fyi: On-card displays

From: Ian Brown <I.Browncs.ucl.ac.uk>
Subject: On-card displays
To: ukcryptochiark.greenend.org.uk
Date: Wed, 20 Sep 2006 07:29:13 +0100


Via Bruce Schneier's blog, flexible displays that can sit
on smartcards.
So we finally have an output mechanism that means you don't
have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2
006/09/16/on-card-displays-become-reality-maki
ng-cards-more-secure/

So, when do we see the combined chip/fingerprint
reader/display on a
payment card  Doesn't
of course address the requirement that we want
evidence (such as a signed paper receipt) that can later be
adjudicated
by a court with higher evidential standards than a bank
statement that
their systems work perfectly...
- -- 
Blogzilla --> http://dooooooom.blogs
pot.com/


----------

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

At 02:45 PM 9/20/2006, Jeff.HodgesKingsMountain.com wrote:
>Via Bruce Schneier's blog, flexible displays that can
sit on smartcards.
>So we finally have an output mechanism that means you
don't have to
>trust smartcard terminal displays:
>http://www.cr80news.com/library/2
006/09/16/on-card-displays-become-reality-maki
>ng-cards-more-secure/

I have a Mondex card from years ago that used a separate
reader with LCD.

Steve 


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

Steve Schear <s.schearcomcast.net> writes:

>I have a Mondex card from years ago that used a separate
reader with LCD.

Oh, so you were the Mondex user!  I've always wondered who
that was.

Peter.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

Jeff.HodgesKingsMountain.com wrote:
> From: Ian Brown <I.Browncs.ucl.ac.uk>
> Subject: On-card displays
> To: ukcryptochiark.greenend.org.uk
> Date: Wed, 20 Sep 2006 07:29:13 +0100
> 
> 
> Via Bruce Schneier's blog, flexible displays that can
sit on smartcards.
> So we finally have an output mechanism that means you
don't have to
> trust smartcard terminal displays:
> http://www.c
r80news.com/library/2006/09/16/on-card-displays-become-reali
ty-making-cards-more-secure/
> 
> So, when do we see the combined chip/fingerprint
reader/display on a
> payment card  Doesn't of
course address the requirement that we want
> evidence (such as a signed paper receipt) that can
later be adjudicated
> by a court with higher evidential standards than a bank
statement that
> their systems work perfectly...

for a decade or so ... i've made comments that the
increasingly powerful smartcards are obsolete because they
are really pda(/cellphone) wannabes (after some of the gov.
technology transfer legislation in the early 90s, we did
some consulting for one of the gov. agencies on attempting
to move some smartcard chip based technology into the
commercial sector ... and we could already see it was
rapidly becoming obsolete).

the smartcard target of portable computing device from
70s/80s required various kinds of iso standards because of
the lack of appropriate portable input/output capability
.... so there would be standardized, fixed input/output
stations that could be used with the portable smartcards.
that market niche for smartcards became obsolete with the
appearance of pda/cellphone portable input/output capability
sometime in the early to mid-90s.

possibly part of the problem was that there was significant
investment in various kinds of smartcard technology during
the 80s and 90s ... and when they became obsolete ... there
was some amount of scurrying around attempting to obtain
some/any return on the original investments ... even if it
was only a few cents on the dollar.

they are now contending with various kinds of cellphone/pda
payment delivery operations. 

there is some paradigm discontinuity tho. there is a
tradition grown up where the institutions issue the card
(payment, identification, etc) ... to some extent smartcard
activities are attempting to capitalize on that legacy
momentum. 

an individual's cellphone/pda tends to break that
institutional centric issuing paradigm ... since it can
involve an individual taking their cellphone/pda (that they
already have) and registering it for various
activities/transactions/identification ... aka another form
of "something you have" authentication ... but it
is possibly a personal device rather than an institution
issued device.

so there are already various kinds of pda/cellphones with
display, input capability ... and
some of them even have their own biometric sensing
capability.

the issue with "electronic signature" is
demonstration of intent ... we got into that when we were
asked to help wornessto some of the cal state (and later
federal) electronic signature act. various past postings
mentioning issue of establishing intent

http://www.garlic.com/~lynn/subpubkey.html#signature


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Steve Schear wrote:
> I have a Mondex card from years ago that used a
separate reader with LCD.

we were asked to do the design/sizing/cost for mondex
infrastructure in the us. 

one of the things that turned up was much of the mondex
infrastructure was based on float (initially essentially all
going to mondex international) ... cards were almost
incidental. somewhere along the way, mondex international
even started offering to split the float with national
organizations as an inducement to sign up.

somewhere along the way a group was also formed to try and
map mondex to the internet ... which eventually morphed into
IOTP.

misc. past posts that mention mondex
http://w
ww.garlic.com/~lynn/aepay6.htm#cacr7 7th CACR
Information Security Workshop
http:/
/www.garlic.com/~lynn/aadsm6.htm#digcash IP: Re: Why we
don't use digital cash
http:/
/www.garlic.com/~lynn/aadsm7.htm#idcard2 AGAINST ID
CARDS
http://www
.garlic.com/~lynn/aadsm18.htm#42 Payment Application
Programmers Interface (API) for IOTP
http://www.
garlic.com/~lynn/aadsm20.htm#7 EMV
http://www.
garlic.com/~lynn/aadsm21.htm#1 Is there any future for
smartcards?
http://www
.garlic.com/~lynn/aadsm23.htm#23 Payment systems - the
explosion of 1995 is happening in 2006
http://www.
garlic.com/~lynn/2002e.html#14 EMV cards
http://www.
garlic.com/~lynn/2002e.html#18 Opinion  on smartcard
security requested
http://www.
garlic.com/~lynn/2002g.html#53 Are you sure about
MONDEX?
http://www.
garlic.com/~lynn/2002g.html#54 Are you sure about
MONDEX?
http://www.
garlic.com/~lynn/2004j.html#12 US fiscal policy (Was:
Bob Bemer, Computer Pioneer,Father of ASCII,Invento
http://www.
garlic.com/~lynn/2004j.html#14 US fiscal policy (Was:
Bob Bemer, Computer Pioneer,Father of ASCII,Invento
http://www.
garlic.com/~lynn/2005i.html#10 Revoking the Root
http://www.g
arlic.com/~lynn/2005v.html#1 Is Mondex secure?

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

and for a whole lot of drift with respect to smartcards
being pda/cellphone wanabees

Storm building over RFID-enabled passports
http://www.networkworld.com/news/2006/092106-rfi
d-passports.html

from above:

The chip, which is embedded inside the cover of the
passport, contains only a duplicate copy of the passport
photograph and the printed data. The digital data is
intended to prevent forgeries by allowing inspectors to
compare the printed and digital data.

... snip ...

the article mentions that integrity of the electronic data
is protected by a digital signature (preventing tampering
and/or forgeries).

At some level, the digitally signed data can be considered a
electronic credential that is extremely difficult to
counterfeit.

posting with number of references about cloning (electronic)
passport data
http://www
.garlic.com/~lynn/aadsm25.htm#11 And another cloning
tale

from three factor authentication model
ht
tp://www.garlic.com/~lynn/subpubkey.html#3factor

* something you have
* something you know
* something you are

... frequently hardware tokens (chips) are implemented as
"something you have" authentication (i.e. the chip
supposedly contains some unique information ... which
differentiates it from every other chip). some recent posts
mentioning "something you have" authentication.
http://www
.garlic.com/~lynn/aadsm25.htm#30 On-card displays
http://www
.garlic.com/~lynn/aadsm25.htm#25 RSA SecurID SID800
Token vulnerable by design
http://www
.garlic.com/~lynn/aadsm25.htm#16 Fraudwatch -
Chip&PIN one-sided story

however, taking the passport chip data as an electronic
credential, cloning the information doesn't (directly)
represent a vulnerability ...  since it is more analogous to
digital certificates ... which are readily assumed to be
widely distributable.

the passport chip data as an electronic credential
containing a digital photograph ... and matching a person's
face to the digital photograph then represents
"something you are" authentication (as opposed to
assuming the chip ...or even a cloned chip ... represents
any sort of "something you have" authentication).

in theory, an electronic credential would be considered
valid, regardless of any specific chip container that it
might be carried in. one might then make the assertion, that
a passport electronic
credential could be carried in any device capable of
reliably reproducing the correct bits.

going back to the issue raised in
http://www
.garlic.com/~lynn/aadsm25.htm#30 On-card displays

that most smartcards/chips are really pda/cellphone wanabees
... one might suggest that you could then even carry your
electronic credential/passport in your pda or cellphone ...
as opposed to needing a separate physical device.

the issue that then is raised are there any significant
privacy considerations similar to privacy issues raised with
x.509 identity digital certificates from the early 90s
(having large amounts of privacy information in x.509
identity digital certificates widely distributed all over
the place).

by the mid-90s, many institutions considered that the
privacy and liability problems with x.509 identity digital
certificates were so significant that they retrenched to
"relaying-party-only" certificates. lots of past
posts mentioning rpo-certificates
http:/
/www.garlic.com/~lynn/subpubkey.html#rpo

these were digital certificates that effectively only
contained some sort of database index or account number. the
relying party then used the account number to retrieve the
actual information of interest (w/o having to widely expose
it in any way).

the analogy for an electronic passport infrastructure would
be just needing to present the passport number. the actual
credential data (and any photos or other information
necessary for "something you are" authentication)
is retrieved from secure online repository.

as repeatedly pointed out in the "RPO" digital
certificate scenario ... it isn't even necessary to include
the account/passport number in a digitally signed document
... since there is no information that needs integrity
protection. the person just makes an assertion as to their
correct account/passport number. the appropriate information
is then retrieved from the online infrastructure and used
for authentication (and whatever other required purposes).
asserting the
wrong account/passport number presumably retrieves
information that fails to result in valid authentication.

needing (some certification authority) to digitally sign the
passport/account number (in the RPO scenario) for any
possible integrity purposes, is then redundant and
superfluous (one of my oft
repeated comments).


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com