Re: fyi: On-card displays

2006-09-28 Thread Anne Lynn Wheeler

and for a whole lot of drift with respect to smartcards being pda/cellphone 
wanabees

Storm building over RFID-enabled passports
http://www.networkworld.com/news/2006/092106-rfid-passports.html

from above:

The chip, which is embedded inside the cover of the passport, contains only a 
duplicate copy of the passport photograph and the printed data. The digital 
data is intended to prevent forgeries by allowing inspectors to compare the 
printed and digital data.

... snip ...

the article mentions that integrity of the electronic data is protected by a 
digital signature (preventing tampering and/or forgeries).

At some level, the digitally signed data can be considered a electronic 
credential that is extremely difficult to counterfeit.

posting with number of references about cloning (electronic) passport data
http://www.garlic.com/~lynn/aadsm25.htm#11 And another cloning tale

from three factor authentication model
http://www.garlic.com/~lynn/subpubkey.html#3factor

* something you have
* something you know
* something you are

... frequently hardware tokens (chips) are implemented as something you have 
authentication (i.e. the chip supposedly contains some unique information ... which differentiates 
it from every other chip). some recent posts mentioning something you have 
authentication.
http://www.garlic.com/~lynn/aadsm25.htm#30 On-card displays
http://www.garlic.com/~lynn/aadsm25.htm#25 RSA SecurID SID800 Token vulnerable 
by design
http://www.garlic.com/~lynn/aadsm25.htm#16 Fraudwatch - ChipPIN one-sided story

however, taking the passport chip data as an electronic credential, cloning the 
information doesn't (directly) represent a vulnerability ...  since it is more 
analogous to digital certificates ... which are readily assumed to be widely 
distributable.

the passport chip data as an electronic credential containing a digital photograph ... and matching 
a person's face to the digital photograph then represents something you are 
authentication (as opposed to assuming the chip ...or even a cloned chip ... represents any sort of 
something you have authentication).

in theory, an electronic credential would be considered valid, regardless of 
any specific chip container that it might be carried in. one might then make 
the assertion, that a passport electronic
credential could be carried in any device capable of reliably reproducing the 
correct bits.

going back to the issue raised in
http://www.garlic.com/~lynn/aadsm25.htm#30 On-card displays

that most smartcards/chips are really pda/cellphone wanabees ... one might 
suggest that you could then even carry your electronic credential/passport in 
your pda or cellphone ... as opposed to needing a separate physical device.

the issue that then is raised are there any significant privacy considerations 
similar to privacy issues raised with x.509 identity digital certificates from 
the early 90s (having large amounts of privacy information in x.509 identity 
digital certificates widely distributed all over the place).

by the mid-90s, many institutions considered that the privacy and liability problems with 
x.509 identity digital certificates were so significant that they retrenched to 
relaying-party-only certificates. lots of past posts mentioning 
rpo-certificates
http://www.garlic.com/~lynn/subpubkey.html#rpo

these were digital certificates that effectively only contained some sort of 
database index or account number. the relying party then used the account 
number to retrieve the actual information of interest (w/o having to widely 
expose it in any way).

the analogy for an electronic passport infrastructure would be just needing to present 
the passport number. the actual credential data (and any photos or other information 
necessary for something you are authentication) is retrieved from secure 
online repository.

as repeatedly pointed out in the RPO digital certificate scenario ... it 
isn't even necessary to include the account/passport number in a digitally signed 
document ... since there is no information that needs integrity protection. the person 
just makes an assertion as to their correct account/passport number. the appropriate 
information is then retrieved from the online infrastructure and used for authentication 
(and whatever other required purposes). asserting the
wrong account/passport number presumably retrieves information that fails to 
result in valid authentication.

needing (some certification authority) to digitally sign the passport/account 
number (in the RPO scenario) for any possible integrity purposes, is then 
redundant and superfluous (one of my oft
repeated comments).


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: On-card displays

2006-09-28 Thread Anne Lynn Wheeler

[EMAIL PROTECTED] wrote:

From: Ian Brown [EMAIL PROTECTED]
Subject: On-card displays
To: [EMAIL PROTECTED]
Date: Wed, 20 Sep 2006 07:29:13 +0100


Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-making-cards-more-secure/

So, when do we see the combined chip/fingerprint reader/display on a
payment card :) Doesn't of course address the requirement that we want
evidence (such as a signed paper receipt) that can later be adjudicated
by a court with higher evidential standards than a bank statement that
their systems work perfectly...


for a decade or so ... i've made comments that the increasingly powerful 
smartcards are obsolete because they are really pda(/cellphone) wannabes (after 
some of the gov. technology transfer legislation in the early 90s, we did some 
consulting for one of the gov. agencies on attempting to move some smartcard 
chip based technology into the commercial sector ... and we could already see 
it was rapidly becoming obsolete).

the smartcard target of portable computing device from 70s/80s required various 
kinds of iso standards because of the lack of appropriate portable input/output 
capability  so there would be standardized, fixed input/output stations 
that could be used with the portable smartcards. that market niche for 
smartcards became obsolete with the appearance of pda/cellphone portable 
input/output capability sometime in the early to mid-90s.

possibly part of the problem was that there was significant investment in 
various kinds of smartcard technology during the 80s and 90s ... and when they 
became obsolete ... there was some amount of scurrying around attempting to 
obtain some/any return on the original investments ... even if it was only a 
few cents on the dollar.

they are now contending with various kinds of cellphone/pda payment delivery operations. 

there is some paradigm discontinuity tho. there is a tradition grown up where the institutions issue the card (payment, identification, etc) ... to some extent smartcard activities are attempting to capitalize on that legacy momentum. 


an individual's cellphone/pda tends to break that institutional centric issuing paradigm 
... since it can involve an individual taking their cellphone/pda (that they already 
have) and registering it for various activities/transactions/identification ... aka 
another form of something you have authentication ... but it is possibly a 
personal device rather than an institution issued device.

so there are already various kinds of pda/cellphones with display, input 
capability ... and
some of them even have their own biometric sensing capability.

the issue with electronic signature is demonstration of intent ... we got 
into that when we were asked to help word-smith some of the cal state (and later federal) 
electronic signature act. various past postings mentioning issue of establishing intent
http://www.garlic.com/~lynn/subpubkey.html#signature


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: On-card displays

2006-09-28 Thread Anne Lynn Wheeler

Steve Schear wrote:

I have a Mondex card from years ago that used a separate reader with LCD.


we were asked to do the design/sizing/cost for mondex infrastructure in the us. 


one of the things that turned up was much of the mondex infrastructure was 
based on float (initially essentially all going to mondex international) ... 
cards were almost incidental. somewhere along the way, mondex international 
even started offering to split the float with national organizations as an 
inducement to sign up.

somewhere along the way a group was also formed to try and map mondex to the 
internet ... which eventually morphed into IOTP.

misc. past posts that mention mondex
http://www.garlic.com/~lynn/aepay6.htm#cacr7 7th CACR Information Security 
Workshop
http://www.garlic.com/~lynn/aadsm6.htm#digcash IP: Re: Why we don't use digital 
cash
http://www.garlic.com/~lynn/aadsm7.htm#idcard2 AGAINST ID CARDS
http://www.garlic.com/~lynn/aadsm18.htm#42 Payment Application Programmers 
Interface (API) for IOTP
http://www.garlic.com/~lynn/aadsm20.htm#7 EMV
http://www.garlic.com/~lynn/aadsm21.htm#1 Is there any future for smartcards?
http://www.garlic.com/~lynn/aadsm23.htm#23 Payment systems - the explosion of 
1995 is happening in 2006
http://www.garlic.com/~lynn/2002e.html#14 EMV cards
http://www.garlic.com/~lynn/2002e.html#18 Opinion  on smartcard security 
requested
http://www.garlic.com/~lynn/2002g.html#53 Are you sure about MONDEX?
http://www.garlic.com/~lynn/2002g.html#54 Are you sure about MONDEX?
http://www.garlic.com/~lynn/2004j.html#12 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#14 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2005i.html#10 Revoking the Root
http://www.garlic.com/~lynn/2005v.html#1 Is Mondex secure?

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: On-card displays

2006-09-22 Thread Peter Gutmann
Steve Schear [EMAIL PROTECTED] writes:

I have a Mondex card from years ago that used a separate reader with LCD.

Oh, so you were the Mondex user!  I've always wondered who that was.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: On-card displays

2006-09-21 Thread Steve Schear

At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote:

Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-maki
ng-cards-more-secure/


I have a Mondex card from years ago that used a separate reader with LCD.

Steve 



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


fyi: On-card displays

2006-09-20 Thread Jeff . Hodges
From: Ian Brown [EMAIL PROTECTED]
Subject: On-card displays
To: [EMAIL PROTECTED]
Date: Wed, 20 Sep 2006 07:29:13 +0100


Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-maki
ng-cards-more-secure/

So, when do we see the combined chip/fingerprint reader/display on a
payment card :) Doesn't of course address the requirement that we want
evidence (such as a signed paper receipt) that can later be adjudicated
by a court with higher evidential standards than a bank statement that
their systems work perfectly...
- -- 
Blogzilla -- http://dooom.blogspot.com/


--

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]