Advertisement

Tokenisation Blacklisting Using Linkable Group Signatures

  • Assad Umar
  • Iakovos Gurulian
  • Keith Mayes
  • Konstantinos Markantonakis
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 198)

Abstract

Payment cards make use of a Primary Account Number (PAN) that is normally used by merchants to uniquely identify users, and if necessary to deny users service by blacklisting. However, tokenisation is a technique whereby the PAN is replaced by a temporary equivalent, for use in mobile devices that emulate payment cards, but with reduced attack resistance. This paper outlines how tokenised payments contradict the process of blacklisting in open transport systems. We propose the use of a linkable group signature to link different transactions by a user regardless of the variable token. This allows the transport operator to check if a user’s signature is linked to a previous dishonest transaction in the blacklist, while still maintaining the anonymity of the user.

Keywords

Smart Card Near Field Communication Secure Element Bank Card Dishonest User 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Identification cards - Identification of issuers - Part 1: Numbering system. ISO/IEC 7812–1. Standard, International Organization for Standardization, Geneva, CH (2015)Google Scholar
  2. 2.
    The UKCARDS Association. Card expenditure statistics, JanuaryGoogle Scholar
  3. 3.
    International Organization for Standardization (ISO). Identification cards - Contactless integrated circuit cards - Proximity cards (2008)Google Scholar
  4. 4.
    Yeager, D.: Added NFC Reader support for two new tag types: ISO PCD type A and ISO PCD type B (2012)Google Scholar
  5. 5.
    Android Developer Guide. Host-based Card Emulation. https://developer.android.com/guide/topics/connectivity/nfc/hce.html
  6. 6.
    MNFCC-14002: Host Card Emulation (HCE) 101, SmartCardAlliance, Technical report MNFCC-14002, August 2004. http://www.smartcardalliance.org/downloads/HCE-101-WP-FINAL-081114-clean.pdf
  7. 7.
    Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. In: Mobile and Secure Services (MOBISECSERV), pp. 1–6, February 2015. doi: 10.1109/MOBISECSERV.2015.7072872
  8. 8.
    Radu, C.: Implementing Electronic Card Payment Systems. Artech House Computer Security Series. Artech House, USA (2003)Google Scholar
  9. 9.
    Samsung Pay Will Transform the Mobile Wallet Experience. Standard, Samsung Electronics Co. Ltd. (2016)Google Scholar
  10. 10.
    Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). doi: 10.1007/3-540-45748-8_24 CrossRefGoogle Scholar
  11. 11.
    Information technology - Security techniques - Anonymous digital signatures. Standard, International Organization for Standardization, Geneva, CH (2013)Google Scholar
  12. 12.
    Canard, S., Schoenmakers, B., Stam, M., Traoré, J.: List Signature Schemes, vol. 154, pp. 189–201. Elsevier Science Publishers B.V., Amsterdam (2006)zbMATHGoogle Scholar
  13. 13.
    Brakewood, C.E.: Contactless Prepaid and Bankcards in Transit Fare Collection Systems, June 2010Google Scholar
  14. 14.
    Arfaoui, G., Dabosville, G., Gambs, S., Lacharme, P., Lalande, J.-F.: A Privacy-Preserving NFC Mobile Pass for Transport Systems, vol. 2, p. e4 (2014)Google Scholar
  15. 15.
    Ekberg, J.-E., Tamrakar, S.: Mass transit ticketing with NFC mobile phones. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 48–65. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32298-3_4 CrossRefGoogle Scholar
  16. 16.
    Transport Committee: The Future of Ticketing. Greater London Authority (2011)Google Scholar
  17. 17.
    Krikorian-Slade, B., Burholt, N.M.A.: Contactless Transit Framework. Standard and Cards Association, UK (2016)Google Scholar
  18. 18.
    Annual Fraud Indicator: Report. University of Portsmouth, Centre for Counter Fraud Studies, Portsmouth, England (2016)Google Scholar
  19. 19.
    Gentry, C.: Certificate-based encryption and the certificate revocation problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_17 CrossRefGoogle Scholar
  20. 20.
    EMV Payment Tokenisation Specification. Standard (2014)Google Scholar
  21. 21.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi: 10.1007/3-540-48285-7_30 Google Scholar
  22. 22.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_33 Google Scholar
  23. 23.
    Mut-Puigserver, M., Magdalena Payeras-Capellí, M., Ferrer-Gomila, J.-L., Vives-Guasch, A., Castellí-Roca, J.: A Survey of Electronic Ticketing Applied to Transport, vol. 31, pp. 925–939. Elsevier Advanced Technology Publications, Oxford (2012)Google Scholar
  24. 24.
    Potzmader, K.: ISO20008-2.2 Group Signature Scheme Evaluation on Mobile Devices (2013)Google Scholar
  25. 25.
    Potzmader, K., Winter, J., Hein, D., Hanser, C., Teufl, P., Chen, L.: Group Signatures on Mobile Devices: Practical Experiences, pp. 47–64 (2013)Google Scholar
  26. 26.
    Bassil, Y.: A comparative study on the performance of the top DBMS systems (2012). abs/1205.2889
  27. 27.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme, pp. 255–270. Springer, London (2000)zbMATHGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017

Authors and Affiliations

  • Assad Umar
    • 1
  • Iakovos Gurulian
    • 1
  • Keith Mayes
    • 1
  • Konstantinos Markantonakis
    • 1
  1. 1.Information Security Group, Royal HollowayUniversity of LondonEgham, SurreyUK

Personalised recommendations