• Home Page
• About BKM
  • BKM
    • Establishment
    • Vision-Strategies
  • Services
  • Board of Directors
  • Committees
  • Members and Partners
    • BKM Members
    • BKM Partners
    • Membership Acceptance Criterion
  • Service Providers
  • Annual Reports
• Useful Information
  • Closest ATM
  • 3D Secure
  • Cardholders
    • Credit Card
    • Debit Card
  • Merchants
    • Credit Card
    • Debit Card
  • Payment Systems
  • Interchange Rates
  • Chip
    • Security and Methods
    • Security Mechanisms
    • Symmetric and Asymmetric Techniques
  • Abbreviations
  • Glossary
  • Events
    • CARTES & IDentification 2011
    • Cardist 2011
  • Rules and Regulations
    • Law No.5915 Amending and Revising The Law On Bank Cards and Credit Cards
    • Law No. 5464 Bank Cards and Credit Cards Law
    • Regulation of BDDK dated December 17. 2010
  • FAQ
• Reports And Publications
  • Reports
    • Periodic Data
    • Yearly Statistical Data
    • Switch Transactions
  • Publications
• Campaigns
  • Campaigns
    • Bye Bye Cash Campaign (2011)
    • Credit Card Awareness Campaign (2010)
    • Debit Card Campaign (2010)
    • Credit Card Awareness Campaign (2010)
    • Debit Card ATM Sharing Campaign (2009)
    • PIN Awareness Campaign (2009)
    • Credit Card Awareness Campaign (2008-2009)
    • chip&PIN Campaign (2006-2007)
    • Debit Card Campaign (2006-2007-2008)
    • Image Gallery
• Contact
• Site Map

Useful Information

• Closest ATM
• 3D Secure
• Cardholders
• Merchants
• Payment Systems
• Interchange Rates
• Chip
  • Security and Methods
  • Security Mechanisms
  • Symmetric and Asymmetric Techniques
• Abbreviations
• Glossary
• Events
• Rules and Regulations
• FAQ

Symmetric and Asymmetric Techniques

Symmetric Techniques

• The coding techniques by which the maker of the original information and the receiver of the information make transformation with the "same" secret key.
• It should not be easily calculable to reach the transformation of the maker of the information or receiver of the information without knowing the secret key.
• They are used in the chip world for Online Card and Issuer Authentication, Issuer Script Updates and Personalization Security purposes.

Asymmetric Techniques

• The coding techniques that use the Public and Private Key transformations which are connected to each other. The Private Key is used for signing and the Public Key is used for authentication.
• It should not be easily calculable to reach the Private Transformation pertaining to a given Public Transformation.
• They are used in the chip world for Offline Data Authentication (SDA, DDA), and Offline PIN coding purposes.

Hash Algorithms

• Hashing is the process of addressing the data that need to be transported to another environment to a data of a constant length that is much shorter than the original data in order to confirm that they are not exposed to deformation during the transport. This process should be in accordance with two basic rules:
• 1. It should not be easily calculable to reach the original data from a data with a given output, and, for an output generated from a known original data, it should not be easily calculable to find a second data that produces the same output.
• 2. For the Hash algorithms to be collision-resistant, reaching two different original data producing the same output should not be easily calculable.

SDA

SDA verifies that the data on the cards which are operable with this method are not changed with inappropriate methods after the personalization phase.

The chip cards that support SDA should contain the following data.

• Certification Authority Public Key Index
• Issuer Public Key Sertifikası, Artanı, Üssü
• Signed Static Application Data

The terminals that support SDA should comply with the following requirements:

• For each RID (Registered Application Provider Identifier), it should be possible to store 6 different CA Public Keys.
• In order to be able to support the multiple algorithms in the future, it should be possible to correlate these Keys with the other key-connected information.
• It should be possible to detect and find the location of the relevant Public Keys and other key-connected information for the CA Public Key Index and RID information provided by the card.
• The SDA method should use reversible algorithms in order to enable the Sign and Recover operations.

DDA

DDA prevents imitation of the card which is operable with this method. The chip cards that support DDA should contain the following data:

• Certification Authority Public Key Index
• Issuer Public Key Certificate, Remainder, Exponent
• ICC Public Key Certificate, Remainder, Exponent
• ICC Private Key

and should be able to create the following data:

• Signed Dynamic Application Data

The terminals which support DDA should comply with the same requirements to be observed by those which support SDA. Again, reversible algorithms should be used at the terminal and on the card. The only difference between DDA method and SDA method is the operating difference that starts after the PIC is found.

DDA

• Authentication process is carried out before the card action analysis.
• The terminal sends INTERNAL AUTHENTICATE (DDOL{data elements, UN}) command

CDA

• Authentication and Application Cryptogram creation operations are carried out together.
• The terminal sends the first GENERATE AC (CDOL1{data elements, UN}) to the card
• If the card responds with AAC, then CDA is not carried out. If the card responds with TC or AROQ, then CDA is carried out.
• CDOL(Card Risk Management DOL), TC(Transaction Certificate), ARQC(Auth.Req.Crypt.)

Fallback

There are three types of fallback states in the chip world:

• There is an EMV chip on the card but the chip;
• cannot be read by the chip reader.
• cannot be noticed by the chip reader.
• There is a chip on the card, it can be noticed by the chip reader but the chip is not EMV.

All fallbacks should be processed with issuer approval.

All fallbacks should be carried out with zero floor limit.

It should be stated on the device that the magnetic stripe must be read.

It is not possible to perform fall back on offline-only devices.

The issuer should be warned with the authorization message that the operation is a fallback operation.

Domestic approaches should not affect acceptance of non-EMV products (with or without chip).

• Copyright © 2012, BKM
• Home Page
• -
• Site Map
• -
• Links
• -
• Contact