Back in 2011, when I was part of American Express, I was part of the team responsible for our involvement in the work of EMVCo. At this stage in the work of EMV the discussion had turned to the confusion the multiple contactless kernels was creating in the market and more importantly the challenges we would face as the external threats increased demanding that the length of the RSA keys increase accordingly. Ultimately we collectively determined the best course of action was to begin the work on what began know as “Next Gen”. From the beginning it was well understood the migration from where we are today to the “Next Gen” technology solution, both in the card and on the terminal, would be complex and expensive. In September of 2014 an initial specification was released and my understanding is that a draft has been issued to subscribers and Associates for review and feedback.
This post stems from a conversation with a good friend, he asked me if I thought there was still relevance to what is now being called 2nd Gen. In that discussion we reviewed the genesis of the work, the baseline for EMV and the unfortunately reality of how contactless was implemented. Our conversation then turned to the question of what makes the most sense live with what we have today or suffer the expense of the migration to a new solution.
Thinking back to the original reason for “Next Gen” was to consolidate the 7 contactless kernels into one common kernel and replacement RSA with what was called XDA or Elliptic Curves. When I think about these two requirements one can only wonder why in the most recent EMVCo Stated EMV® 2nd Generation there is no reference to enhanced cryptography. In fact the only thing the document describes is the creation of one unique kernel.
Referring back to the September 2014 Net Gen Specification there is clear reference to enhanced security with specific call out of “an elliptic curve Diffie-Hellman key establishment protocol with blinding applied by the card”. I then remember hearing about issues with Elliptic Curves and wonder why there is no reference to enhanced cryptograph in this most recent EMVCo document.
Back to the question raised in our conversation.
Do I see value in the world investing in the migration to 2nd Generation?
The answer is I am not sure anymore.
When EMV started we had four agreed requirements, summarized on this slide I initially created back in 1994. Offline Authorization, in other words, the issuer’s ability to securely approve a transaction without requiring the terminal to request an expensive online authorization request was the reason Offline Authentication was part of the original design of EMV.
- If the value of offline authentication, given the ubiquity of wired and wireless telecommunications networks, is deprecated.
- If the performance efficiencies, original seen in Elliptic Curves, is no longer as significant, given the increased threats and vulnerability.
Then why make the investment in changing the software in both the card and the terminal to support XDA?
- If most if not all terminal manufacturers have addressed the complexity of the multi-kernel configurations, compounded by the existence of various unique national contactless kernels.
Then why demand the investment in supporting a complex migration from multiple kernels to a single EMVCo Licensed kernel?
The threat of quantum cryptograph suggests that most if not all asymmetric cryptographic algorithms commercially available will be broken.
It does beg the question.
What is the business case for driving the world into a expensive, long and complicated migration?
What we created in 1994, and EMVCo has maintained, is a very effective Online Authentication mechanism, the ARQC. A mechanism based on symmetric cryptography which, as far as I can tell, will remain under the control of the Issuer and is not, as of yet, threatened by quantum computing.
I look forward to your feedback.
One thought on “The Future of EMVCo Next Gen”
Just came across your blog. Interesting!
My opinion on EMVCo Next Gen:
1. the challenges it tries to address in current EMVCo terminal specs are valid. As there are the multiple contactless kernels, cryptography limitations, and dependency on smart card technology.
2. however (in my opinion) the Next Gen spec has other challenges:
– it is way to complex with all the modules, the module-to-module communication, the use of SQL statements in the spec, non-standardized communication between terminal and card. In short: it is to flexible and as a result to complex
– it requires the networks to change also. In my opinion EMVCo should have created a Next Gen spec that doesn’t require the networks to change.