Re: Kiosk access - Solved

On 2014-06-02 23:24, Kingsley Idehen wrote:
> On 6/2/14 1:50 AM, Anders Rundgren wrote:
>> Hi List;
>> One of the arguments against using authentication techniques that rely
>> on client-side storage of data like PKI is that it wouldn't work at a
>> kiosk
>> unless the key was supplied in a smart card or similar, right?
>>
>> I think we can safely ignore this objection because with a mobile device
>> which now is in the hands of many more people than PCs, the device
>> itself = key storage.
>>
>> Slightly further down the road the device will also be able to wirelessly
>> "roam" into the kiosk/ATM/POS/whatever but that won't happen until the
>> keys are safely and conveniently stored and managed in the mobile device.
>>
>> Currently key enrollment is performed through proprietary methods
>> since the
>> mobile OS vendors haven't fully understood this use-case yet.  Do they
>> ever
>> talk to EU or Asian banks?  Probably not.
>>
>> In Sweden the banks have launched an ID-App which can be used both
>> "as-is" or
>> as a stand-alone "PC-companion" where you initiate an authentication
>> on the PC
>> and then meet that request with the mobile ID-App.   It has
>> effectively become
>> the Swedish version of the electronic ID-card, not relying on
>> non-existing browser
>> support and quirky card middleware.
>>
>> I developed a more universal version of this a year ago where the PC
>> part is using
>> QR-code which unlike the banks (hard-coded single-provider
>> solution...) isn't secret:
>> https://openkeystore.googlecode.com/svn/resources/trunk/docs/QR-ID-presentation.pdf
>>
>> https://play.google.com/store/apps/details?id=org.webpki.mobile.android
>>
>> thanx,
>> Anders
> Anders,
>
> Do I still need to have a G+ account to use this app? If so, why is that
> the case?

Kingsley,
Well, unlike YouID this is a PoC since my plan presumes that most of this
eventually gets integrated in the mobile platform.  The PoC demo is based
on PrimeKey's http://ejbca.org and http://webpki.org/papers/PKI/mobile-ra-guide.pdf

To save time for potential testers I did the assumption (right or wrong)
that a gmail account would be easiest.

Although adding adding a self-registration facility would be simple but I
have too much other things to do including some initial integration steps
with Firefox as well as trying to get traction in the hardware camp.

It is indeed quite difficult getting anywhere in this space but OTOH
Mozilla, Google, and Apple (OS/X) haven't been able upgrading their
severely antiqued 1995 cert-enroll (<keygen>) solution either...

Naturally, the mentioned banks (in the EU) which yearly spends $100M
on replacing <keygen> et. al. would never consider funding Mozilla.
I have a feeling that there is no dialog here, and probably never was.
Based on past experience, the banks are not the only one to blame :-)

Anders

>

Received on Tuesday, 3 June 2014 04:35:50 UTC