Identity management is concerned with the life cycle of the identity of subjects and objects and, by default, being able to prove this identity as and when required.
There is nothing new about the concepts of identity management and arguably is the basis of a community of which these entities are members.
Each entry must have a reference characteristic that is unique within the community to which they belong. It could be anything from a simple name to an 80 digit number, which would be enough to identify every atom in the universe.
Originally, individuals only ever existed in their own environmental community, a tribe of perhaps 100 people, where everyone knew everybody else. Over time this has expanded to the use of intermediaries for vouching identity, an employer or a banker's reference for example. Of course in some cases, this identity has to be established from scratch, when you move area for example.
But in all cases what is clear is that the identity only makes sense in terms of the relationship between two entities. The only difference is about how quickly you establish the trust that underlies a relationship. In the electronic world, these concepts have morphed into two approaches;
1. The eBay model, where you start from scratch and build up a reputation (under your eBay ID) that both parties (buyer and seller) to a relationship can freely observe.
2. The reference model, where some third party vouches for your identity. We tend immediately to think of Certification Authorities and digital Certificates but in actual fact our credit card is a form of reference ID. The bank takes on the role of vouching for our identity in a totally foreign community and providing the necessary (in this case) commitment to pay.
Payment Systems
Microexpert's consultants have been at the forefront of payment systems from Automated Clearing Houses (ACH) to low value cashless payments using contactless Smart Cards. In the Smart Card arena EMV (Chip and PIN) have dominated in recent years, but now we have seen enormous growth in contactless payments and numerous projects piloting Near Field Communications (NFC). We can work with you in all these areas.
Trusted Transactions
Trusted transactions rely on an end to end relationship between the participants. In the network world, these relationships are established over remote link that may involve many routers but from a security point of view, the transactions must be protected across the two end points generally assuming all intermediate points and links to be insecure.
The transaction will require some combination of security services:
- Confidentiality
- Data integrity
- Entity authentication
- Non-repudiation
The scheme must provide adequate assurance for:
- Tamper Resistant Node Properties
- Strength of Protocols and Mechanisms
- Node Processing Integrity
- Node Identification
- User Binding (e.g. passwords or biometrics)
Secure Access Control
Access control is concerned with only allowing access to resources by authorised entities, which may be people or computer processes.
The resources may be physical, such as buildings and car parks, or logical, such as network access to a local or remote server.
Smart Cards in both contact and contactless mode may be used to secure control such physical and logical access. In essence, the Smart Card acts as an authentication token that can be bound to the user by (for example) passwords or biometrics. This provides what is commonly referred to as a 2-Factor authentication, the Smart Card token and the password. A cryptographic infrastructure, both secret key and public key, can provide the necessary level of assurance when combined with a suitable Smart Card chip.
Anti-Counterfeiting
Anti-counterfeiting is all about embedding a security object in the device to be protected. Traditional objects (e.g. holograms) can be visually checked while electronic devices such as contactless RFID tags are capable of machine interrogation.
The properties of the object are that;
- It cannot be reproduced by an attacker
- It cannot be transferred (i.e. from one device to another) by an unauthorised person
- It's authenticity can be proved
IPR Management
Sometimes products fail to meet expectations, on other occasions, issues arise surrounding the Intellectual Property Rights (IPR) of your product or a competing product. Microexpert can help you here, by analysing the relevant product and determining the cause of the problems or the rights of the parties involved.
We have specialists in all aspects of Smart Cards and cryptographic security. Microexpert can also provide Expert Witnesses for legal proceedings.
Clients
Below is a list of clients that Microexpert's consultants have been involved with, including how they participated in our clients' projects:
- CHAPS (Clearing Houses Automated Payment Scheme, UK – Design and development of the cryptographic authentication modules used to protect the inter-bank financial messages. Today CHAPS passes over £100 billion pounds per day
- Eurocheque Security Architecture – Design of cryptographic modules for protecting financial transactions
- EftPos UK Security Design – Design of the security architecture for a national electronic point of sale scheme, which was the first commercial implementation of the RSA public key cryptographic system
- Mondex – Design of the first totally transferable electronic purse system using an off-line secure Smart Card protocol
- Multos – Design architecture of the first open platform virtual machine multi-application operating system for Smart Cards
- AMEX – Development of a multi-platform Smart Card management system. The scheme can handle both Multos and JavaCard platforms
- DataCard – Smart Card log-on and authentication system for Novel Network systems
