(although not in X9.59 that requires local signatures
which is not a part of the 3D protocol).
Anders
- Original Message -
From: [EMAIL PROTECTED]
To: Anders Rundgren [EMAIL PROTECTED]
Cc: internet-payments [EMAIL PROTECTED]
Sent: Tuesday, July 02, 2002 11:32
Subject: Re: 3D Secure Protocol
Message -
From: Todd Boyle [EMAIL PROTECTED]
To: Anders Rundgren [EMAIL PROTECTED]; [EMAIL PROTECTED];
'Internet-Payments'
[EMAIL PROTECTED]
Sent: Monday, July 29, 2002 00:02
Subject: Re: [3d-secure] 3D Secure and EMV
But PTDs suffer from political problems of a magnitude
that few
not published.
I would be very happy to hear what the PKI community in general
think about this scheme as the future for PKI. Off-list responses
will be treated as CONFIDENTIAL information.
Anders Rundgren
. The relying parties only pay for verifications
Anders
- Original Message -
From: Ed Gerck [EMAIL PROTECTED]
To: Anders Rundgren [EMAIL PROTECTED]
Cc: internet-payments [EMAIL PROTECTED]
Sent: Tuesday, November 12, 2002 20:03
Subject: Re: Identification = Payment Transaction?
Anders:
PKI
According to MobeyForum EMV should be used for local
payments and 3D Secure for remote payments.
What is the point of having two entirely different ways to
pay using a mobile phone?
Using 3D, the banks need only issuing a single digital ID
as the same ID can be used for on-line banking.
/anders
Lynn,
You must join the new OASIS PKI TC that is trying to address why
PKI have failed. Note: I don't share your view that TTPs are useless,
as entire societies are built on TTPs. I.e. governments.
Hopefully CAs can do better than governments as the former's tasks
are better defined and very
Arjeh,
That would of course work.
The reason I would not do like that is that it seems like an ID-certificate
would be more useful in other contexts than a credit-card certificate.
Anyway, this is a competition with time and market acceptance.
Anders Rundgren
- Original Message -
From
Being relatively uninterested in bringing down Microsoft, but
extremely interested in the key to secure commerce, I wonder
if someone can shed some more light on this fantastic technology
that took more that 3 years to productify?
http://www.intertrust.com/main/overview/trustcomputing.html
I have some objections and question to this.
1. Anonymity does not seem to be supported. Isn't that a key for
any kind of petty-cash replacement?
2. Although Mr. Rivest probably have had great use of his share of the
RSA IPR, times have changed and patents have become out-of-fashion,
on a major scale, while signed and encrypted
mail is after more than ten years, still very sparsely used.
My 2 cents.
Anders Rundgren
Consultant, PKI and secure e-business
+46 70 - 627 74 37
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday
Dave,
The new Chip and Pin schemes address security in the real world while 3-D
Secure goes some of the way to address security in the on-line world. I have
yet to see a cost effective solution for both environments.
This is the interesting part. In what way is 3D secure more expensive
to
in their next update
claims to have about the same PKI support in their two phone
OSes, as has been available in Windows for years.
Sincerely
Anders Rundgren
Project leader for one such mobile phone-based PKI project,
occasionally referred to as the smart card killer.
+46 70 - 627 74 37
. In addition,
Microsoft's entrance in the mobile phone market, will also put
pressure on the other players as Microsoft in their next update
claims to have about the same PKI support in their two phone
OSes, as has been available in Windows for years.
Sincerely
Anders Rundgren
Project leader for one
in 18 months or so.
The on-line paradigm changes [almost] everything.
Sincerely
Anders Rundgren
regarding the references to FINREAD I believe the vision as
represented by the following document
http://www.finread.com/pages/finread_initiatives/ec_funded_projects/02_embedded.html
has little foundation in reality. I.e. reading current king-sized
smart credit cards in mobile phones or PDAs
Did I read this correctly?
Transferring _images_ of paper-checks?
The US banking industry must be one of the most under-developed
areas of the entire e-universe!
Anders
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003
A problem in this area is the all-over-the-map representation
of entities when you go outside of the original (bank) account
number. Well, even these show some variances, don't they?
So when Lynn claims that the account number is redudant in
for example certificates as it is already in the
"The four corner model is a valid business
model with all four parties filling a valid business role
totally independent of whether the delivery vehicle involves
offline, stale, static certificates."
On the contrary. If the TTP (credential
issuer) is a part of a rust-network, the
I believe we are in agreement with what the fourth corner does in
a trust network, it is like the relying party's insurance, link to the law, etc.
A problem as I see it is what the fourth corner (or TPP CA)
is prepared to vouch for in an non-payment situation. It can
surely not make any
require NDAs for getting the documentation.
Anders Rundgren
on bank and telco issued cards.
Pekka Honkanen
-Alkuperäinen viesti-
Lähettäjä: Anders Rundgren [mailto:[EMAIL PROTECTED]
Lähetetty: 30. lokakuuta 2003 23:46
Vastaanottaja: internet-payments
Aihe: On-line signature standards
Here is some information related to Internet payment gathered
from
is not Anders Rundgren, cid=4545454, @bigca,
only Anders Rundgren, cid=4545454.
To have the issuer sign this information like in a certificate
is as you say redundant as this is what an on-line status
service more or less already do.
But I guess you can't accept the TTP-model at all as it builds
advanced HP PDAs. It may
also work in bank vaults etc. However, as a over-
the-net mechanism I believe biometrics is no good.
Anders
- Original Message -
From: [EMAIL PROTECTED]
To: Anders Rundgren [EMAIL PROTECTED]
Cc: 'internet-payments' [EMAIL PROTECTED]; pekka honkanen Welho [EMAIL
From a recent Intel pressrelease:
The Intel PXA27x family of processors, formerly
code-named "Bulverde," adds a number of new technologies to address the needs of
cell phone and PDA users. It is the first product to integrate the Intel
Wireless MMX technology, providing additional
http://www.aximsite.com/x30review
Intel's PXA270 contains full support for cryptographic
operations and storage of secret keys.
Anders
Richard,
I don't really see devices with specifications such
as described in this URL as being any more suited for
financial cryptography than the average virus-infected Windows
PC - more part of an untrusted Internet over which
secure messages can be transmitted given an appropriate
Public Key
technically!
Anders
- Original Message -
From: [EMAIL PROTECTED]
To: Anders Rundgren [EMAIL PROTECTED]
Cc: internet-payments [EMAIL PROTECTED]; Safecode [EMAIL PROTECTED]
Sent: Monday, September 20, 2004 22:11
Subject: Re: EMV cards as identity cards
on of the issues in the account/identity
If I understand things correctly, the major point with one-time
PAN-codes is that they should limit fraud performed by merchants.
It seems that one-time PAN-codes could also be used to more or
less anonymize the customers with respect to the merchant.
This though requires that the payment scheme
http://www.motorola.com/mediacenter/news/detail/0,,4762_4058_23,00.html
EMV? It will likely be the biggest fiasco of the financial sector ever.
However, it is still possible to call off the EMV project, with
(completely true) statements such as:
Recent technological advances indicate that it
the usage of a specific proxy PAN for which there
is no
card. Currently, 3D represents just another more or less failed attempt by
banks to
create vital infrastructure.
EMV is though likely to eclipse the 3D Secure debacle with a huge margin
but that is another story...
Anders Rundgren
e
Anybody with some information on this?
In Sweden no issuing bank (including Nordea who claims to be the biggest
on-link bank provider in World), have to date implemented 3D Secure.
EMV cards have been purchased in large quantities but rollout is
still fairly limited.
SEB currently opts to stay
be a
check-box in the buying organization's purchasing system. There is simply
no end to the things you can achieve by using a "home base" asa TTP in
on-line transactions!
Regards
Anders Rundgren
- Original Message -
From: Peter
Yeatrakas
To: Versace, Michael ; [EMAIL PROTECTED]
;
32 matches
Mail list logo
