Financial identity is *dangerous*? (was re: Fake companies, real money)
Anne & Lynn Wheeler
lynn at garlic.com
Thu Oct 28 14:21:32 EDT 2004
At 03:31 PM 10/25/2004, Ian Grigg wrote:
>:-)
>
>It should be obvious. But it's not. A few billions
>of investment in smart cards says that it is anything
>but obvious.
>
>To be fair, the smart card investments I've been
>familiar with have been at least very well aware of
>the problem. It didn't stop them proceeding with
>papering over the symptoms, when they should have
>gone for the underlying c
>iang
my claim about the paradigm is that during the 80s, there was start of lot
of investment by all sorts of parties into smartcards ... targeted for the
portable computing market niche ... where the state of the art would allow
relatively powerful computing and memory in such chips ... but the
technology didn't exist for portable input/output technology .... as a
result there also had to be ISO international standards for the
input/output stations that would interoperate with the smartcards. that
market niche started to disappear in the early 90s with the appearance of
portable input/output technology associated with cellphones and PDAs. by
this time, at least several billion dollars had been invested in the
technology.
somewhat to recoup (at least some portion of) the investment, there has
been some searching for alternative market niches for the
technology. In the early 90s, my wife and I consulted to some agencies on
aspects of this. one such target was emergency medical information .... a
person could carry their complete medical records in such a form factor
.... and in a life&death emergency .... the emergency crews could pull out
the victims card and insert it into their locak, offline, portable display
technology and have access to the victims complete medical records. The
problem in this scenario was that an emergency first responder isn't likely
to be able to make use of the victims medical records in offline manner.
First off, if it is a real emergency ... how does a first responder do
other than triage. Typically for anything that involves anything more
complicated ... the first responder has to go online to "real" doctors at
some remote location. If you have a real online environment ... to real
(remote) doctors ... then a much better solution is to have something that
authenticates the victim ... and the consulting doctor then has some
mechanism for locating and retrieving the online medical records (as
opposed to first responder being able to make sense out of a victim's
complete medical records).
Another niche for the technology was offline financial transactions ... for
parts of the world where online connectivity was difficult, non-existent
and/or extremely expensive. the smartcard would contain the business rules
and logic for performing (offline) financial transaction interacting with
random merchant terminals. Two issues arise here .... there is a
significant mutual suspicion (lack of trust) problem between random
merchant terminals anywhere in the world and random consumer smartcards
anywhere in the world; and the technology started to be deployed at a time
when online connectivity was starting to become ubiquitous and easily
available in most places in the world. An example is the european deployed
stored-value (offline) smartcards in the 90s compared to the rapid market
penetration of stored-value (online) magstripe (gift, affinity, merchant,
etc) cards in the US .... making use of the ubiquitous nature of online
connectivity available in the US. Again, which the availability of online
.... the problem changes from requiring a very expensive and trusted
distributed offline infrastructure and offline distributed business
rules .... to the much more simple problem of requiring (increasingly
strong) authentication.
So the financial oriented infrastructure has seen some amount of "skimming"
threats and exploits with the terminals and/or networks. Even if the
smartcard paradigm is just reduced to a (dumb) chipcard that only provides
strong authentication .... the issue is does the consumer completely
provide their own environment ... or do they have to depend on (and trust)
randomly located terminals at random locations around the world.
Part of the authentication issue ... is the 3-factor authentication model
* something you have
* something you know
* something you are
the "card" (or chip) provides the "something you have" piece.
in order to add "something you know" ... requires the consumer entering a
pin or password; the issue then becomes does the consumer trust some
randomly located pin-pad. there is a similar issue with whether the
consumer trust their own biometric sensor or would they trust somebody
else's biometric sensor.
a consumer owned cell phone .... could presumably provide both a consumer
trusted pin-pad ... and w/o a whole lot of magic ... a consumer camera cell
phone could be used for sensor for various kinds of biometric info.
some part of the issue is that the original target market niche for
smartcards (portable computing with fixed interoperable input/output
stations) started to evaporate after a lot of the investment had been done
but before there was a lot of deployment and investment recovery.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20041028/a5bd505d/attachment.html>
More information about the cryptography
mailing list