Paulo I may have lost the safecode stuff. I have no detailed description of EMV but that is probably easy to get on the net.
But I essentially described a multi-application smart card which could hold a credit-card function, a purse and in this case also an identity function using PKI. Since the card does not have a display or keyboard etc. there is no way to select what resource the card reading app is to use. It is therefore assumed that this is "hardcoded" into applications or that applications offer this selection. However, you cannot do a selection without having parts of the available resources accessible. In the case of the ID-application it is actually your full identity! To allow any merchant to monitor a card holder's identity is in to some extent already possible due to the PAN code, but to *extend* this "feature" seems to clearly be a step in the wrong direction. Anders ----- Original Message ----- From: "Safecode" <[EMAIL PROTECTED]> To: "Anders Rundgren" <[EMAIL PROTECTED]>; "internet-payments" <[EMAIL PROTECTED]> Sent: Sunday, September 19, 2004 04:55 Subject: Re: EMV cards as identity cards Hi Anders this is Paulo Newlands fm Brazil. Yr description abt Sweden way of payment does not made it fully clear to me. I have developed a payment security system (if I am not wrong I have already sent it to you in a previous old email) and I will be thakful by receiving an elaborated description of the Sweden system including the meaning of EMV cards and PKI. Rgds Paulo ----- Original Message ----- From: "Anders Rundgren" <[EMAIL PROTECTED]> To: "internet-payments" <[EMAIL PROTECTED]> Sent: Saturday, September 18, 2004 1:50 AM Subject: EMV cards as identity cards > In Sweden banks are combining the EMV payment application(s) > with a separate identity application using PKI. The reasons are > obvious, one card does it all. > > The drawback is that the card holder's identity including social > security numbers etc. is available for any merchant terminal > to read if they want, as the public keys (certificates) are not > protected by PIN codes etc. If they were protected the card > would be incompatible with existing software and become > harder to use so that is not an option. > > I would like to hear if anybody have heard of similar efforts > in other parts of the world. > > Anders Rundgren >
