SWSI Update Carnegie Mellon University Katia Sycara Carnegie Mellon University softagents.
Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop...
-
Upload
adam-bradley -
Category
Documents
-
view
218 -
download
0
description
Transcript of Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop...
![Page 1: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/1.jpg)
Strong AuthenticationInfrastructure
Requirement: Trusted Input Devices
National ID WorkshopCarnegie Mellon UniversityNovember 28, 2001Lark M. Allen / Wave Systems
![Page 2: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/2.jpg)
The Problem
Personal Computers are untrusted devices Input, processing, and output cannot be protected or
hidden from interception, observation, and hacking
Therefore: Authentication processing in PCs cannot be trusted, regardless of the identity tokens utilized
11/27/01 2
![Page 3: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/3.jpg)
The Problem
11/27/01 3
Hi, I’m Bill Gates, Would you please give me access to my bank account ?
Password / PIN
(PC)
Sure, Trust Me!
SMART
![Page 4: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/4.jpg)
EU Is Addressing the Problem
France: 1999 Cyber-Comm specification for trusted smart card readers for consumer usage Banks, Credit Card and Smart Card Companies Authentication of smart card and keypad input
performed in reader Secure output – LCD display on reader
EU: July, 2001 FinRead specification for trusted reader devices Banks, Governments, Technology Companies Programmable, multi-application/services platform
through Java applets Global Trust Authority as source of trust for system Integrated services business model for deployment
11/27/01 4
![Page 5: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/5.jpg)
EMBASSY Trusted Client Systems
Processor
Memory
Interfaces/Storage
Clock
Crypto
MusicDRM
Digital Signature
Video PPV
Trust Assurance Network
Digital Signature
Digital Signature
Music DRM
MusicDRM
Hard Disk
Digital Signature
Video PPV
Video PPV Application
EMBASSYCHIP/
Trusted OS
MusicDRM
‘Sovereign and Protected Place in a Hostile Territory’
![Page 6: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/6.jpg)
Strategic: Independent Trust Domains
EMBASSY Device Trust
Domain
Shared, Multi-PartyTrusted Devices
SERVICE CTrust Domain
Applet CApplet B
SERVICE BTrust Domain
SERVICE A Trust Domain
Applet A
![Page 7: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/7.jpg)
StrongAuthentication
ContentProtection Services
Delivery
E-CommercePrivacy
Protection
PlatformSecurity
SecurePeer-Peer
ConditionalAccess
DistributedTransactions
Secure Applets
Trusted Operating System
EMBASSY Trusted Client Chip
Trust Assurance Network
Developer Kits
EMBASSY Trusted Client Applications
![Page 8: Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.](https://reader035.fdocuments.us/reader035/viewer/2022062503/5a4d1af27f8b9ab05997f39d/html5/thumbnails/8.jpg)
EMBASSY-enabled Devices• PC USB secure input devices• Interfaces to support multiple inputs:
• Key matrix• Smart cards• LCD - output• Biometrics• GPS• Mag stripe• Serial devices
• Keyboards (Samsung, PC OEMs)• Smart Card Readers (SSP/Litronics,
SCM, Securelink/CPS)• PC/SC and EMV-Compliant• New platform for services and
security applications to PCs