example: secure computing kernel needed
Anne & Lynn Wheeler
lynn at garlic.com
Sun Dec 14 17:23:47 EST 2003
At 07:25 PM 12/11/2003 -0500, Paul A.S. Ward wrote:
>I'm not sure why no one has considered the PC banking problem to be a
>justification for secure computing. Specifically, how does a user know
>their computer has not been tampered with when they wish to use it for
>banking access.
actually the EU FINREAD (financial reader) standard is quite directed at
this area. basically a secure entry/display\token-interface device. part of
the issue is not skimming any pin-entry that may be assumed as possible
with just about all keyboard-based entry (aka tamper evident device ....
supposedly somewhat consumer equivalent of the TSM ... trusted security
module and tamper evident guidelines for point-of-sale terminals). In
effect, finread is isolating some set of secure components into a tamper
evident housing that has something akin to a trusted security module.
the other aspect somewhat shows up in the digital signature area.
fundamentally a digital signature may be used for authenticating (and
message integrity) ... but not, by itself as to "agreement" in the legal
signature sense. the issue is how to create an environment/infrastructure
for supporting both straight-forward authentication as well as
intention/agreement
in theory finread has the ability to securely display the value of a
transaction (and possibly other necessary details) and then requires a PIN
entry after the display as evidence of
1) something you know authentication
2) being able to infer agreement with the transaction.
pretty much assumed is that finread implies some sort of token acceptor
device ... which in turn implies a "something you have" token authentication.
so finread is attempting to both address two-factor authentication (and
possibly three if biometric is also supported) as well as establish some
environment related for inferring agreement/intention/etc as required per
legal signature.
possibly overlooked in the base eu finread work is being able to prove that
the transaction actually took place with a real finread device as opposed
to some other kind of environment. In the (financial standard) X9A10
working group on the X9.59 financial standard for all electronic retail
payments we spent some amount of time on not precluding that the signing
environment could also sign the transaction i.e.
1) amount displayed on secure secure display,
2) pin/biometric securely entered (after display occurs)
3) token digitally signs (after pin/biometric entered)
4) finread terminal digital signs
the 2nd & 3rd items (alone) are two (or three) factor authentication.
however, in conjunction with the first and fourth items some level of
assurance that the person agrees with the transaction.
lots of past finread references:
http://www.garlic.com/~lynn/aepay7.htm#3dsecure 3D Secure Vulnerabilities?
Photo ID's and Payment Infrastructure
http://www.garlic.com/~lynn/aepay11.htm#53 Authentication white paper
http://www.garlic.com/~lynn/aepay11.htm#54 FINREAD was. Authentication
white paper
http://www.garlic.com/~lynn/aepay11.htm#55 FINREAD ... and as an aside
http://www.garlic.com/~lynn/aepay11.htm#56 FINREAD was. Authentication
white paper
http://www.garlic.com/~lynn/aadsm10.htm#keygen2 Welome to the Internet,
here's your private key
http://www.garlic.com/~lynn/aadsm11.htm#4 AW: Digital signatures as proof
http://www.garlic.com/~lynn/aadsm11.htm#5 Meaning of Non-repudiation
http://www.garlic.com/~lynn/aadsm11.htm#6 Meaning of Non-repudiation
http://www.garlic.com/~lynn/aadsm11.htm#23 Proxy PKI. Was: IBM alternative
to PKI?
http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and
their users [was Re: Cryptogram: Palladium Only for DRM]
http://www.garlic.com/~lynn/aadsm14.htm#35 The real problem that https has
conspicuously failed to fix
http://www.garlic.com/~lynn/aadsm15.htm#40 FAQ: e-Signatures and Payments
http://www.garlic.com/~lynn/aadsm9.htm#carnivore Shades of FV's Nathaniel
Borenstein: Carnivore's "Magic Lantern"
http://www.garlic.com/~lynn/2001g.html#57 Q: Internet banking
http://www.garlic.com/~lynn/2001g.html#60 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001g.html#61 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001g.html#62 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001g.html#64 PKI/Digital signature doesn't work
http://www.garlic.com/~lynn/2001i.html#25 Net banking, is it safe???
http://www.garlic.com/~lynn/2001i.html#26 No Trusted Viewer possible?
http://www.garlic.com/~lynn/2001k.html#0 Are client certificates really secure?
http://www.garlic.com/~lynn/2001m.html#6 Smart Card vs. Magnetic Strip Market
http://www.garlic.com/~lynn/2001m.html#9 Smart Card vs. Magnetic Strip Market
http://www.garlic.com/~lynn/2002c.html#10 Opinion on smartcard security
requested
http://www.garlic.com/~lynn/2002c.html#21 Opinion on smartcard security
requested
http://www.garlic.com/~lynn/2002f.html#46 Security Issues of using Internet
Banking
http://www.garlic.com/~lynn/2002f.html#55 Security Issues of using Internet
Banking
http://www.garlic.com/~lynn/2002g.html#69 Digital signature
http://www.garlic.com/~lynn/2002m.html#38 Convenient and secure eCommerce
using POWF
http://www.garlic.com/~lynn/2002n.html#13 Help! Good protocol for national
ID card?
http://www.garlic.com/~lynn/2002n.html#26 Help! Good protocol for national
ID card?
http://www.garlic.com/~lynn/2002o.html#67 smartcard+fingerprint
http://www.garlic.com/~lynn/2003h.html#25 HELP, Vulnerability in Debit PIN
Encryption security, possibly
http://www.garlic.com/~lynn/2003h.html#29 application of unique signature
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list