The Future of EMVCo Next Gen

Back in 2011, when I was part of American Express, I was part of the team responsible for our involvement in the work of EMVCo.  At this stage in the work of EMV the discussion had turned to the confusion the multiple contactless kernels was creating in the market and more importantly the challenges we would face as the external threats increased demanding that the length of the RSA keys increase accordingly.  Ultimately we collectively determined the best course of action was to begin the work on what began know as “Next Gen”.  From the beginning it was well understood the migration from where we are today to the “Next Gen” technology solution, both in the card and on the terminal, would be complex and expensive.  In September of 2014 an initial specification was released and my understanding is that a draft has been issued to subscribers and Associates for review and feedback.

This post stems from a conversation with a good friend, he asked me if I thought there was still relevance to what is now being called 2nd Gen.  In that discussion we reviewed the genesis of the work, the baseline for EMV and the unfortunately reality of how contactless was implemented.  Our conversation then turned to the question of what makes the most sense live with what we have today or suffer the expense of the migration to a new solution.

Thinking back to the original reason for “Next Gen” was to consolidate the 7 contactless kernels into one common kernel and replacement  RSA with what was called XDA or Elliptic Curves.  When I think about these two requirements one can only wonder why in the most recent EMVCo Stated EMV® 2nd Generation there is no  reference to enhanced cryptography.  In fact the only thing the document describes is the creation of one unique kernel.

Referring back to the September 2014 Net Gen Specification there is clear reference to enhanced security with specific call out of “an elliptic curve Diffie-Hellman key establishment protocol with blinding applied by the card”.  I then remember hearing about issues with Elliptic Curves and wonder why there is no reference to enhanced cryptograph in this most recent EMVCo document.

Back to the question raised in our conversation.

Do I see value in the world investing in the migration to 2nd Generation?

The answer is I am not sure anymore. 

When EMV started we had four agreed requirements, summarized on this slide I initially created back in 1994.  Offline Authorization, in other words, the issuer’s ability to securely approve a transaction without requiring the terminal to request an expensive online authorization request was the reason Offline Authentication was part of the original design of EMV.

  • If the value of offline authentication, given the ubiquity of wired and wireless telecommunications networks, is deprecated.
  • If  the performance efficiencies, original seen in Elliptic Curves, is no longer as significant, given the increased threats and vulnerability.

Then why make the investment in changing the software in both the card and the terminal to support XDA?


  • If most if not all terminal manufacturers have addressed the complexity of the multi-kernel configurations, compounded by the existence of various unique national contactless kernels.

Then why demand the investment in supporting a complex migration from multiple kernels to a single EMVCo Licensed kernel?


The threat of quantum cryptograph suggests that most if not all asymmetric cryptographic algorithms commercially available will be broken.

It does beg the question.

What is the business case for driving the world into a expensive, long and complicated migration?

What we created in 1994, and EMVCo has maintained, is a very effective Online Authentication mechanism, the ARQC.  A mechanism based on symmetric cryptography which, as far as I can tell, will remain under the control of the Issuer and is not, as of yet, threatened by quantum computing.

I look forward to your feedback.







Something to wonder about

What You Have

The Two Sided Market

When we think of investing in various macro business needs e.g. revenue. We see that establishing relationships with customers to stimulate sales is why we create the goods and services, hopefully, others want.

If the buyer has something the seller wants, in exchange for the good or service they desire, then a transaction occurs. The challenge is simple, each party defines the value of what they are providing or exchanging and presto the trade occurs.

When society grows and the complexity of what each of us produces and when our needs are not aligned to this process called barter, a means of monetization is established. Society creates a trusted form of exchange – pebbles, coins, money, a promissory note or now even cyptocurrencies.

In other words, society creates an answer to enable the exchange of goods and services between parties who do not have goods and services the other party seeks in exchange.

With cash, coins or other trangible representations of value, commerce is easy. When we complicate things and worry about carrying cash and seek to buy things with debt. A need for a Network emerges.

These payment networks, by necessity, add complexity. They create the need to establish two sides to the market, one focused on the relationship with the buyer and the other with the seller.

Issuance and Acceptance. Two words to descibe the two sides of a network. It’s only when the two sides of the market have sufficient participants. Only at the tipping point, enough critical mass exists, to create a self sustaining network. This is the network. At this moment the network blossoms. If either side of the market does not achieve critical mass, the network collapses.

Any two entities familiar and trusting in the Brand, or each other, can easily establish a temporary relationship. Adding anonymity to the requirements, increases the leave of trust and recognition the Brand must establish.

In a digital environment we have to define mechanisms to share and establish trust across trillions of electrons. The two sides will not pursue understanding of nor focus on security. Until the risk exceeds a threshold unique to each party on either side of the market.

To often in the past, the idea of the individuality of the individual or the need to design security in from the beginning. Has left us with a legacy of system all needing design of custom approaches to how to integrate security with requisites necessary to capture, calculate and manage risk.

The Artifact of Trust

When a mutually trusted set of parties gives the citizen, consumer, employee or courtier a card, a device or an object and provides every acceptor with a reader capable of recognizing the trusted thing; then the two parties are in a position to establish “trust”. The consumer has a thing which is recognized and trusted by the acceptor. This is often referred to as “What You Have”.

Once the thing is recognized by the acceptor, then, the process of identification and authorizations (the transaction) can take place. The object – the artifact – carries an identifier. It possesses characteristics that establish its unique character. The object also posesses a means of assuring the acceptor the presentation of that identifier repreents a unique entity.

The simplest artifact of establishing “trust” is a hand held thing, be it a key, fob, card, watch, pendant, phone, ear piece. It does not matter what it is, all that counts is that the merchant recognizes it and that the consumer is willing to carry and present it.

Trust, for the merchant, means they can, according to the rules, recognize and authenticate the thing. They are then in a possition to pursue a temporary and trusted relationship. What can be achieved during the time the relationship of trusted is bounded, is the constrained by an additional layer. In this layer the consumer, the acceptor and any third parties address which the rights and privileges are to be granted or pursued. This is when the exchange, sale, conversation, tranaction, event or access is granted.

Two sides meet several common mediums of exchange are available.

[contact-form][contact-field label=”Name” type=”name” required=”true” /][contact-field label=”Email” type=”email” required=”true” /][contact-field label=”Website” type=”url” /][contact-field label=”Message” type=”textarea” /][/contact-form]