Verfügbarkeit: Implementing electronic card payment systems

Implementing electronic card payment systems:

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Radu, Cristian (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Boston Artech House 2003
Schriftenreihe:	Artech House computer security series
Schlagworte:	Datenverarbeitung Electronic funds transfers Credit cards Debit cards Payment > Data processing Electromagnetic compatibility Chipkarte Bargeldloser Zahlungsverkehr Datenendgerät
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	"Artech House computing library.". - Includes bibliographical references and index
Beschreibung:	XIV, 446 S. Ill.
ISBN:	1580533051

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV019811455
003	DE-604
005	20050923
007	t
008	050517s2003 xxua\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2002033224
020			\|a 1580533051 \|c alk. paper \|9 1-58053-305-1
035			\|a (OCoLC)50447774
035			\|a (DE-599)BVBBV019811455
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-91 \|a DE-521 \|a DE-522
050		0	\|a HG1710.R33 2003
082	0		\|a 658.8/8 \|2 21
082	0		\|a 658.8/8 21
084			\|a QK 305 \|0 (DE-625)141642: \|2 rvk
084			\|a ELT 431f \|2 stub
100	1		\|a Radu, Cristian \|e Verfasser \|4 aut
245	1	0	\|a Implementing electronic card payment systems \|c Cristian Radu
264		1	\|a Boston \|b Artech House \|c 2003
300			\|a XIV, 446 S. \|b Ill.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a Artech House computer security series
500			\|a "Artech House computing library.". - Includes bibliographical references and index
650		4	\|a Datenverarbeitung
650		4	\|a Electronic funds transfers
650		4	\|a Credit cards
650		4	\|a Debit cards
650		4	\|a Payment -- Data processing
650		4	\|a Electromagnetic compatibility
650	0	7	\|a Chipkarte \|0 (DE-588)4147723-6 \|2 gnd \|9 rswk-swf
650	0	7	\|a Bargeldloser Zahlungsverkehr \|0 (DE-588)4124608-1 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datenendgerät \|0 (DE-588)4148869-6 \|2 gnd \|9 rswk-swf
689	0	0	\|a Chipkarte \|0 (DE-588)4147723-6 \|D s
689	0	1	\|a Bargeldloser Zahlungsverkehr \|0 (DE-588)4124608-1 \|D s
689	0	2	\|a Datenendgerät \|0 (DE-588)4148869-6 \|D s
689	0		\|5 DE-604
856	4	2	\|m HBZ Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013136865&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-013136865

Datensatz im Suchindex

_version_	1804133309737861120
adam_text	Contents Acknowledgments xv D Introduction 1 Part I: Magnetic stripe debit and credit cards 3 Part H: Chip migration with EMV™ 3 Part m: Remote debit and credit with EMV™ 5 Part I: Magnetic Stripe Debit and Credit Cards . 7 Q Payment Card Processing 9 2.1 Payment card processing at a glance 10 2.2 Roles involved in payment card processing 13 2.3 Payment card brands 15 2.4 Credit and debit payment cards 16 2.5 Focusing on the magnetic stripe card 17 2.5.1 Embossed financial data lg 2.5.2 Financial data on the magnetic stripe 20 2.6 Threats and security protections 24 2.6.1 Channel protection versus eavesdropping 25 2.6.2 Cardholder verification versus impersonation 27 2.6.3 Static authentkator versus modifying financial data 30 2.6.4 Timeliness versus card counterfeiting 3] 2.6.5 Merchant attacks and colluding attacks 3 3 2.7 Processing at the point of service 34 vii vilj Contents 2.8 Payment network and interchange messages 37 2.8.1 Message structure 38 2.8.2 Message/lows 41 2.9 On line authorization 45 2.10 Clearing and settlement 47 References 50 Part II: Chip Migration with EMV™ .... 51 mp Chip Migration 53 3.1 A business case for chip migration 54 3.2 An overview of the chip card technology 56 3.2J Hardware and software structure of chip cards 57 3.2.2 Cardfile system and file referencing 60 3.2.3 Command and jestpcnse format 65 3.2.4 Gzrrf application nni terminal application 66 3.3 Proprietary payment application 69 3.3.1 Encoding data elements with a fixed format 71 3.3.2 Fixed file system organization 73 3.3 J PreestablisheA wrwnand and response formats 73 3.3.4 Symmetric cryptographic technology 76 3.4 Interoperable payment application 80 3.4.1 Self determined encoding of data elements 82 3.4.2 Customized fik system organization 84 3.4.3 Variable formats Jor commands and responses 87 3.4.4 Asymmetric cryptographic support 87 References 90 Q EMV™ Compliant Data Organization . ... 91 4.1 Organization of the 5MV™ specifications 92 4.2 EMV™ data elements 96 4.3 EMV™ file system 99 4.3.1 ADFs 99 4.3.2 AEFs 106 4.3.3 Directory definition files 108 Contents 4.3.4 Payment system environment 112 4.4 BMV™ application selection 115 4.4.1 Building the candidate list from the PSB 118 4.4.2 Building the candidate list directly 119 4.43 Final application selection 121 References 122 Q EMV™ Certificates 125 5.1 Certification mechanism and algorithm 125 5.2 Public key certificate for RSA scheme 126 5.3 Entities and certifiers 127 5.3.1 Issuer requires a public key certificate 127 5.3.2 ICC requires a public key certificate 128 5.4 Entity public key remainder 129 5.5 EMV™ certification chains 129 5.6 Issuing EMV™ public key certificates 132 5.6.1 Data items included in the certificate 132 5.6.2 Generating the public key certificate 135 5.7 Verifying EMV™ public key certificates 136 5.7.1 Verification of the Issuer Public Key Certificate 136 5.7.2 Verification of the ICC Public Key Certificate 138 5.8 Issuing signed static application data 140 5.8.1 APL 141 5.8.2 Creating the Static Data to Be Authenticated 142 5.8.3 Generate the Signed Static Application Data 143 5.9 Verifying the Signed Static Application Data 144 References 145 D Debit and Credit with EMV™ 147 6.1 Overview of the EMV™ debit/credit transaction 148 6.2 Initiate application processing 152 6.2.1 TVR and TSI—two witnesses of terminal processing 152 6.2.2 PDOLandGET PROCESSING OPTIONS 153 6.2.3 AIPandAFL 154 6.3 Read application data 156 Contents 6.3.1 AFL processing 156 6.3.2 Consistency rules for the data objects 158 6.4 Off line data authentication 160 6.4.1 Selection of the off line authentication mechanism 160 6.4.2 Off line SDA 162 6.4.3 Off line DBA 165 6.5 Processing restrictions 174 6.5.1 Application Version Number 174 6.5.2 Application usage control 175 6.5.3 Application effective/expiration dates checking 178 6.6 Cardholder verification 178 6.6.1 Cardholder verification methods in EMV™ 179 6.6.2 Data objects involved in cardholder verification 181 6.6.3 Common processing performed by the terminal 184 6.6.4 Off line PIN processing 186 6.6.5 RSA digital envelope carrying the PIN 191 6.6.6 On line PIN processing 194 6.7 Terminal risk management 195 6.7.1 Terminal floor limit 195 6.7.2 Random transaction selection 196 6.7.3 Velocity checking 199 6.8 Terminal action analysis 201 6.8.1 Action codes and security policies 201 6.8.2 The terminal proposes and the card disposes 203 6.8.3 Off line denial of a transaction 204 6.8.4 On line transmission of a transaction 206 6.8.5 Default action in a transaction 207 6.8.6 Compute Application Cryptogram with GENERATE AC 208 6.9 On line processing and issuer authentication 217 6.9.1 Authorization request and response with chip data 218 6.9.2 Issuer Authentication 221 6.10 Issuer scripts 222 6.10.1 Processing of issuer script templates 222 6.10.2 Post Issuance Commands 225 References 225 Contents • MM EMV™ Chip Migration Issues 227 7.1 EMV™ regulatory framework 228 7.1.1 Business objectives 229 7.1.2 Functional requirements 231 7.1.3 Security politics 233 7.2 Deriving ICC specifications by issuers 236 7.3 Selection criteria of the ICC architecture 239 7.3.1 ICC hardware resources 239 73.2 ICC software platform 241 7.4 Multiapplication ICC 242 7.4.1 Choice of a set of card applications 243 7.4.2 Card layout definition 246 7.5 Issuer s business case 253 7.5.1 Availability of the financial service 253 7.5.2 Improved security 254 7.5.3 Reduced operational costs 255 7.6 Adaptive initiate application processing 255 7.7 Design criteria for CAM selection 259 7.7.1 On line CAM 260 7.7.2 Off line static CAM 261 7.7.3 Off line dynamic CAM 262 7.7.4 Security considerations regarding CAM 263 7.8 Design criteria for CVM 267 7.8.1 Enciphered PIN verified on line 267 7.8.2 Plaintext/enciphered PIN verification by ICC 268 7.8.3 Requirements for the implementation of various CVM 269 7.8.4 Criteria for the definition of the CVM List 270 7.9 Processing restrictions 271 7.9.1 Application usage control 271 7.9.2 Application Version Number 272 7.9.3 Application effective/expiration dates 272 7.10 Card risk management 273 7.10.1 CRM Components 273 7.10.2 The set of CRM functions 27 4 7.10.3 CRM data 278 7.10.4 CRM function definitions 283 References 286 XH Contents Part III: Remote Debit and Credit with EMV™. 289 O Remote Card Payments and EMV™ .... 291 8.1 A model for remote card payments 293 8.2 Security aspects of remote card payments 295 8.2.1 Threats environment 296 8.2.2 Security services for remote transactions 300 8.2.3 Security services realization 304 8.3 Remote payment method based on TLS 306 8.3.1 TLS handshake protocol 307 8.3.2 TLS record protocol 309 8.3.3 Security limitations of the TLS protocol 309 8.4 SET based solutions 310 8.4.1 SET model 311 8.4.2 Setup ofthe SET payment scheme 311 8.4.3 Registration of participants 315 8.4.4 Secure SET channel over insecure networks 317 8.4.5 SET dual signatures 321 8.4.6 SET payment method 322 8.5 TLS versus SET or wallet servers and EMV™ cards 332 85.1 Security makes the difference 332 8.5.2 Acceptability is a main concern 333 8.5.3 Improved solutions with wallet servers and EMV™ cards 336 8.6 Transaction processing for chip e commerce 340 8.6.1 EMV™ application context in the cardholder system 342 8.6.2 Purchase initialization (PInitReq/PInitRes) 346 8.6.3 Cardholder verification 347 8.6.4 Terminal action analysis 349 8.6.5 Purchase request and response 350 8.6.6 Authorization request/response 353 8.6.7 Completion of the EMV™ transaction 355 References 356 Appendix A: Security Framework .... 359 Reference 361 Contents xiii Appendix B: Generic Security Threats . . . 363 Appendix C: Security Services 367 C.I Service description 367 C.2 Realization of security services 370 References 371 Appendix D: Security Mechanisms .... 373 D.I Encryption 373 D.I.I Symmetric encryption 374 D.I.2 Asymmetric encryption 375 D.2 Cryptographic hash functions 376 D.2.1 Hash Junction 377 D.2.2 MAC 379 D.3 Digital signature schemes 380 D.3.1 Signature scheme with appendix 382 D.3.2 Signature scheme with recovery 383 D.4 Public key certificates 384 D.4.1 Authenticity of public keys 384 D.4.2 Public key certificate generation 385 D.4.3 Public key certificate verification 386 D.5 Cardholder verification mechanisms 387 D.5.1 Manual signature 387 D.5.2 Enciphered PIN verified on line 387 D.5.3 Plaintext PIN verification performed by the chip card 388 D.5.4 Symmetric enciphered PIN verification 389 D.5.5 Asymmetric enciphered PIN verification 390 D.5.6 Cardholder verification based on biometrics 391 D.6 SDA mechanisms 392 D.6.1 MAC based SDA mechanism 392 D.6.2 Signature based SDA mechanism 393 D.7 DDA mechanisms 394 D.T.I MAC based DDA 394 D.7.2 Digital signature based DDA 395 D.7.3 One time passwords 396 References 397 ^IV Contents Appendix E: Block Ciphers 399 E.I Definition and parameters 399 E.2 Modes of operation 400 E.3 DES, Triple DES, and AES 402 E.4 MAC using a 64 bit length block cipher 404 E.5 Key derivation 405 References 406 Appendix F: RSA Encryption and Signature Scheme 407 F.I Key generation 407 F.2 Public and secret RSA operations 409 F.3 Digital signature giving message recovery 410 F.3.1 Signature generation 411 F.3.2 Signature verification 412 F.4 Digital signature and encryption with PKCS#1 414 References 416 Appendix G: E Commerce and M Commerce Related Technologies 419 G.I E commerce and m commerce 419 G.2 SIM, STK, SMS, and WAP 420 G.3 Access devices for remote card payments 421 G.4 WAP protocol suite compared to Internet 426 References 427 About the Author 429 Index 431
any_adam_object	1
author	Radu, Cristian
author_facet	Radu, Cristian
author_role	aut
author_sort	Radu, Cristian
author_variant	c r cr
building	Verbundindex
bvnumber	BV019811455
callnumber-first	H - Social Science
callnumber-label	HG1710
callnumber-raw	HG1710.R33 2003
callnumber-search	HG1710.R33 2003
callnumber-sort	HG 41710 R33 42003
callnumber-subject	HG - Finance
classification_rvk	QK 305
classification_tum	ELT 431f
ctrlnum	(OCoLC)50447774 (DE-599)BVBBV019811455
dewey-full	658.8/8 658.8/821
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.8/8 658.8/8 21
dewey-search	658.8/8 658.8/8 21
dewey-sort	3658.8 18
dewey-tens	650 - Management and auxiliary services
discipline	Elektrotechnik Wirtschaftswissenschaften
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01956nam a2200529zc 4500</leader><controlfield tag="001">BV019811455</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20050923 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">050517s2003 xxua\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2002033224</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1580533051</subfield><subfield code="c">alk. paper</subfield><subfield code="9">1-58053-305-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)50447774</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV019811455</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield><subfield code="a">DE-521</subfield><subfield code="a">DE-522</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">HG1710.R33 2003</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.8/8</subfield><subfield code="2">21</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.8/8 21</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">QK 305</subfield><subfield code="0">(DE-625)141642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ELT 431f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Radu, Cristian</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Implementing electronic card payment systems</subfield><subfield code="c">Cristian Radu</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boston</subfield><subfield code="b">Artech House</subfield><subfield code="c">2003</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XIV, 446 S.</subfield><subfield code="b">Ill.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Artech House computer security series</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">"Artech House computing library.". - Includes bibliographical references and index</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Datenverarbeitung</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electronic funds transfers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Credit cards</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Debit cards</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Payment -- Data processing</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electromagnetic compatibility</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Chipkarte</subfield><subfield code="0">(DE-588)4147723-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Bargeldloser Zahlungsverkehr</subfield><subfield code="0">(DE-588)4124608-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datenendgerät</subfield><subfield code="0">(DE-588)4148869-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Chipkarte</subfield><subfield code="0">(DE-588)4147723-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Bargeldloser Zahlungsverkehr</subfield><subfield code="0">(DE-588)4124608-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Datenendgerät</subfield><subfield code="0">(DE-588)4148869-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013136865&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-013136865</subfield></datafield></record></collection>
id	DE-604.BV019811455
illustrated	Illustrated
indexdate	2024-07-09T20:06:40Z
institution	BVB
isbn	1580533051
language	English
lccn	2002033224
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-013136865
oclc_num	50447774
open_access_boolean
owner	DE-91 DE-BY-TUM DE-521 DE-522
owner_facet	DE-91 DE-BY-TUM DE-521 DE-522
physical	XIV, 446 S. Ill.
publishDate	2003
publishDateSearch	2003
publishDateSort	2003
publisher	Artech House
record_format	marc
series2	Artech House computer security series
spelling	Radu, Cristian Verfasser aut Implementing electronic card payment systems Cristian Radu Boston Artech House 2003 XIV, 446 S. Ill. txt rdacontent n rdamedia nc rdacarrier Artech House computer security series "Artech House computing library.". - Includes bibliographical references and index Datenverarbeitung Electronic funds transfers Credit cards Debit cards Payment -- Data processing Electromagnetic compatibility Chipkarte (DE-588)4147723-6 gnd rswk-swf Bargeldloser Zahlungsverkehr (DE-588)4124608-1 gnd rswk-swf Datenendgerät (DE-588)4148869-6 gnd rswk-swf Chipkarte (DE-588)4147723-6 s Bargeldloser Zahlungsverkehr (DE-588)4124608-1 s Datenendgerät (DE-588)4148869-6 s DE-604 HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013136865&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Radu, Cristian Implementing electronic card payment systems Datenverarbeitung Electronic funds transfers Credit cards Debit cards Payment -- Data processing Electromagnetic compatibility Chipkarte (DE-588)4147723-6 gnd Bargeldloser Zahlungsverkehr (DE-588)4124608-1 gnd Datenendgerät (DE-588)4148869-6 gnd
subject_GND	(DE-588)4147723-6 (DE-588)4124608-1 (DE-588)4148869-6
title	Implementing electronic card payment systems
title_auth	Implementing electronic card payment systems
title_exact_search	Implementing electronic card payment systems
title_full	Implementing electronic card payment systems Cristian Radu
title_fullStr	Implementing electronic card payment systems Cristian Radu
title_full_unstemmed	Implementing electronic card payment systems Cristian Radu
title_short	Implementing electronic card payment systems
title_sort	implementing electronic card payment systems
topic	Datenverarbeitung Electronic funds transfers Credit cards Debit cards Payment -- Data processing Electromagnetic compatibility Chipkarte (DE-588)4147723-6 gnd Bargeldloser Zahlungsverkehr (DE-588)4124608-1 gnd Datenendgerät (DE-588)4148869-6 gnd
topic_facet	Datenverarbeitung Electronic funds transfers Credit cards Debit cards Payment -- Data processing Electromagnetic compatibility Chipkarte Bargeldloser Zahlungsverkehr Datenendgerät
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013136865&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT raducristian implementingelectroniccardpaymentsystems

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge