PBOC/EMV has two very important concepts,SDA (static data authentication) and DDA (Dynamic Data authentication), respectively called Static data authentication and Dynamic Data authentication . These two certifications are certified offline (off-line) .
the principle of SDA implementation is digital signature . The process is as follows: The data in the IC card first sign, it is to use a hash to generate a short representation of the data as a summary of the data, and then, the digest encrypted, get a signature; Then send the data and the encrypted signature to the terminal. Terminal in this end of the received data hash, get a signature, and then the received encryption signature decryption, and get a signature, compare two signatures, you can know whether the data has been modified, if the data has been modified, two signatures are different. validation does not pass.
In addition to the function of SDA, the DDA's signature is dynamic in its most powerful place. It implements the following principle: Compared with SDA, the signature of SDA is fixed when the card is issued, it encrypts the private key is the private key of the issuing bank, and each time the DDA uses the signature data is some dynamic data in the current transaction , the private key used for signing encryption is the IC card private key , the private key is stored in a secure area of the IC card. The end of the terminal has a corresponding public key to decrypt.
Visa and master have announced the use of offline-enabled IC cards issued by all European banks since 2011.
Introduction to SDA and DDA in PBOC/EMV