Security Enhanced EMV-Based Mobile Payment Protocol
TL;DR: This work proposes an EMV-compatible payment protocol that is able to resist impersonation attacks and to avoid the security threats in EMV, and modifications to the EMV standard are transparent to merchants and users.
read more
Abstract: Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant's reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transaction risk. And our modifications to the EMV standard are transparent to merchants and users. We also encrypt the communications between a card and a reader to prevent eavesdropping on sensitive data. The protocol is able to resist impersonation attacks and to avoid the security threats in EMV. In offline transactions, our scheme requires a user to apply for a temporary offline certificate in advance. With the certificate, banks no longer need to lower customer's credits for risk control, and users can have online-equivalent credits in offline transactions.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Information security of RFID and NFC technologies
M A Masyuk
- 01 Dec 2019
TL;DR: In this article, the information security of radio frequency identification technologies and near field communication (RFID, NFC) has been investigated and some currently known vulnerabilities of the corresponding protocols and devices that implement them, and considers cryptanalysis tools and software.
13
Patent
Blocking and non-blocking firmware update
Rodion Steshenko,Jianliang Zhao,Timothy Kordas +2 more
- 30 Mar 2016
TL;DR: In this article, a payment reader can access a firmware manifest including a listing of current firmware assets stored at the payment reader, and send the firmware manifest to the server, which can compare the manifest to available firmware bundles, which are ordered combinations of firmware assets that have been released for usage by payment readers.
12
A Novel NFC-Based Secure Protocol for Merchant Transactions
TL;DR: In this article , the authors proposed a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks, which has three levels, i.e., defense at hardware, mobile application, and communication level.
Contactless Credit Cards Payment Fraud Protection by Ambient Authentication
TL;DR: This work proposes a transaction protocol that is compatible with EMV protocols and that can perform mutual authentication and ambient authentication on near-field-communication-enabled mobile phones that ensures the legitimacy of transactions and establishes keys for a transaction to protect the subsequent messages.
EMV-Compatible Offline Mobile Payment Protocol with Mutual Authentication.
Jia-Ning Luo,Ming-Hour Yang +1 more
TL;DR: An EMV-compatible offline mobile payment protocol with mutual authentication (EOPMA) to enhance EPMAR, which uses the reverse hash chain technique to guarantee the payment, which solves the problem of credit quotas getting exceeded because of multiple offline payments.
11
References
The Transport Layer Security (TLS) Protocol Version 1.2
Eric Rescorla
- 01 Aug 2008
TL;DR: This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol, which provides communications security over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.
PayWord and MicroMint: Two Simple Micropayment Schemes
Ronald L. Rivest,Adi Shamir +1 more
- 10 Apr 1996
Pay Word and MicroMint : Two Simple Micropayment Schemes
R. L. Rivest
- 01 Jan 1996
TL;DR: Ve presents two simple micropayment schemes, "PayWord" and :'MicroMint," for making small purchases over the Internet, using hash operations instead whenever possible to minimize the number of public-key operations required per payment.
673
•Proceedings Article
Reverse-engineering a cryptographic RFID tag
Karsten Nohl,David Evans,Starbug Starbug,Henryk Plötz +3 more
- 28 Jul 2008
TL;DR: This paper reconstructs the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis, and reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws.
Chip and PIN is Broken
Steven J. Murdoch,Saar Drimer,Ross Anderson,Mike Bond +3 more
- 16 May 2010
TL;DR: This paper describes and demonstrates a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network.