Re: EMV cards as identity cards

[lynn . wheeler]

this is similar to the problem with identity x.509 certificates that EU
financial institutions identified in the early 90s  and resulted in EU
(as well as other) financial institutions migrating to relying-party-only
certificates in the mid-90s (i.e. effectively containing only an account
number and a public key).

also in the mid-90s ... the EU has some dictate that retail point-of-sale
electronic transactions should be as anonymous as cash. there was then some
push to have names taken off of payment cards for point-of-sale
transactions  leaving only the PAN (not just chip-cards ... but all
retail, point-of-sale cards).

of course, the relying-party-only certificates with just PAN and public key
 resulted in mainly online transactions; however it was trivial to show
that relying-party-only certificates are redundant and superfluous in
online transactions  since the relying-party will also be the issuing
party and therefor have the public key onfile at the relying/issuing party.
a traditional ISO 8583 payment transactions (upgraded to include an
appended digital signature) coming into a issuing/relying party ... will
have a PAN ... looking up the account number ... and being able to retrieve
the public key from the account record.

this makes the public key carried in an appended relying-party-only
certificate redundant and superfluous  since the only other information
in the relying-party-only certificate is the PAN ... which is carried in
the 8583 transaction itself, this makes the whole relying-party-only
certificate also redundant and superfluous.

the other issue with redundant and superfluous relying-party-only
certificates that various of the payment pilots of the mid-90s that had
relying-party-only certificates  was that the typical redundant and
superfluous relying-party-only certificate could be approximately two oders
of magnitude (100 hundred times) larger than the base 8583 payment
transaction itself. the result was an enormous payload bloat (of 100 times)
to append a redundant and superfluous relying-party-only certificate to a
typical 8583 payment transaction

similar thread in this mailing list earlier this spring:
http://www.garlic.com/~lynn/aadsm17.htm#12 A combined EMV and ID card
http://www.garlic.com/~lynn/aadsm17.htm#13 A combined EMV and ID card


at 9/17/2004 10:50 pm, anders wrote:

In Sweden banks are combining the EMV payment application(s)
with a separate identity application using PKI.  The reasons are
obvious, one card does it all.

The drawback is that the card holder's identity including social
security numbers etc. is available for any merchant terminal
to read if they want, as the public keys (certificates) are not
protected by PIN codes etc.  If they were protected the card
would be incompatible with existing software and become
harder to use so that is not an option.

I would like to hear if anybody have heard of similar efforts
in other parts of the world.

Anders Rundgren


--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm

x9.99 privacy note

[lynn . wheeler]

x9.99 privacy impact assesement standard has been approved
www.x9.org
and the document should show up on the ansi electronic store before too
long

and the work item has been approved for iso tc68
www.tc68.org
http://www.iso.ch/iso/en/stdsdevelopment/tclist/TechnicalCommitteeDetailPage.TechnicalCommitteeDetail?TC=68

there is some slightly related information  i have a start at a merged
privacy
glossary and taxonomy at
http://www.garlic.com/~lynn/index.html#glosnote

--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm

Re: EMV cards as identity cards

[lynn . wheeler]

on of the issues in the account/identity fraud scenarios is that
just knowing the PAN  allows fraudulent transactions to be performed.
you start to see things like harvesting of merchant transaction
files that provide PANs for fraudulent transactions. recent studies
have indicated that possible at least 77 percent of such harvesting
involves insiders.

part of the scenario is the security versus risk discussed in
this posting about merchant transaction file harvesting ans
security proportional to risk:
http://www.garlic.com/~lynn/2001h.html#61

on of the requirements given the x9a10 working group for x9.59
standard was to preserve the integrity of the financial infrastructure
for all retail payments. the resulting x9.59 standard
http://www.garlic.com/~lynn/index.html#x959

uses digital signature to authenticate retail transactions (regardless
of kind, including iso 8583 payment transactions) but doesn't mandate
the horrendous payload bloat of attaching a redundant and superfulous
relying-party-only certificate.

x9.59 also specifies that account numbers that are used in x9.59
transactions can not be used in non-authenticated transactions.
the result is that it is no longer possible to perform fraudulent
payment transactions just by learning an account number. the scenario
then is that if it is no longer possible to perform fraudulent
transactions by harvesting (x9.59) account numbers from merchant
transaction files  then it is no longer necessary to maintain
such high security infrastructures to prevent crooks from acquiring
knowledge of account numbers.

we've referred to this being privacy or identity agnostic 
as opposed to truely anonymous. there is still an account number
floating around ... but typically has no other identifying
information ... unless somebody gets a court order to acquire
the information from your financial institution. misc references
to privacy, identity, x9.59, etc
http://www.garlic.com/~lynn/subpubkey.html#privacy

misc. past postings mentioning privacy/identity agnostic:
http://www.garlic.com/~lynn/ansiepay.htm#privacy more on privacy
http://www.garlic.com/~lynn/aadsm6.htm#terror12 [FYI] Did Encryption
Empower These Terrorists?
http://www.garlic.com/~lynn/aepay7.htm#liberty Network Identity Alliance --
Liberty Alliance Project
http://www.garlic.com/~lynn/aepay11.htm#73 Account Numbers. Was: Confusing
Authentication and Identiification? (addenda)
http://www.garlic.com/~lynn/2002m.html#55 Beware, Intel to embed digital
certificates in Banias
http://www.garlic.com/~lynn/2002n.html#25 Help! Good protocol for national
ID card?
http://www.garlic.com/~lynn/2002n.html#30 Help! Good protocol for national
ID card?
http://www.garlic.com/~lynn/aadsm18.htm#22 [anonsec] Re: potential new IETF
WG on anonymous IPSec


at 9/18/2004 11:32 pm anders wrote:

Paulo
I may have lost the safecode stuff.

I have no detailed description of EMV but that is probably easy to
get on the net.

But I essentially described a multi-application smart card which could
hold a credit-card function, a purse and in this case also an identity
function using PKI.

Since the card does not have a display or keyboard etc. there is no
way to select what resource the card reading app is to use.  It is
therefore assumed that this is hardcoded into applications or that
applications offer this selection.  However, you cannot do a selection
without having parts of the available resources accessible.  In the
case of the ID-application it is actually your full identity!

To allow any merchant to monitor a card holder's identity is in
to some extent already possible due to the PAN code, but to *extend*
this feature seems to clearly be a step in the wrong direction.
--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm