Contactless (or NFC) tokens can be cloneable. Using this kind of tokens as means of payments, means of personal identification, or (in our case) means of access to transit services would be risky. That is why payment card systems and open-loop transit systems deal with non-cloneable tokens.
We somehow understand that credit cards and debit cards with chips are non-cloneable. But what this really means? What other types of non-cloneable tokens can be used in OpenFare?
This is explained below.
An NFC token is just a computer chip with an antenna. It is relatively easy to buy or produce another one. You do not even need to create another one of the same shape or type. It would be sufficient if a validator or point-of-sale cannot tell which tag is genuine and which is not (i.e. is a clone).
What makes validator to believe that this token is genuine? A non-cloneable token has the following mandatory features:
- It keeps some unique secret data in its memory.
- It never discloses this secret data to anybody. It is also not feasible to extract this data from the token chip using any kind of technical equipment.
- It can prove to the outer world (validators, point of sales, etc.) that it has that sacred unique data, without disclosing that data.
There are the following main methods used in payment card industry and beyond to verify the token authenticity. Let’s look at them closer.
Online Token Authentication
The token issuer’s computer host and the token share an encryption key. Each token has its own unique and secret encryption key and the host knows them.
When the token is engaged with a card acceptance device, the device sporadically creates some data (each time a new one and unpredictable) and asks the token to encrypt this data or create some time of cryptogram using this data. The device then sends both cryptogram and clear form (not encrypted) data to the issuer host. The issuer host verifies that the number was encrypted correctly. Only the genuine token can do this. Other tokens do not know this particular encryption key.
After that, the host responds to the card acceptance device with the verdict: the token is (or is not) genuine.
This type of token authentication takes rather long time because of the issuer request/response message latency. It is hardly acceptable in open loop fare systems.
Offline Token Authentication
This method is based on Public Key Cryptography. The contactless token secretly keeps so-called private key in its memory which can be used for electronically signing digital documents. In the payment card industry this method is called Dynamic Data Authentication (DDA) or, in case of contactless payment cards, Combined Data Authentication (CDA). Visa uses also similar term fDDA.
The card acceptance device, just as in case of Online Authentication, produces an unpredictable number and asks the token to sign it. Upon receiving the signed number from the token (as it were a signed document), the card acceptance device verifies the signature without any participation of the card issuer or other agent host.
This method becomes more and more popular but, it requires more cryptographic power and some card acceptance devices and contactless cards (tokens) can be slow. Some old cards combined with validators with slow computers may add up to half a second to the tap latency.
Closed-Loop Authentication
Closed loop cards used in many transit systems also can prove to the transit validator that they are genuine. They do it offline, without any presence of card issuer’s host. This is achieved by sharing the encryption key between validators (all validators have them) and cards.
This makes the validators “members” of the closed loop, the particular transit system. Validators that do not belong to this family (do not have these specific encryption keys) cannot tell whether the alien contactless closed loop card is genuine or not.