Philippe C. Martin wrote:
SCWEB assumes the user has a smart card (or any security device with
no RSA/elliptic curve support, but rather DES/3DES/AES .... )
connected to the PC.
The authentication is made between the users card and the SAM card,
and this _without_ using any certficate/signature as would be done
with the PKI achitecture ==> there is no need for any certification
authority, or rather, the SAM is the certification authority.
Is the web authentication only one example of many?
I do use this type of authentication with many of my other
applications but, as a better example, many financial applications
use the SAM/card architecture (still with symmetrical algorithms):
ex: MONEO (French national epurse ), VISA cash(VISA epurse), MONDEX
(master card epurse), B0' (French debit/credit application (to be
replaced soon by EMV), mchip-lite (Mastre card debit/credit
application), VSDC-SDA (VISA debit/credit application) .......
I do agree though that EMV push for DDA (RSA support); but there's a
lot of money involved and I do not think there is such a need for
identification/authentication application (price of card).
Can you clarify the paragraph with the list of epurse types? In
particular, are you suggesting tht Mastercard has altered Mondex from
its original RSA method to a DES method?
Peter
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
