Abstract
Payment cards make use of a Primary Account Number (PAN) that is normally used by merchants to uniquely identify users, and if necessary to deny users service by blacklisting. However, tokenisation is a technique whereby the PAN is replaced by a temporary equivalent, for use in mobile devices that emulate payment cards, but with reduced attack resistance. This paper outlines how tokenised payments contradict the process of blacklisting in open transport systems. We propose the use of a linkable group signature to link different transactions by a user regardless of the variable token. This allows the transport operator to check if a user’s signature is linked to a previous dishonest transaction in the blacklist, while still maintaining the anonymity of the user.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
“The UK Cards Association is the trade body for the card payments industry in the UK, representing financial institutions which act as card issuers and acquirers”.
- 2.
EMVCo, made up of six members; American Express, Discover, JCB, MasterCard, UnionPay, and Visa, facilitates worldwide interoperability and acceptance of secure payment transactions.
- 3.
The EMVco specification on tokenisation indicates that the payment networks can additionally act as the TSP, while still maintaining their primary roles in the EMV ecosystem.
- 4.
The payment network, acting as the TSP, translates the token back to a real PAN and authorisation is processed as per normal EMV flow.
- 5.
Application Protocol Data Unit is the unit of communication between a device and a reader. APDUs are specified in ISO/IEC 7816 be.
- 6.
NFC supports data rate of 106, 212, 424, and 848 kbps.
References
Identification cards - Identification of issuers - Part 1: Numbering system. ISO/IEC 7812–1. Standard, International Organization for Standardization, Geneva, CH (2015)
The UKCARDS Association. Card expenditure statistics, January
International Organization for Standardization (ISO). Identification cards - Contactless integrated circuit cards - Proximity cards (2008)
Yeager, D.: Added NFC Reader support for two new tag types: ISO PCD type A and ISO PCD type B (2012)
Android Developer Guide. Host-based Card Emulation. https://developer.android.com/guide/topics/connectivity/nfc/hce.html
MNFCC-14002: Host Card Emulation (HCE) 101, SmartCardAlliance, Technical report MNFCC-14002, August 2004. http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf
Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. In: Mobile and Secure Services (MOBISECSERV), pp. 1–6, February 2015. doi:10.1109/MOBISECSERV.2015.7072872
Radu, C.: Implementing Electronic Card Payment Systems. Artech House Computer Security Series. Artech House, USA (2003)
Samsung Pay Will Transform the Mobile Wallet Experience. Standard, Samsung Electronics Co. Ltd. (2016)
Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). doi:10.1007/3-540-45748-8_24
Information technology - Security techniques - Anonymous digital signatures. Standard, International Organization for Standardization, Geneva, CH (2013)
Canard, S., Schoenmakers, B., Stam, M., Traoré, J.: List Signature Schemes, vol. 154, pp. 189–201. Elsevier Science Publishers B.V., Amsterdam (2006)
Brakewood, C.E.: Contactless Prepaid and Bankcards in Transit Fare Collection Systems, June 2010
Arfaoui, G., Dabosville, G., Gambs, S., Lacharme, P., Lalande, J.-F.: A Privacy-Preserving NFC Mobile Pass for Transport Systems, vol. 2, p. e4 (2014)
Ekberg, J.-E., Tamrakar, S.: Mass transit ticketing with NFC mobile phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 48–65. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32298-3_4
Transport Committee: The Future of Ticketing. Greater London Authority (2011)
Krikorian-Slade, B., Burholt, N.M.A.: Contactless Transit Framework. Standard and Cards Association, UK (2016)
Annual Fraud Indicator: Report. University of Portsmouth, Centre for Counter Fraud Studies, Portsmouth, England (2016)
Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003). doi:10.1007/3-540-39200-9_17
EMV Payment Tokenisation Specification. Standard (2014)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_30
Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_33
Mut-Puigserver, M., Magdalena Payeras-Capellí, M., Ferrer-Gomila, J.-L., Vives-Guasch, A., Castellí-Roca, J.: A Survey of Electronic Ticketing Applied to Transport, vol. 31, pp. 925–939. Elsevier Advanced Technology Publications, Oxford (2012)
Potzmader, K.: ISO20008-2.2 Group Signature Scheme Evaluation on Mobile Devices (2013)
Potzmader, K., Winter, J., Hein, D., Hanser, C., Teufl, P., Chen, L.: Group Signatures on Mobile Devices: Practical Experiences, pp. 47–64 (2013)
Bassil, Y.: A comparative study on the performance of the top DBMS systems (2012). abs/1205.2889
Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme, pp. 255–270. Springer, London (2000)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Umar, A., Gurulian, I., Mayes, K., Markantonakis, K. (2017). Tokenisation Blacklisting Using Linkable Group Signatures. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-59608-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59607-5
Online ISBN: 978-3-319-59608-2
eBook Packages: Computer ScienceComputer Science (R0)