EMV如何加密非接触式交易? [英] How does EMV encrypt the contactless transaction?

问题描述

我试图弄清楚EMV标准化建议通过NFC传输付款信息时采用哪种加密方式.我浏览了规范，但是找不到关于该主题的任何提示.我知道，尽管卡制造商在其卡本身上提供了一些加密技术，但部分已已损坏 . 有人知道(如果希望加密的话)(如果希望加密的话)以及(如果加密的话)哪种技术?

I try to figure out what kind of encryption the EMV standardization recommends for transferring payment information via NFC. I browsed through the specification, but I can't find any hint about this topic. I know though that the card manufacturer provides some encryption technology on their card itself, which has partly been compromised. Does someone know, if its encrypted at all (I hope so) and if so, with which technology?

推荐答案

卡与非接触式读取器之间的通信未加密. 您可以轻松地窃听和记录交换的 APDU ，我几乎每天都会使用非接触式间谍( Fime SmartSpy 一个).

The communication between the card and the contactless reader is not encrypted. You can easily eavesdrop and record the exchanged APDUs, I do it almost daily using a contactless spy (the Fime SmartSpy one).

但是录制对话框不足以克隆卡. 您将可以访问某些信息(例如:卡号，track2等效数据)，但是:

But recording the dialog is not enough to clone the card. You will get access to some information (ex : the card number, the track2 equivalent data), but :

• 您将错过创建磁条卡所需的信息
• 您无需进行在线购物即可获得CVV(卡后写的数字).
• 您也将无法重播"交易，因为交易数据包括由终端和卡生成的两个不可预测的数字，这对于每个交易都是唯一的并由卡签名.

卡在交易中签名所使用的私钥/证书永远不会在交易过程中传输，也无法访问. 这就是卡上受保护和加密的私钥/证书(我不知道安全机制的详细信息).

The private key/certificate used by the card to sign the transaction is never transmitted during the transaction and cannot be accessed. That's this private key/certificate which is protected and encrypted on the card (I don't know the details of the security mechanisms).

安全受到威胁的卡是一些基本的 MiFare卡.这些卡不用于支付应用程序.

The cards whose security has been compromised are some basic MiFare cards. These cards are not used for payment applications.

这篇关于EMV如何加密非接触式交易?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！