Which is what many of us are concerned about when bankers and central administrations are mixed. But clearly the bankers need some authentication of the card platform - and the card platform should seek to authenticate the cardholder. So here the bankers are bypassing that separation - but of course the bankers already know your ID information, so they are just simplifying matters by checking that the card has your ID on it.
In the European GIF there was a conflict between those who said that your ID would be freely readable and those who said you must be able to keep it secret (PIN protected). This, unfortunately, ends up showing that different countries have different laws on visibility of your ID information. But who else can use that back door? And can that card securely host your private signing key? Peter ----- Original Message ----- From: "Anders Rundgren" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "David Everett" <[EMAIL PROTECTED]> Sent: Sunday, March 14, 2004 7:15 PM Subject: [Muscle] Privacy using a combined EMV and ID card > A slightly disturbing "side effect" of mixing accounts > and IDs using the Finish and Swedish schemes, is that > each time you perform a payment, the POS terminal > can without any PIN-codes etc, also read the user's ID- > certificates (public keys), effectively "leaking" identity > information to parties that should not necessarily have > such information. > > Anders > > ----- Original Message ----- > From: "Peter Tomlinson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: "David Everett" <[EMAIL PROTECTED]> > Sent: Saturday, March 13, 2004 19:45 > Subject: Re: [Muscle] A combined EMV and ID card > > > Who issues and manages and guarantees the ID information on the card? The > bank? Or the government? That is absolutely crucial. > > Anders: Do you know any details of the technology used for the ID? > > Peter > ----- Original Message ----- > From: "Anders Rundgren" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, March 13, 2004 4:31 PM > Subject: [Muscle] A combined EMV and ID card > > > > A combined EMV and ID card > > ---------------------------------- > > > > In Sweden banks are gearing up (in "bank-speed"...) for > > issuing combined EMV and ID-cards. The reason behind that > > is to reuse the card infrastructure as well as due to the fact > > that banks already are ID-issuers. This system apparently > > already exists in Norway although not in electronic form yet. > > > > Technically I see no difficulties with this, but my (open) question > > is if this should be considered as a short-term "fix" or a viable > > long-term scheme even on a global scale. > > > > Personally I have some problems with mixing an "account" which > > is a potentially sharable resource, with an "ID" which is not legal > > to share with others, as well as a nuisance to be without. That is, if > > I let my kids pay for something on the Internet, I will using a "combo" > > card give them a "passport" to possibly a myriad of other things as > > well. To have different PIN-codes may be a possibility but most > > people don't appreciate multiple PIN-codes. I am one of them :-) > > > > Currently this is "theory" as EMV on the Internet is still mostly > > a dream. ID on the other hand is for real. > > > > Regarding Internet-payments, it seems that you long-term, rather > > would give other valid [and properly authenticated] users of an > > account, an "entitlement" to perform certain payments using > > 3D Secure-like schemes instead of requesting credit cards for your > > kids (or employees). Because then, You, the account owner can > > administer and monitor account sharing yourself in the on-line bank > > holding the account. Probably, banks will find this idea slightly > > "challenging", but it is indeed a logical next step. > > > > It looks to me that the need for secure IDs is much bigger than > > the need for secure "payment-tokens" if we restrict the scope to > > Internet-payments. > > > > Just my 0.2 EUR > > > > Anders Rundgren > > Consultant, PKI & e-Business > > +46 70 - 627 74 37 > > _______________________________________________ > > Muscle mailing list > > [EMAIL PROTECTED] > > http://lists.musclecard.com/mailman/listinfo/muscle > > > > > > > _______________________________________________ > Muscle mailing list > [EMAIL PROTECTED] > http://lists.musclecard.com/mailman/listinfo/muscle > _______________________________________________ > Muscle mailing list > [EMAIL PROTECTED] > http://lists.musclecard.com/mailman/listinfo/muscle > > _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
