Designing and proving an EMV-compliant payment protocol for mobile devices
1 : INRIA Nancy - Grand Est
(INRIA)
INRIA
615 rue du Jardin Botanique 54600 Villers-lès-Nancy -
France
2 : Orange Labs [Issy les Moulineaux]
France Télécom
38-40 Rue du Général Leclerc, Issy les Moulineaux Cedex 9, 92794, France -
France
3 : Orange Labs [Caen]
Orange Labs
Orange Labs 42 rue des Coutures 14066 Caen, France, -
France
We devise a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplify certification procedures and protocol maintenance. It is also fully compatible with the EMV SDA protocol and allows off-line payments for the users. We provide a formal model and full security proofs of our protocol using the TAMARIN prover.