EMV Certification Authority System

According to EMV standards, a “card brand” plays the role of a Certification Authority (“CA”) in the offline authentication processes of EMV cards (SDA, DDA or CDA). To perform the role of a "CA", a card brand requires a system that is able to manage RSA keys, in a secure way, in order to authenticate public keys from its card issuers.

The “CA Manager" is a simple system designed to provide all necessary functions to create an EMV Certification Authority:

  • Creation of RSA key pairs (“CA” keys”);
  • Exporting of “CA” public keys to be loaded in the payment terminals;
  • Importing of Issuer Public Keys;
  • Signature of Issuer Public Keys using “CA” private keys; and
  • Exporting of the Issuer Public Key Certificate and other necessary information for the issuers to generate their cards.

The “CA Manager” is a low-cost MS/Windows application, since it does not require any security hardware, such as HSM. The “CA” private keys are protected by “passphrases” and encrypted using the AES algorithm. This is implemented in a way that only authorized personnel (from the card brand) are allowed to perform the process of signing the Issuer Public Keys.

The “CA Manager” is completely generic and it may be used for any EMV system, independent of the card technology (VSDC, M/Chip, jEMVS, mEMVS or any other).

A completely functional version is available to download and test.