On 07/28/2010 11:52 PM, Pat Farrell wrote:
I'd like to build on this and make a more fundamental change. The
concept of a revocation cert/message was based on the standard practices
for things like stolen credit cards in the early 1990s. At the time, the
credit card companies published telephone book sized listings of stolen
and canceled credit cards. Merchant's had the choice of looking up each
card, or accepting a potential for loss.

A lot of the smart card development in the mid-90s and beyond was based
on the idea that the smart card, in itself, was the sole authorization

that was one of my points ridiculing PKI in the mid-90s ... that the CRL was a 
return to offline point-of-sale payment operation ... and seemed to motivate 
the work on OCSP.

The difference was that in the move to real-time online transactions ... it got 
much high quality operation ... not only could it establish real-time 
valid/not-valid ... but also other real-time characteristics like real-time 
credit limit, recent pattern of transactions, and much more. by comparison, 
OCSP was an extremely poor man's real-time, online transaction

smartcard payment cards started out being stand-alone stored-value to 
compensate for the extremely expensive and limited availability of 
point-of-sale in much of the world ... aka it was stored-value operation where 
the operation could be performed purely offline (the incremental cost of the 
smartcard chip was offset by savings not requiring realtime, online 

The telco economics didn't apply to the US ... as seen by the introduction of 
"stored-value" magstripe based payment cards in the US that did real-time, online 
transaction ... which served the same market niche that the offline smartcard was performing 
in other parts of the world. Between the mid-90s and now, telco costs & connectivity has 
significantly changed around the world ... pervasive uniquitness of the internet, cellphone 
coverage, wireless, ... lots of things.

The common scenario in the past couple decades ... was looking to add more & 
more feature/function to smartcards to find the magical economic justification ... 
unfortunately, the increase in feature/function tended to also drive cost ... 
keeping the break even point just out of reach.

Part of the certificateless public key work was to look at chips as a cost item (rather 
than profit item ... since lots of the smartcard work was driven by entities looking to 
profit by smartcard uptake). The challenge was something that had stronger integrity 
than highest rated smartcard but at effective fully loaded cost below magstripe (i.e. I 
had joked about taking a $500 milspec part, cost reducing by 3-4 orders of magnitude 
while improving the integrity). Another criteria was that it had to work within the 
time & power constraints of a (ISO14443) contactless transit turnstyle ... while 
not sacrificing any integrity & security.

By comparison ... one of the popular payment smartcards from the 90s looked at the transit 
turnstyle issue ... and proposed a "wireless" sleeve for their contact card ... and 15ft 
electromagnetic "tunnels" on the approach to each transit turnstyle ... where public 
would walk slowly thru the tunnel ... so that the transaction would have completed by the time the 
turnstyle was reached.

Part of achieving lower aggregate cost than magstripe ... was that even after 
extremely aggressive cost reduction, the unit cost was still 2-3 times that of 
magstripe ... however, if the issuing frequency could be reduced (for chip)... 
it was more than recouped (i.e. magstripe unit cost is possibly only 1% of 
fully loaded issuing costs). Changing the paradigm from institutional-centric 
(i.e. institution issued) to person-centric (i.e. person uses the same unit for 
multiple purposes and with multiple institutions) ... saves significant amount 
more (replaces an issuing model with a registration model).

Turns out supposedly a big issue for a transition from an institution-centric (institution issuing) 
to person-centric paradigm ... was addressing how can the institution "trust" the unit 
being registered. Turns out that "trust" issue may have been obfuscation ... after 
providing a solution to institution trust ... there was continued big push back to moving off an 
institutional issuing (for less obvious reasons) ... some of the patent stuff (previous mentions) 
covered steps for moving to person-centric paradigm (along with addressing institutional trust 
issues). Part of it involved tweaking some of the processes ... going all the way back to while the 
chip was still part of wafer (in chip manufacturing ... and doing the tweaks in such a way that 
didn't disrupt standard chip manufacturing ... but at the same time reduced steps/costs).

virtualization experience starting Jan1968, online at home since Mar1970

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to