Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2016: Security and Privacy in Communication Networks pp 182–198Cite as

Tokenisation Blacklisting Using Linkable Group Signatures

  • Conference paper
  • First Online:

Abstract

Payment cards make use of a Primary Account Number (PAN) that is normally used by merchants to uniquely identify users, and if necessary to deny users service by blacklisting. However, tokenisation is a technique whereby the PAN is replaced by a temporary equivalent, for use in mobile devices that emulate payment cards, but with reduced attack resistance. This paper outlines how tokenised payments contradict the process of blacklisting in open transport systems. We propose the use of a linkable group signature to link different transactions by a user regardless of the variable token. This allows the transport operator to check if a user’s signature is linked to a previous dishonest transaction in the blacklist, while still maintaining the anonymity of the user.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    “The UK Cards Association is the trade body for the card payments industry in the UK, representing financial institutions which act as card issuers and acquirers”.

  2. 2.

    EMVCo, made up of six members; American Express, Discover, JCB, MasterCard, UnionPay, and Visa, facilitates worldwide interoperability and acceptance of secure payment transactions.

  3. 3.

    The EMVco specification on tokenisation indicates that the payment networks can additionally act as the TSP, while still maintaining their primary roles in the EMV ecosystem.

  4. 4.

    The payment network, acting as the TSP, translates the token back to a real PAN and authorisation is processed as per normal EMV flow.

  5. 5.

    Application Protocol Data Unit is the unit of communication between a device and a reader. APDUs are specified in ISO/IEC 7816 be.

  6. 6.

    NFC supports data rate of 106, 212, 424, and 848 kbps.

References

  1. Identification cards - Identification of issuers - Part 1: Numbering system. ISO/IEC 7812–1. Standard, International Organization for Standardization, Geneva, CH (2015)

    Google Scholar 

  2. The UKCARDS Association. Card expenditure statistics, January

    Google Scholar 

  3. International Organization for Standardization (ISO). Identification cards - Contactless integrated circuit cards - Proximity cards (2008)

    Google Scholar 

  4. Yeager, D.: Added NFC Reader support for two new tag types: ISO PCD type A and ISO PCD type B (2012)

    Google Scholar 

  5. Android Developer Guide. Host-based Card Emulation. https://developer.android.com/guide/topics/connectivity/nfc/hce.html

  6. MNFCC-14002: Host Card Emulation (HCE) 101, SmartCardAlliance, Technical report MNFCC-14002, August 2004. http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf

  7. Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. In: Mobile and Secure Services (MOBISECSERV), pp. 1–6, February 2015. doi:10.1109/MOBISECSERV.2015.7072872

  8. Radu, C.: Implementing Electronic Card Payment Systems. Artech House Computer Security Series. Artech House, USA (2003)

    Google Scholar 

  9. Samsung Pay Will Transform the Mobile Wallet Experience. Standard, Samsung Electronics Co. Ltd. (2016)

    Google Scholar 

  10. Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). doi:10.1007/3-540-45748-8_24

    Chapter  Google Scholar 

  11. Information technology - Security techniques - Anonymous digital signatures. Standard, International Organization for Standardization, Geneva, CH (2013)

    Google Scholar 

  12. Canard, S., Schoenmakers, B., Stam, M., Traoré, J.: List Signature Schemes, vol. 154, pp. 189–201. Elsevier Science Publishers B.V., Amsterdam (2006)

    MATH  Google Scholar 

  13. Brakewood, C.E.: Contactless Prepaid and Bankcards in Transit Fare Collection Systems, June 2010

    Google Scholar 

  14. Arfaoui, G., Dabosville, G., Gambs, S., Lacharme, P., Lalande, J.-F.: A Privacy-Preserving NFC Mobile Pass for Transport Systems, vol. 2, p. e4 (2014)

    Google Scholar 

  15. Ekberg, J.-E., Tamrakar, S.: Mass transit ticketing with NFC mobile phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 48–65. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32298-3_4

    Chapter  Google Scholar 

  16. Transport Committee: The Future of Ticketing. Greater London Authority (2011)

    Google Scholar 

  17. Krikorian-Slade, B., Burholt, N.M.A.: Contactless Transit Framework. Standard and Cards Association, UK (2016)

    Google Scholar 

  18. Annual Fraud Indicator: Report. University of Portsmouth, Centre for Counter Fraud Studies, Portsmouth, England (2016)

    Google Scholar 

  19. Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003). doi:10.1007/3-540-39200-9_17

    Chapter  Google Scholar 

  20. EMV Payment Tokenisation Specification. Standard (2014)

    Google Scholar 

  21. Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_30

    Google Scholar 

  22. Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_33

    Google Scholar 

  23. Mut-Puigserver, M., Magdalena Payeras-Capellí, M., Ferrer-Gomila, J.-L., Vives-Guasch, A., Castellí-Roca, J.: A Survey of Electronic Ticketing Applied to Transport, vol. 31, pp. 925–939. Elsevier Advanced Technology Publications, Oxford (2012)

    Google Scholar 

  24. Potzmader, K.: ISO20008-2.2 Group Signature Scheme Evaluation on Mobile Devices (2013)

    Google Scholar 

  25. Potzmader, K., Winter, J., Hein, D., Hanser, C., Teufl, P., Chen, L.: Group Signatures on Mobile Devices: Practical Experiences, pp. 47–64 (2013)

    Google Scholar 

  26. Bassil, Y.: A comparative study on the performance of the top DBMS systems (2012). abs/1205.2889

  27. Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme, pp. 255–270. Springer, London (2000)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Assad Umar, Iakovos Gurulian, Keith Mayes & Konstantinos Markantonakis

Authors
  1. Assad Umar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Iakovos Gurulian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Assad Umar .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Robert Deng

  2. Jinan University, Guangzhou, Guangdong, China

    Jian Weng

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Umar, A., Gurulian, I., Mayes, K., Markantonakis, K. (2017). Tokenisation Blacklisting Using Linkable Group Signatures. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59608-2_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59607-5

  • Online ISBN: 978-3-319-59608-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation