University of Brighton
With over 1.6 billion debit and credit cards in use worldwide, the EMV system (a.k.a. \"Chip-and-PIN\") has become one of the most important deployed cryptographic protocol suites. Recently, the EMV consortium has decided to upgrade the existing RSA based system with a new system relying on Elliptic Curve Cryptography (ECC). One of the central components of the new system is a protocol that enables a card to establish a secure channel with a card reader. In this paper the authors provide a security analysis of the proposed protocol, they propose minor changes/clarifications to the \"Request for Comments\" issued in Nov 2012, and demonstrate that the resulting protocol meets the intended security goals.