On 07/28/2010 11:52 PM, Pat Farrell wrote:
I'd like to build on this and make a more fundamental change. The
concept of a revocation cert/message was based on the standard practices
for things like stolen credit cards in the early 1990s. At the time, the
credit card companies published telephone book sized listings of stolen
and canceled credit cards. Merchant's had the choice of looking up each
card, or accepting a potential for loss.
A lot of the smart card development in the mid-90s and beyond was based
on the idea that the smart card, in itself, was the sole authorization
that was one of my points ridiculing PKI in the mid-90s ... that the CRL was a
return to offline point-of-sale payment operation ... and seemed to motivate
the work on OCSP.
The difference was that in the move to real-time online transactions ... it got
much high quality operation ... not only could it establish real-time
valid/not-valid ... but also other real-time characteristics like real-time
credit limit, recent pattern of transactions, and much more. by comparison,
OCSP was an extremely poor man's real-time, online transaction
smartcard payment cards started out being stand-alone stored-value to
compensate for the extremely expensive and limited availability of
point-of-sale in much of the world ... aka it was stored-value operation where
the operation could be performed purely offline (the incremental cost of the
smartcard chip was offset by savings not requiring realtime, online
The telco economics didn't apply to the US ... as seen by the introduction of
"stored-value" magstripe based payment cards in the US that did real-time, online
transaction ... which served the same market niche that the offline smartcard was performing
in other parts of the world. Between the mid-90s and now, telco costs & connectivity has
significantly changed around the world ... pervasive uniquitness of the internet, cellphone
coverage, wireless, ... lots of things.
The common scenario in the past couple decades ... was looking to add more &
more feature/function to smartcards to find the magical economic justification ...
unfortunately, the increase in feature/function tended to also drive cost ...
keeping the break even point just out of reach.
Part of the certificateless public key work was to look at chips as a cost item (rather
than profit item ... since lots of the smartcard work was driven by entities looking to
profit by smartcard uptake). The challenge was something that had stronger integrity
than highest rated smartcard but at effective fully loaded cost below magstripe (i.e. I
had joked about taking a $500 milspec part, cost reducing by 3-4 orders of magnitude
while improving the integrity). Another criteria was that it had to work within the
time & power constraints of a (ISO14443) contactless transit turnstyle ... while
not sacrificing any integrity & security.
By comparison ... one of the popular payment smartcards from the 90s looked at the transit
turnstyle issue ... and proposed a "wireless" sleeve for their contact card ... and 15ft
electromagnetic "tunnels" on the approach to each transit turnstyle ... where public
would walk slowly thru the tunnel ... so that the transaction would have completed by the time the
turnstyle was reached.
Part of achieving lower aggregate cost than magstripe ... was that even after
extremely aggressive cost reduction, the unit cost was still 2-3 times that of
magstripe ... however, if the issuing frequency could be reduced (for chip)...
it was more than recouped (i.e. magstripe unit cost is possibly only 1% of
fully loaded issuing costs). Changing the paradigm from institutional-centric
(i.e. institution issued) to person-centric (i.e. person uses the same unit for
multiple purposes and with multiple institutions) ... saves significant amount
more (replaces an issuing model with a registration model).
Turns out supposedly a big issue for a transition from an institution-centric (institution issuing)
to person-centric paradigm ... was addressing how can the institution "trust" the unit
being registered. Turns out that "trust" issue may have been obfuscation ... after
providing a solution to institution trust ... there was continued big push back to moving off an
institutional issuing (for less obvious reasons) ... some of the patent stuff (previous mentions)
covered steps for moving to person-centric paradigm (along with addressing institutional trust
issues). Part of it involved tweaking some of the processes ... going all the way back to while the
chip was still part of wafer (in chip manufacturing ... and doing the tweaks in such a way that
didn't disrupt standard chip manufacturing ... but at the same time reduced steps/costs).
virtualization experience starting Jan1968, online at home since Mar1970
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com