föstudagur 2. febrúar 2001 15:56, þú skrifaðir:
> IBM has crypto hardware (I believe it's the IBM4758) that uses control
> vectors on DES keys to indicate the possible usage of the keys. This does
> achieve functional separation as with PK. But generally people appear find
> it too complex and don't use it. Still a nice mechanism and worthwhile
> looking at. Maybe you can get some docs on the IBM redbooks site.
> (www.redbooks.ibm.com ?)
Yes, we have looked at this, but we need a slightly more mobile solution. The
hardware is interesting though.
Actually, something has occured to me. Could the Internal Validation keys be
used for this? Essentially, the Internal Validate command does the following:
R, i |--> E_{K_i}(R)
which the host then either compares to its own encryption of the same value R
or decrypts and compares to R.
The External Authenticate command also only uses these keys (or a different
set of keys?) to encrypt a random number and verify that the terminal can
perform the same encryption.
Assuming these are the only possible ways to use these keys, it seems to me
these commands could be used for encrypting session keys which could then be
decrypted later by someone who knows the validation key.
I'm nervous about abusing the semantics of the authentication commands like
this. However, it seems to me that if this were insecure in some way, that
could be used to fake InternalAuthentication and would be a weakness in the
card authentication and if we assume *that* to be secure...
Something for monday morning I guess :)
--
Logi Ragnarsson - [EMAIL PROTECTED]
Decode Genetics / Data Security
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
