Secure channel establishment between payment device and terminal device

Abstract

A method of establishing a secure channel for communication between a first computing device and a second computing device is described. The method uses an elliptic curve Diffie-Hellman protocol, wherein G is an elliptic curve generator point and the first computing device has a unique private key dwith a public key Q=dG certified by a party trusted by the second computing device. The first computing device generates () a blinding factor r and sends () a blinded public key R=r·Qto the second computing device. The second computing device generates () an ephemeral private key dand a corresponding ephemeral public key Q=dG and sends Qto the first computing device. The first computing device generates () K=KDF(r d·Q) and the second computing device generates () K=KDF(d·R), where KDF is a key derivation function used in both generation operations, to establish a secure channel between the first computing device and the second computing device. G is a point in the elliptic curve group E, wherein E is a group of prime order but E* is the quadratic twist of E and is a group of order m=z·m' where m′ is prime and z is an integer, wherein r·dis chosen such that z is a factor of r·d. Suitable apparatus for performing the method is also described.