ….. Product 1 Product 1 Product 1 Product 1 Product 1 Product 1 Product …
Datacard Confidential 16 Key Management Evolution •  Only used for EMV cards and PINs •  Key requirements were not well understood •  Tools were in an embryonic state •  Few people had key management knowledge Step 1: PIN Key Management Step 2: PCI Data Security Compliance Step 3: EMV Key Management
Datacard Confidential 17 Key Management Evolution Continues….. SE SE SE TSM Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 TSM TSM
Datacard Confidential 18 Continue to Evolve Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 Virtual Cards or Wallets
Datacard Confidential 19 Key Management Evolution
Datacard Confidential 20 •  Tactical EMV Migration Questions –  Where will keys be generated? –  How often will keys be changed over time? –  What will be the process for rolling over keys? –  How will you transport keys to each location? •  One at a time in components? •  Encrypted under a KEK (Key Encrypting Key) –  How will you assure the key security through the complete issuance process? •  What are your future plans for Key Management Key Management Considerations
Datacard Confidential EMV Key Management Why Should You Care? Guy R. Berg Global Industry Consultant Datacard Group 651.354.6808 Guy_berg@datacard.com

Recommandé

Secure electronic transaction (set)
Secure electronic transaction (set)Secure electronic transaction (set)
Secure electronic transaction (set)
Agnė Chomentauskaitė
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSS
ControlCase
 
Emv chip card buyers guide
Emv chip card buyers guideEmv chip card buyers guide
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
Syed Taimoor Hussain Shah
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
Yiannis Hatzopoulos
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
Parking & Traffic Consultants
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 

Recommandé

Secure electronic transaction (set)
Secure electronic transaction (set)Secure electronic transaction (set)
Secure electronic transaction (set)
Agnė Chomentauskaitė
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSS
ControlCase
 
Emv chip card buyers guide
Emv chip card buyers guideEmv chip card buyers guide
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET)
Syed Taimoor Hussain Shah
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM serviceseSmartlock a USB Javacard dongle with anti-piracy and DRM services
eSmartlock a USB Javacard dongle with anti-piracy and DRM services
Yiannis Hatzopoulos
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
Parking & Traffic Consultants
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
Alex Tan
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card Processing
Lennon808
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
Philip Andreae
 
APG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems LtdAPG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems Ltd
Advanced Card Systems Ltd.
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
NetwayClub
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cards
Dilip Kumar
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Greg Stone
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
Greg Stone
 
Tokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data StorageTokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data Storage
- Mark - Fullbright
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
Halo Metrics
 
EMV Terminal Integration Test Solutions
EMV Terminal Integration Test SolutionsEMV Terminal Integration Test Solutions
EMV Terminal Integration Test Solutions
Steve Lacourt
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
 
Sploitego
SploitegoSploitego
Sploitego
London School of Cyber Security
 
R.Grassi - P.Sardo - One integration: every wat to pay
R.Grassi - P.Sardo - One integration: every wat to payR.Grassi - P.Sardo - One integration: every wat to pay
R.Grassi - P.Sardo - One integration: every wat to pay
Meet Magento Italy
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
arpit06055
 
Iiw13 identifying with_your_bank
Iiw13 identifying with_your_bankIiw13 identifying with_your_bank
Iiw13 identifying with_your_bank
Steve Sidner
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?
syrinxtech
 
Workshop on 03 11-2012
Workshop on 03 11-2012Workshop on 03 11-2012
Workshop on 03 11-2012
Gaurav Gautam
 
Chip Cards: EMV Updates for Parking
Chip Cards: EMV Updates for ParkingChip Cards: EMV Updates for Parking
Chip Cards: EMV Updates for Parking
Creditcall
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providers
Calyptix Security
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
Kamal Acharya
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 

Contenu connexe

Similaire à Ep22 berg

NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
Alex Tan
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
Greg Stone
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
 
Workshop on 03 11-2012
Workshop on 03 11-2012Workshop on 03 11-2012
Workshop on 03 11-2012
Gaurav Gautam
 
Chip Cards: EMV Updates for Parking
Chip Cards: EMV Updates for ParkingChip Cards: EMV Updates for Parking
Chip Cards: EMV Updates for Parking
Creditcall
 

Similaire à Ep22 berg (20)

NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card Processing
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
 
APG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems LtdAPG82 product presentation by Advanced Card Systems Ltd
APG82 product presentation by Advanced Card Systems Ltd
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cards
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
 
Tokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data StorageTokenization Payment Data Out Securing Payment Data Storage
Tokenization Payment Data Out Securing Payment Data Storage
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
 
EMV Terminal Integration Test Solutions
EMV Terminal Integration Test SolutionsEMV Terminal Integration Test Solutions
EMV Terminal Integration Test Solutions
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
Sploitego
SploitegoSploitego
Sploitego
 
R.Grassi - P.Sardo - One integration: every wat to pay
R.Grassi - P.Sardo - One integration: every wat to payR.Grassi - P.Sardo - One integration: every wat to pay
R.Grassi - P.Sardo - One integration: every wat to pay
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
 
Iiw13 identifying with_your_bank
Iiw13 identifying with_your_bankIiw13 identifying with_your_bank
Iiw13 identifying with_your_bank
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?
 
Workshop on 03 11-2012
Workshop on 03 11-2012Workshop on 03 11-2012
Workshop on 03 11-2012
 
Chip Cards: EMV Updates for Parking
Chip Cards: EMV Updates for ParkingChip Cards: EMV Updates for Parking
Chip Cards: EMV Updates for Parking
 
Pci dss-for-it-providers
Pci dss-for-it-providersPci dss-for-it-providers
Pci dss-for-it-providers
 

Dernier

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Dr.Costas Sachpazis
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 

Dernier (20)

Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 

Ep22 berg

  • 1. Datacard Confidential EMV Key Management Why Should You Care? Guy Berg Global Industry Consultant Advanced Payment Technologies Datacard Group 651.354.6808 Guy_berg@datacard.com
  • 2. Datacard Confidential 2 What Do these Operations have in Common? Dynamic Cryptogram Dynamic Data Authentication Digital Signatures Tokenization On-line Authentication Off-line Authentication Cryptography Data Security Key Management
  • 3. Datacard Confidential 3 •  Key Management System Core Functions –  Generating Keys –  Importing Keys –  Exporting keys –  Distributing keys –  Protecting keys What is Key Management?
  • 4. Datacard Confidential 4 On-line Authentication Key Payment Brand Acquirer Dynamic Cryptogram Dynamic Cryptogram ARQC Issuer Shared Key
  • 5. Datacard Confidential 5 On-line Authentication Keys Payment Brand Acquirer Dynamic Cryptogram Product 1 Key 1 Product 2 Key 2 Product 3 Key 3 Product 4 Key 4 Product 5 Key 5 Product 6 Key 6 Product….. Key ……Issuer
  • 6. Datacard Confidential 6 Off-line Authentication Keys and Certificates Payment Brand Acquirer JCBMC V DAM Certificate Authority PrivatePublic Issuer Public Key Certificate Issuer Public Private JCBMC V DAM Cert
  • 7. Datacard Confidential 7 •  Updating EMV data on already issued cards •  EMV Scripts EMV Post Issuance Keys Payment Brand Acquirer MDK Encryption Key MDK MAC Key MDK AC Key
  • 8. Datacard Confidential 8 •  Updating EMV data on already issued cards •  EMV Card Update Scripts EMV Post Issuance Keys Payment Brand Acquirer MDK Encryption Key MDK MAC Key MDK AC Key Product 1 Key set 1 Product 2 Key set 2 Product 3 Key set 3 Product 4 Key set 4 Product 5 Key set 5 Product 6 Key set 6 Product….. Key ……
  • 9. Datacard Confidential 9 Smart Card Inventory Security Transport Keys
  • 10. Datacard Confidential 10 Why is Key Management Important? Keys are the Heart of EMV Protection Maximizing key security is vital to EMV
  • 11. Datacard Confidential 11 •  Payment Brand •  Issuers •  Issuer Authorization Processors •  Issuer Card Personalization Bureaus •  Acquirers Who Has to Manage EMV Keys
  • 12. Datacard Confidential Key Distribution Key type Auth System EMV Script Generator CMS Data Prep Perso / Bureau Service Provider / VISA NET PVK/ Key ü ü ü MDKac ü ü ü ü MDKenc ü ü MDKmac ü ü MDKidn ü ü ü MDKicvv ü ü ü KEK ü ü ZMK ü ü ü
  • 13. Datacard Confidential 13 Key Transportation Key Ceremony
  • 14. Datacard Confidential 14 Keys Transport using KEKs Shared Key Encrypting Key Shared Key Encrypting Key Shared Key
  • 15. Datacard Confidential 15 EMV Key Exchanges Issuer Issuer service bureau Authorization processor Product 1 Product 2 Product 3 Product 4 Product 5 Product ….. Product 1 Product 1 Product 1 Product 1 Product 1 Product 1 Product …
  • 16. Datacard Confidential 16 Key Management Evolution •  Only used for EMV cards and PINs •  Key requirements were not well understood •  Tools were in an embryonic state •  Few people had key management knowledge Step 1: PIN Key Management Step 2: PCI Data Security Compliance Step 3: EMV Key Management
  • 17. Datacard Confidential 17 Key Management Evolution Continues….. SE SE SE TSM Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 TSM TSM
  • 18. Datacard Confidential 18 Continue to Evolve Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 Issuer 1 Virtual Cards or Wallets
  • 19. Datacard Confidential 19 Key Management Evolution
  • 20. Datacard Confidential 20 •  Tactical EMV Migration Questions –  Where will keys be generated? –  How often will keys be changed over time? –  What will be the process for rolling over keys? –  How will you transport keys to each location? •  One at a time in components? •  Encrypted under a KEK (Key Encrypting Key) –  How will you assure the key security through the complete issuance process? •  What are your future plans for Key Management Key Management Considerations
  • 21. Datacard Confidential EMV Key Management Why Should You Care? Guy R. Berg Global Industry Consultant Datacard Group 651.354.6808 Guy_berg@datacard.com