fyi: On-card displays

Anne & Lynn Wheeler lynn at garlic.com
Tue Sep 26 11:19:37 EDT 2006 

and for a whole lot of drift with respect to smartcards being pda/cellphone wanabees

Storm building over RFID-enabled passports
http://www.networkworld.com/news/2006/092106-rfid-passports.html

from above:

The chip, which is embedded inside the cover of the passport, contains only a duplicate copy of the passport photograph and the printed data. The digital data is intended to prevent forgeries by allowing inspectors to compare the printed and digital data.

... snip ...

the article mentions that integrity of the electronic data is protected by a digital signature (preventing tampering and/or forgeries).

At some level, the digitally signed data can be considered a electronic credential that is extremely difficult to counterfeit.

posting with number of references about cloning (electronic) passport data
http://www.garlic.com/~lynn/aadsm25.htm#11 And another cloning tale

from three factor authentication model
http://www.garlic.com/~lynn/subpubkey.html#3factor

* something you have
* something you know
* something you are

... frequently hardware tokens (chips) are implemented as "something you have" authentication (i.e. the chip supposedly contains some unique information ... which differentiates it from every other chip). some recent posts mentioning "something you have" authentication.
http://www.garlic.com/~lynn/aadsm25.htm#30 On-card displays
http://www.garlic.com/~lynn/aadsm25.htm#25 RSA SecurID SID800 Token vulnerable by design
http://www.garlic.com/~lynn/aadsm25.htm#16 Fraudwatch - Chip&PIN one-sided story

however, taking the passport chip data as an electronic credential, cloning the information doesn't (directly) represent a vulnerability ...  since it is more analogous to digital certificates ... which are readily assumed to be widely distributable.

the passport chip data as an electronic credential containing a digital photograph ... and matching a person's face to the digital photograph then represents "something you are" authentication (as opposed to assuming the chip ...or even a cloned chip ... represents any sort of "something you have" authentication).

in theory, an electronic credential would be considered valid, regardless of any specific chip container that it might be carried in. one might then make the assertion, that a passport electronic
credential could be carried in any device capable of reliably reproducing the correct bits.

going back to the issue raised in
http://www.garlic.com/~lynn/aadsm25.htm#30 On-card displays

that most smartcards/chips are really pda/cellphone wanabees ... one might suggest that you could then even carry your electronic credential/passport in your pda or cellphone ... as opposed to needing a separate physical device.

the issue that then is raised are there any significant privacy considerations similar to privacy issues raised with x.509 identity digital certificates from the early 90s (having large amounts of privacy information in x.509 identity digital certificates widely distributed all over the place).

by the mid-90s, many institutions considered that the privacy and liability problems with x.509 identity digital certificates were so significant that they retrenched to "relaying-party-only" certificates. lots of past posts mentioning rpo-certificates
http://www.garlic.com/~lynn/subpubkey.html#rpo

these were digital certificates that effectively only contained some sort of database index or account number. the relying party then used the account number to retrieve the actual information of interest (w/o having to widely expose it in any way).

the analogy for an electronic passport infrastructure would be just needing to present the passport number. the actual credential data (and any photos or other information necessary for "something you are" authentication) is retrieved from secure online repository.

as repeatedly pointed out in the "RPO" digital certificate scenario ... it isn't even necessary to include the account/passport number in a digitally signed document ... since there is no information that needs integrity protection. the person just makes an assertion as to their correct account/passport number. the appropriate information is then retrieved from the online infrastructure and used for authentication (and whatever other required purposes). asserting the
wrong account/passport number presumably retrieves information that fails to result in valid authentication.

needing (some certification authority) to digitally sign the passport/account number (in the RPO scenario) for any possible integrity purposes, is then redundant and superfluous (one of my oft
repeated comments).


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list