Authenticating Secure Tokens Using Slow Memory Access

Extended Abstract

John Kelsey and Bruce Schneier

USENIX Workshop on Smart Card Technology, USENIX Press, 1999, pp. 101-106.

ABSTRACT: We present an authentication protocol that allows a token, such as a smart card, to authenticate itself to a back-end trusted computer system through an untrusted reader. This protocol relies on the fact that the token will only respond to queries slowly, and that the token owner will not sit patiently while the reader seems not to be working. This protocol can be used alone, with "dumb" memory tokens or with processor-based tokens.

[full text - PDF (Acrobat)] [full text - Postscript]

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..