Difference between TCPA-Hardware and a smart card (was: examp le: secure computing kernel needed)

Anne & Lynn Wheeler lynn at garlic.com
Mon Jan 5 10:34:12 EST 2004

At 03:10 PM 1/5/2004 +1100, McMeikan, Andrew wrote:

>The only danger to such a world of peace would be those who refuse goverment
>signed keys and use their own payment provider and trade amounst themselves,
>they would have to be hunted down seperately.

The original issue involves three factor authentication

* something you have
* something you know
* something you are

A public key can be representative of  hardware token ... say a token where 
the private key is generated on the token and is designed to never leave 
the token. A digital signature that can be verified by the corresponding 
public key can be used to infer possession of the hardware token (something 
you have). Furthermore, a hardware token can be designed to only work in a 
specific way when the appropriate pin/password (something you know) or 
biometric (something you are) have been entered into the token. The entity 
receiving the digital signature doesn't need a copy of the pin/password or 
biometric (making it a shared-secret) but infers by the operation of the 
hardware token that there has been something you know &/or something you 
are authentication to have happened.

An institution can enroll the person in possession of the token using 
whatever processes they feel necessary (say anonymous for ISPs up to "know 
your customer" identity as required by various legislation for financial 

The issue is that can the validating of the entity in possession of the 
token be a separate business process issue from validating the integrity of 
the hardware token. The idea is that the integrity of the hardware token 
can be treated as a totally separate business process from the process of 
validating the entity being enrolled (an entity that happens to possess the 
hardware token).

Treating them as totally separate business process doesn't preclude 
collapsing the enrolling of the entity and enrolling the hardware token 
into a single process. However, not treating them as separate business 
process will pretty much preclude ever being able to treat them as separate 

So the question is as part of the enrolling process, can the integrity of 
the hardware token be treated as a totally separate business issue from the 
characteristics of the entity in possession of the hardware token, say like 
the advertisements for the service that allows being able to research the 
history of a used car. Most institutions already have all sorts of business 
processes involved with enrolling the characteristics of an entity. What 
would be the incremental requirement for adding being able to enroll (& 
trust) the integrity of a consumer presented hardware token.

So, i'm a little bit biased, I claimed that I ruthlessly discarded all 
feature and function from AADS chip strawman that wasn't needed for trusted 

complexity can contribute to insecurity ... KISS and focus can contribute 
to security.

Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list