with regard to finread operation for inferring intention and/or non-repudiation from previous posts: http://www.garlic.com/~lynn/aepay11.htm#53 http://www.garlic.com/~lynn/aepay11.htm#54
is a characteristic of the disconnect between the "something you have" token and the technology needed for secure display and input. there has been quite a bit of work translating the requirements for inferring intention and/or non-repudiation into a "something you have" device that integrates the attributes of personal token with secure display and input (aka some form of PDA or cellphone). This somewhat reflects the claim that (7816) smartcards went thru a period where there was some thought that they would be the PDAs of the 1980s i.e. the technology didn't yet exist to integrate portable computing that fit in a pocket along with portable display and input. The solution was to have ubiquitous input/output stations with people carrying the portable computer (smartcard) in their pocket. In the early 90s, there was advances in technology that allowed that the portable computing devices (aka smartcards) and input/output capability to be integrated into a single device (evidence PDAs and cellphones). This effectively began the obsoleting of that target market for smartcards. >From an asuretee standpoint: http://www.asuretee.com/ embedding an asuretee chip in a personal portable computing device with integrated input/output (aka PDA/cellphone) can provide both the indication of "something you have" authentication along with proof of a business process that supports intention and/or non-repudiation. Of course the specific personal, portable computing device with integrated input/output will need to be appropriately certified as meeting the (equivalent finread) security requirements in support of demonstrating intention and/or non-repudiation. This requires a high level of assurance that the value of the transaction that is displayed, is in fact the value that a digital signature is applied to ... and that there is some sort of human input in conjunction with the value displayed that can be taken as representing human intention and agreement. this is similar to past threads relating to the asuretee chip being the equivalent of the trusted computing platform module. Depending on the business process followed and the exact certification, an embedded asuretee chip could be taken as 1) authenticating a hardware device, 2) authentication as part of "something you have" paradigm, 3) authentication in conjunction with other inferred events supporting two/three factor authentication and/or intention and non-repudiation. The original references to FINREAD wasn't whether or not it was applicable to PDAs and cellphones, but what were the characteristics of the requirements in the FINREAD standard necessary for establishing intention and/or non-repudiation. Using the implementation details of a FINREAD terminal as an example along with the original requirements, it is then possible to translate the requirements to other implementations. I relatize that the specifics of the FINREAD terminal represent the 80s disconnect between technology available for a personal, pocket-sized portable computing device and the 1980s input/output technology needed to support a pocket-sized portable computing device. However, it is also possible to translate requirements for supporting "intention" into 1990s technology where the personal pocket-sized portable computing device has its own integrated input/output technology. lots of past threads related to FINREAD and/or intention. http://www.garlic.com/~lynn/aadsm10.htm#keygen2 Welome to the Internet, here's your private key http://www.garlic.com/~lynn/aadsm11.htm#4 AW: Digital signatures as proof http://www.garlic.com/~lynn/aadsm11.htm#5 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#6 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#7 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#9 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm11.htm#13 Words, Books, and Key Usage http://www.garlic.com/~lynn/aadsm11.htm#23 Proxy PKI. Was: IBM alternative to PKI? http://www.garlic.com/~lynn/aadsm12.htm#0 maximize best case, worst case, or average case? (TCPA) http://www.garlic.com/~lynn/aadsm12.htm#19 TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA) http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM] http://www.garlic.com/~lynn/aadsm12.htm#30 Employee Certificates - Security Issues http://www.garlic.com/~lynn/aadsm12.htm#59 e-Government uses "Authority-stamp-signatures" http://www.garlic.com/~lynn/aepay10.htm#53 First International Conference On Trust Management http://www.garlic.com/~lynn/2000f.html#79 Cryptogram Newsletter is off the wall? http://www.garlic.com/~lynn/2001g.html#57 Q: Internet banking http://www.garlic.com/~lynn/2001g.html#60 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001g.html#61 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001g.html#62 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001g.html#64 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001h.html#51 future of e-commerce http://www.garlic.com/~lynn/2001i.html#25 Net banking, is it safe??? http://www.garlic.com/~lynn/2001i.html#26 No Trusted Viewer possible? http://www.garlic.com/~lynn/2001j.html#7 No Trusted Viewer possible? http://www.garlic.com/~lynn/2001j.html#46 Big black helicopters http://www.garlic.com/~lynn/2001k.html#0 Are client certificates really secure? http://www.garlic.com/~lynn/2001k.html#43 Why is UNIX semi-immune to viral infection? http://www.garlic.com/~lynn/2001m.html#6 Smart Card vs. Magnetic Strip Market http://www.garlic.com/~lynn/2001m.html#9 Smart Card vs. Magnetic Strip Market http://www.garlic.com/~lynn/2001n.html#70 CM-5 Thinking Machines, Supercomputers http://www.garlic.com/~lynn/2002c.html#10 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002c.html#21 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002f.html#46 Security Issues of using Internet Banking http://www.garlic.com/~lynn/2002f.html#55 Security Issues of using Internet Banking http://www.garlic.com/~lynn/2002g.html#69 Digital signature http://www.garlic.com/~lynn/2002h.html#13 Biometric authentication for intranet websites? http://www.garlic.com/~lynn/2002l.html#24 Two questions on HMACs and hashing http://www.garlic.com/~lynn/2002l.html#28 Two questions on HMACs and hashing http://www.garlic.com/~lynn/2002m.html#38 Convenient and secure eCommerce using POWF http://www.garlic.com/~lynn/2002n.html#13 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002n.html#26 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002o.html#67 smartcard+fingerprint http://www.garlic.com/~lynn/2002p.html#52 Cirtificate Authorities 'CAs', how curruptable are they to http://www.garlic.com/~lynn/2003h.html#25 HELP, Vulnerability in Debit PIN Encryption security, possibly http://www.garlic.com/~lynn/2003h.html#29 application of unique signature http://www.garlic.com/~lynn/2003h.html#38 entity authentication with nonrepudiation -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm
