Secured Communication with the Payment Networks

Tokenization plus end-to-end 3DES encryption

Summarized in the card enrollment and payment workflows on page 4, each device running Samsung Pay is provisioned with an asymmetric key pair known as the Device Root Key (DRK). Each DRK is given a universally unique identifier (UUID) and is signed by a single Samsung root certificate. Paired with its UUID, the DRK is managed in each device by a single TA in the Secure World known as the Secure Key Management Module (SKMM). The SKMM controls access to the certificate.

Certificate authentication

Each derived certificate can only be used by a single TA. As part of the certificate common name (CN), the derived certificate includes information about the TA authorized to use the certificate. Each card network TA is granted access to a single certificate so that it can uniquely identify itself when communicating with its corresponding card network. For example, the Visa TA is given an exclusive certificate which only the Visa TSP can identify.

Derived certificates are used to authenticate encryption keys along with card data during enrollment. Data encrypted using one of these encryption keys can only be decrypted by the corresponding card network TA. When the card network receives signed card enrollment details, it first verifies that the data came from its own TA. This is accomplished by verifying the certificate chain from the card network TA certificate to the Samsung root certificate. It then uses the encryption key associated with the card data to encrypt the tokenized card details for its card network TA, thereby ensuring that tokenized card details can only be read by the card network’s own trusted app.

Shown in Figure 5, each card network also has access to a set of unique keys and certificates. The method of transferring certificates to the card network TAs varies, but in all cases the certificates are verified against a pernetwork trusted root certificate. These trusted root certificates are pre-provisioned to their respective trusted apps, and cannot be modified. The card network certificates authenticate tokenized card details added to Samsung Pay to ensure that cards used with Samsung Pay have been approved by the respective card networks.

Figure 5 Certificate distribution and management

Figure 5 Certificate distribution and management

Transaction security

Each tokenized transaction includes a nonce (an arbitrary number) used only once by the card network per token. It is authenticated with the cryptogram authentication code. This prevents stolen transaction data from being replayed to make fraudulent purchases. The key difference between traditional magnetic stripe payments and Samsung Pay’s tokenized MST and NFC payments is the inability of attackers to replay transactions for payments.

A user who pays with the Samsung Pay app must select an already enrolled card. Based on the configured authentication type, the Samsung Pay app starts either the Fingerprint TA or Trusted PIN Pad (TPP) TA, then waits for trusted user authentication. Computation of the cryptogram is only allowed after a successful authentication, and only once per authentication.

Pictured in Figure 6, when transaction authorization reaches the merchant’s POS terminal, the terminal forwards the details to the card network. The card network then verifies the authenticity of the transaction by reconstructing the expected cryptogram and comparing it against the one that was passed by the merchant.

Figure 6 Samsung Pay payment initiation workflow

Figure 6 Samsung Pay payment initiation workflow

End-to-end protection of the cryptogram guarantees that only the particular card network TA has access to the key required to generate cryptograms. Only one cryptogram can be generated per explicit user authentication. The cryptogram also cannot be brute-forced outside of the card network TA and can only be used for a single transaction. Combined, this guarantees that every transaction initiated by Samsung Pay using a token is explicitly authorized by the user.

After a payment is accepted by the issuer, the card network may, at its option, send a notification back to the device that contains details of the accepted transaction. The details are encrypted using cryptographic keys associated with the TA specific to the card network and are only decryptable by the device on which the corresponding token resides.