دانلود کتاب Cryptography for Payment Professionals

فهرست مطالب :

Cover
Half Title
Title Page
Copyright Page
Dedication
Contents
Preface
Author Biography
List of Figures
1. Building Blocks
1.1. How to Read This Book
1.2. Notations and Formats
1.3. Cryptography
1.3.1. Complexity and feasibility
1.3.2. Quantum computing
1.3.3. Basics terms and definitions
1.3.4. Symmetric and asymmetric algorithms
1.4. Symmetric Algorithms
1.4.1. DES (DEA)
1.4.2. AES
1.5. Public Key Cryptography
1.5.1. RSA
1.5.2. Diffie-Hellman key exchange (DHE)
1.5.3. Shamir\'s Secret Sharing (SSS)
1.6. Elliptic-Curve Cryptography (ECC)
1.6.1. Background
1.6.2. Elliptic curve Diffie-Hellman (ECDH)
1.6.3. Elliptic curve integrated encryption scheme (ECIES)
1.7. Hash Functions
1.8. Combining Algorithms
1.8.1. Padding and cipher block chaining
1.8.1.1. Padding
1.8.1.2. Optimal asymmetric encryption padding (OAEP)
1.8.1.3. Electronic code book (ECB) and cipher block chaining (CBC)
1.8.2. Combined ciphers
1.9. Message Authentication Codes
1.9.1. CMAC
1.9.2. HMAC
1.9.3. DSS (DSA)
1.9.4. ECDSA
1.9.5. Authenticated encryption
1.9.6. Galois/Counter mode
1.10. Randomness and Key Derivation
1.10.1. NIST 800-108 key derivation functions
1.10.2. ConcatKDF key derivation function
1.11. Key Trust and Key Certificates
2. Understanding Payments
2.1. Introduction
2.2. Payment Methods
2.2.1. Card payments
2.2.2. Bank transfers
2.2.3. Digital wallets
2.2.4. Cryptocurrencies
2.2.4.1. Blockchain
2.2.4.2. Payment over blockchain
2.3. Security of Card Payments
2.3.1. Card authentication
2.3.2. Cardholder verification
2.3.3. Data security
3. Securing the Plastic: Magnetic Stripe and EMV
3.1. Overview
3.2. Definitions and Legacy Mechanisms
3.2.1. CVV/CVC calculation and CVKs
3.2.2. PVV, PVKs, and PVKI
3.3. EMV Transaction Flow
3.4. Card Authentication
3.4.1. Static data authentication
3.4.1.1. Key data format
3.4.1.2. Key recovery
3.4.1.3. Authenticating the static data
3.4.2. Dynamic data authentication
3.4.2.1. ICC key recovery
3.4.2.2. Dynamic signature generation
3.4.2.3. Combined data authentication
3.4.3. Cardholder verification
3.4.3.1. PIN block format 2 and offline plaintext validation
3.4.3.2. Encrypted offline PIN
3.4.3.3. Online PIN
3.4.3.4. PIN block formats 0, 1, 3, and 4
3.4.3.5. Key management methods
3.4.4. Application cryptograms and issuer authentication
3.4.4.1. Master key derivation
3.4.4.2. Session key derivation
3.4.4.3. Generation of the cryptogram
3.4.4.4. Issuer authentication
4. Securing the Network
4.1. Transport Layer Security (TLS)
4.1.1. Extensions
4.1.2. Key exchange
4.1.3. Server parameters
4.1.4. Authentication
4.1.5. Implementation considerations
4.2. JSON Object Signing and Encryption (JOSE)
4.2.1. JSON web algorithms (JWA)
4.2.2. JSON web key (JWK)
4.2.3. JSON web signature (JWS)
4.2.4. JSON web encryption (JWE)
4.3. 3D Secure and EMV 3-D Secure
4.3.1. Introduction
4.3.2. Overview
4.3.3. Key entities and protocol security
4.3.4. TLS requirements
4.3.5. Application-level security
5. Protecting the PIN
5.1. Introduction
5.2. Zoning
5.2.1. PIN translation
5.2.2. Key exchange and management
5.3. Key Encryption and Representation
5.3.1. X9.17 and variant formats
5.3.2. Key block
5.3.2.1. Key block header
5.3.2.2. Encryption and authentication (Binding)
5.3.2.3. Key block encryption key and key block MAC key generation
5.4. Derived Unique Key Per Transaction (DUKPT)
5.4.1. Design considerations
5.4.2. Key serial number (KSN)
5.4.3. Initial key derivation
5.4.4. Intermediate key derivation
5.4.4.1. TDES DUKPT intermediate key derivation
5.4.4.2. AES DUKPT intermediate key derivation
5.4.4.3. Acquiring host intermediate key derivation
5.4.4.4. Terminal intermediate key derivation
5.4.5. Working key derivation
6. Regulation and Compliance
6.1. Payment Services Directive 2 (PSD2)
6.2. PCI SSC
6.2.1. PCI PIN standard
6.2.2. PCI PIN Transaction Security Standard (PTS), SPoC, and CPoC
6.3. PCI Point-to-Point Encryption (P2PE)
6.4. PCI DSS, PCI PA DSS, and PCI 3DS
6.4.1. PCI Data Security Standard (PCI DSS)
6.4.2. PCI Payment Application Data Security Standard (PCI PA DSS)
6.4.3. PCI 3DS
A. Bits and Digits
A.1. On XOR and One-Time Pad
A.2. Parity Bits
A.3. Rightmost Bit (LSB)
A.4. Leftmost Bit (MSB)
A.5. Bit Cardinality
A.6. Luhn\'s Algorithm
A.7. Decimalization
A.8. Base64 Encoding
B. Cryptographic Examples
B.1. Some Cryptographic Libraries
B.1.1. OpenSSL library
B.1.1.1. Input/Output
B.1.1.2. Memory management and error handling
B.1.1.3. OpenSSL 3.0 and EVP
B.1.2. Shamir\'s secret sharing scheme
B.2. RSA
B.3. Diffie-Hellman Key Exchange
B.4. Shamir\'s Secret Sharing
B.5. DES and Triple DES
B.6. AES
B.7. OAEP
B.8. DSS (DSA)
B.9. HMAC and CMAC
B.10. TLS Client
B.11. TLS Certificate Examples
C. EMV Examples
C.1. Issuer Certificate Generation and Public Key Recovery
C.2. Static Data Authentication and AFL
C.3. ICC Certificate Generation and Public Key Recovery
C.4. Dynamic Signature Generation
C.5. ICC Master Key Derivation
C.5.1. Option A
C.5.2. Option B
C.5.3. Option C
C.6. ICC Session Key Derivation
C.7. ARQC Generation
C.8. ARPC Generation
D. PIN Examples
D.1. PIN Block Formats
D.2. Variant Key Encryption
D.3. Key Block Key Derivation
D.4. TDES DUKPT
D.4.1. Initial key derivation
D.4.2. Intermediate key derivation
D.4.3. Working key derivation
D.5. AES DUKPT
D.5.1. Initial key derivation
D.5.2. Intermediate key derivation
D.5.3. Working key derivation
E. JOSE Examples
E.1. JWE Example
F. Standard Bodies
F.1. National Institution of Standards and Technology (NIST)
F.2. American National Standards Institute (ANSI)
F.3. International Organization for Standardization (ISO)
F.4. Internet Engineering Task Force (IETF)
F.5. International Telecommunication Union (ITU)
F.6. EMVCo
F.7. Payment Card Industry Security Standards Council (PCI SSC)
References
Index