Smart card Authentification
From: Rony (joe_the_black_at_yahoo-dot-com.no-spam.invalid)
Date: 08/10/04
- Next message: Michael Brown: "Re: Hacking the DMCA with encryption"
- Previous message: Michael Amling: "Re: bootstrapping a secure channel"
- Next in thread: lyal: "Re: Smart card Authentification"
- Reply: lyal: "Re: Smart card Authentification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 9 Aug 2004 23:45:20 -0500
Hi,
I'm curios about how a smart card and a smart card reader,
comunicate in a secure way.
I'm thinking that they use public key cryptography to exhange the
simmetrical keys. (For example the use, RSA to exchange the DES
keys.)
For example, the credit cards, have as authority some central point,
like visa, that an terminal (ATM) can connect to, and retrieve the
public key of VISA.
I will describe you, the way that I think this is happening.
First the public key of an issuer bank is signed with the private
key of VISA. After this the smart card's own public key is signed by
the private key.
First , the reader(ATM) requests, the card's issuer public key(that
was previously signed by VISA), and the card, sends this key to the
reader, the reader then verifys the card's issuer public key, that it
has received, using the VISA public key(that he can aquire securely).
After this, the reader, requests the card's own public key (that
was signed with the issuer's private key), and the reader, verifys,
the publik key of the smart card.
After this , the reader, knows that he can use the public key of
the smart card to encrypt data and send them to the card.
Now the reader can generate a random number to the card, and encrypt
it, using the public key of the smart card, that he now has, and send
it to the smart card. The smart card can decrypt it, and send the
random number back to the reader, in this way the reader trusting the
smart card , that the smart card poseses the smart card's own private
key associated with the previously verified smart card's own public
key.
The reverse, the authentification of the reader to the smart card
should happen similarly, this meaning that the smart card, must poses
allready the VISA public key.
After this authentification, all the messages sent from the reader
to the smart card should be encrypted using the smart card's public
key, and the messages sent from the smartcard to the reader should be
encrypted using the reader's public key. They should do this way to
exchange the simmetric keys.
In my opinion, using this way of authentification that I can think
of, this might take some time, and maybe I'm wrong, or maybe it takes
less time.
Please tell me, were I'm wrong.
I used the example of the credit cards, to be more simple, as VISA,
can be associated with a central authority.
Thank you.
- Next message: Michael Brown: "Re: Hacking the DMCA with encryption"
- Previous message: Michael Amling: "Re: bootstrapping a secure channel"
- Next in thread: lyal: "Re: Smart card Authentification"
- Reply: lyal: "Re: Smart card Authentification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
