Financial identity is *dangerous*? (was re: Fake companies, real money)

Anne & Lynn Wheeler lynn at
Thu Oct 28 14:21:32 EDT 2004

At 03:31 PM 10/25/2004, Ian Grigg wrote:

>It should be obvious.  But it's not.  A few billions
>of investment in smart cards says that it is anything
>but obvious.
>To be fair, the smart card investments I've been
>familiar with have been at least very well aware of
>the problem.  It didn't stop them proceeding with
>papering over the symptoms, when they should have
>gone for the underlying c

my claim about the paradigm is that during the 80s, there was start of lot 
of investment by all sorts of parties into smartcards ... targeted for the 
portable computing market niche ... where the state of the art would allow 
relatively powerful computing and memory in such chips ... but the 
technology didn't exist for portable input/output technology .... as a 
result there also had to be ISO international standards for the 
input/output stations that would interoperate with the smartcards. that 
market niche started to disappear in the early 90s with the appearance of 
portable input/output technology associated with cellphones and PDAs. by 
this time, at least several billion dollars had been invested in the 

somewhat to recoup (at least some portion of) the investment, there has 
been some searching for alternative market niches for the
technology. In the early 90s, my wife and I consulted to some agencies on 
aspects of this. one such target was emergency medical information .... a 
person could carry their complete medical records in such a form factor 
.... and in a life&death emergency .... the emergency crews could pull out 
the victims card and insert it into their locak, offline, portable display 
technology and have access to the victims complete medical records. The 
problem in this scenario was that an emergency first responder isn't likely 
to be able to make use of the victims medical records in offline manner. 
First off, if it is a real emergency ... how does a first responder do 
other than triage. Typically for anything that involves anything more 
complicated ... the first responder has to go online to "real" doctors at 
some remote location. If you have a real online environment ... to real 
(remote) doctors ... then a much better solution is to have something that 
authenticates the victim ... and the consulting doctor then has some 
mechanism for locating and retrieving the online medical records (as 
opposed to first responder being able to make sense out of a victim's 
complete medical records).

Another niche for the technology was offline financial transactions ... for 
parts of the world where online connectivity was difficult, non-existent 
and/or extremely expensive. the smartcard would contain the business rules 
and logic for performing (offline) financial transaction interacting with 
random merchant terminals. Two issues arise here .... there is a 
significant mutual suspicion (lack of trust) problem between random 
merchant terminals anywhere in the world and random consumer smartcards 
anywhere in the world; and the technology started to be deployed at a time 
when online connectivity was starting to become ubiquitous and easily 
available in most places in the world. An example is the european deployed 
stored-value (offline) smartcards in the 90s compared to the rapid market 
penetration of stored-value (online) magstripe (gift, affinity, merchant, 
etc) cards in the US .... making use of the ubiquitous nature of online 
connectivity available in the US. Again, which the availability of online 
.... the problem changes from requiring a very expensive and trusted 
distributed offline infrastructure and offline distributed business 
rules  .... to the much more simple problem of requiring (increasingly 
strong) authentication.

So the financial oriented infrastructure has seen some amount of "skimming" 
threats and exploits with the terminals and/or networks. Even if the 
smartcard paradigm is just reduced to a (dumb) chipcard that only provides 
strong authentication .... the issue is does the consumer completely 
provide their own environment ... or do they have to depend on (and trust) 
randomly located terminals at random locations around the world.

Part of the authentication issue ... is the 3-factor authentication model

* something you have
* something you know
* something you are

the "card" (or chip) provides the "something you have" piece.

in order to add "something you know" ... requires the consumer entering a 
pin or password; the issue then becomes does the consumer trust some 
randomly located pin-pad. there is a similar issue with whether the 
consumer trust their own biometric sensor or would they trust somebody 
else's biometric sensor.

a consumer owned cell phone .... could presumably provide both a consumer 
trusted pin-pad ... and w/o a whole lot of magic ... a consumer camera cell 
phone could be used for sensor for various kinds of biometric info.

some part of the issue is that the original target market niche for 
smartcards (portable computing with fixed interoperable input/output 
stations) started to evaporate after a lot of the investment had been done 
but before there was a lot of deployment and investment recovery.

Anne & Lynn Wheeler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the cryptography mailing list