Thursday, December 1, 2016

A crypto iron lock, we hope

The private key in ur smart card, it is never revealed.  But a sufficient part of it can be encrypted with a public key, and send to the 'fab bot', which should have another copy of the private key. The fab bot is uuder guard. The fab bot seems a necessity to me, sort of the top cop.

Otherwise, some part of your key, encrypted with the public key, becomes officially gold after verification.  The card identity, likely re-encrypted in transport, can be stored, safely, in any other card.. The card identity does not reveal the card private key. The system, being closed, allows local storage of smart card IDs for local customers, the clerk can check them off with a local data base.

Discovering a key via reverse engineering is an industrial night mare, similar or worse than counterfeiting money.  Card can have built in limits, kind of a loose denomination which allows security to be rationed properly.

The system, then works once the bio-metric is satisfied, and at that point, the card has a unique, unknown private key it can  use in a variety of operations with the user or other cards.  It can use that key in whole or part for shared locks with end points.  The key has a time limit, imprinted as part of the card id, and decodeable.  The fab bot knows the timeouts, it maintains the card flow.

Simple, the hardware vendor, or CardLogix, should just declare it so.  Once we know we have a hardware standard, verifiable, then the microprocessor selected will be the favorite among the hardware wallet vendors. I see a robust industry here.

What about retro fitting all the stores?

Buy a hardware wallet. It uses the wireless, and all the encryption is standard.  The minimum purchase for a complete smart card secure terminal is the price of a smart card, and I think these are worth $150, easily, if they meet all the standard.   But the chip vendor leads the way as the embedded key system makes comm mostly compatible right off the bat, but the common key management immediately implies a common packet layer.

No comments: