Date: Thu, 08 Oct 1998 02:52:26 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: brooks@one-eyed-alien.net, Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Wes Peters <wes@softweyr.com>, FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Message-ID: <3.0.3.32.19981008025226.0071bfbc@207.227.119.2> In-Reply-To: <Pine.SOL.4.02.9810071020520.12044-100000@orion.ac.hmc.edu> References: <Pine.BSF.3.96.981007103616.3899A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:24 AM 10/7/98 -0700, brooks@one-eyed-alien.net wrote: >On Wed, 7 Oct 1998, Robert Watson wrote: > >> In this case, the ideal key for me is one I plug in, and has a little >> display and a button or two. I type in my pin number, and it decrypts the >> pgp key stored in the ring. The ring then displays the comment field of >> the check, the to: field, and the amount, and prompts for confirmation, >> all from the digital check transfered to the ring. If I approve the >> transaction, the ring signs or encrypts the check with the key, and sends >> it back to the computer. > >While they don't have any way that wouldn't give the computer your pin, if >you use the Crypto buttons (the ring is only one form of them) correctly >*no one* including you ever knows the private key. For the actual >information on Crypto buttons in perticular and iButtons in general >checkout http://www.ibutton.com/. Greater flexibility would be needed for what I envision. Wes's mention of property rights begs to have a private/public key method along with protection for both "private" and "public" areas on the ring, which address just having a readable key that is easily copied. The ring owner would have a private key at home. That and only that could change the public key and necessary PIC (personal ID Code). An employer would use their private key to make an "id" for placement on the ring, which would use the persons "public" key. Use would require the users PIC and the employer would manange access with the "id" list. Or the private key could be on the ring with protections. Another key, kept at home would be the only way to access or change the key. Transactions would involve using the public key of the merchant and private key to create a "tranaction authorization" in the ring that is sent back to the merchant's reader. Not sure if a readable public key would be needed or useful, but like credit cards with a picture ID, a photo could be placed in the "public" data area. There is the problem that not everyone can scan a photo. Only "trusted" machines should be able to this. Still an issue is that the ring could be hacked, the photo changed with little trouble and it's some micreants shopping day. Maybe the photo should be encrypted using the private key and decrypted with the readable private key. This should be done by "trusted" facilities at respectable establishments, your bank for instance. Something more is still needed. The ring should have a companion matching unique card. The card with a special reader/writer would be used to create the photo, as well as the private key. Then the ring is immutable without the card, but the user cannot change the private key without a reader/writer, which may not be practical. What if their various credit cards are stored on the private side. This should be changeable, so maybe the photo should not be encrypted, but once set by a "trusted" machine it is immutable, period. Now you just send a photo and the manufacturer will add it to your custom ring, which would still need some kind of not easily forgeable "enabler" to change the "private" data, thus preserving security and privacy of the "private" data, as well as only the user knowing the PIC. The photo would mean in-person fraud would be me with a Darwin Award for stupidity. I'm sure my ramblings can be picked apart, but it's what I'm looking for in a ring for practical use. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19981008025226.0071bfbc>