Abstract

After discussing the concept of DUKPT based symmetric encryption key management (e. g. , for 3DES) and definition of cloud or remote wallet, the paper analyses applicability of DUKPT to different use cases like mobile banking, NFC payment using EMV contactless card and mobile based EMV card emulation, web browser based transaction and cloud or remote wallet. Cloud wallet is an emerging payment method and is gaining momentum very fast. Anticipating that the wallet product managers and security specialists may face these questions from different stakeholders, the authors have addressed applicability of DUKPT to cloud wallet use case quite elaborately. As per knowledge of the authors, this topic has been analysed and discussed for the first time.

References

• Use of DUKPT Key Management Scheme in Mobile Banking Product from Gemalto - http://www. gemalto. com/brochures/download/mob_banking_product. pdf
• http://en. wikipedia. org/wiki/FIPS_140-2#Level_2, NIST publication http://csrc. nist. gov/publications/fips/fips140-2/fips1402. pdf
• FIPS 140-3 Level 3 certified SIM card proposed by Gemalto to Indian Telecom Regulator TRAI, http://www. trai. gov. in/writereaddata/consultationpaper/document/10gemalto. pdf. FIPS 140-3 is a revision of FIPS 140-2, http://csrc. nist. gov/groups/ST/FIPS140_3/documents/FIPS_140-3%20Final_Draft_2007. pdf
• Ingenico mobile POS terminal products to enable turn a smartphone into a POS terminal, http://www. ingenico. com/en/products/payment-terminals/mobility/ismp/specs/
• EMV Contact Payment Specification, http://www. emvco. com/specifications. aspx?id=223
• EMV Contactless Payment Specification, http://www. emvco. com/specifications. aspx?id=21
• EMV Mobile Payment Specification, http://www. emvco. com/specifications. aspx?id=22
• DUKPT first introduced by VISA - http://en. wikipedia. org/wiki/Derived_unique_key_per_transaction
• Google Wallet - https://www. google. com/wallet/ , http://en. wikipedia. org/wiki/Google_Wallet
• Secure Element and smart card form factors as per GlobalPlatform, http://globalplatform. org/me-diaguideSE. asp
• PCI POS PIN Entry Device Security Requirements, https://www. pcisecuritystandards. org/documents/pos_ped_security_requirements. pdf
• EMVCo Contact Terminal, http://www. emvco. com/approvals. aspx?id=95
• Animesh Kr Trivedi, Rishi Kapoor, Rajan Arora, Sudip Sanyal and Sugata Sanyal, RISM - Reputation Based Intrusion Detection System for Mobile Ad hoc Networks,Third International Conference on Computers and Devices for Communications, CODEC-06, pp. 234-237. Institute of Radio Physics and Electronics, University of Calcutta, December 18-20, 2006, Kolkata, India
• Sandipan Dey, Ajith Abraham and Sugata Sanyal "An LSB Data Hiding Technique Using Natural Numbers", IEEE Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIHMSP 2007, Nov 26-28, 2007, Kaohsiung City, Taiwan, IEEE Computer Society press, USA, ISBN 0-7695-2994-1, pp. 473-476, 2007.
• Ajith Abraham, Ravi Jain, Sugata Sanyal and Sang Yong Han, SCIDS: A Soft Computing Intrusion Detection System,6th International Workshop on Distributed Computing (IWDC-2004), A. Sen et al (Eds. ). Springer Verlag, Germany, Lecture Notes in Computer Science, Vol. 3326. ISBN: 3-540-24076-4, pp. 252-257, 2004.