WebPayments through WebCrypto

Dear list,

I'm a "seasoned" developer in the PKI field with specific interests in the
consumer space.  Ages ago I started with a thing I have seen debated
in this and other list; the abysmal state of client-PKI support in browsers.

Unfortunately I found that my scheme (as well as all its predecessors including
HTML5's  <keygen>) is INCOMPATIBLE with the emerging W3C WebCrypto standard!

Since my firm belief is that there's little point equipping platforms with multiple
and feature-wise entirely different key-store mechanisms, I have added  (currently
only on paper...) a twist to WebCrypto which bridges the "Old" and "New" world.

An obvious application for this marriage (in heaven or hell?) are on-demand
(transiently) downloaded, more or less arbitrary, payment-applications:


That dynamically loaded "Trusted Chrome" is bound to specific keys may seem
odd but it gives payment-networks the ability to optimize the GUI for the actual
protocol as well as supporting branding options.   It may even spur some innovation
in the payment sector since the scheme doesn't restrict protocols; both POS-style
and 3D Secure-like concepts should be fully implementable.


Anders Rundgren

Received on Sunday, 4 August 2013 11:53:07 UTC