Overview#Open Protocol for Access Control, Identification, and Ticketing with privacY (OPACITY) is a Diffie–Hellman-based protocol to establish secure channels in contactless environments.
According to Eric Le Saint of the company ActivIdentity, co-inventor in the patent application, the development has been sponsored by the US Department of Defense.
The inventors have declared the contributions to OPACITY to be a statutory invention with the United States Patent and Trademark Office, essentially allowing royalty-free and public usage of the contribution. The protocol has been registered as an ISO/IEC 24727-6 authentication protocol and is specified in the draft ANSI 504-1 national standard (GICS).
Open Protocol for Access Control, Identification, and Ticketing with privacYcomes in two versions, called Zero-Key Management (O-ZKM) and Full Secrecy (O-FS).
Open Protocol for Access Control, Identification, and Ticketing with privacY Zero-Key Management (O-ZKM)#The first name is due to the fact that the terminal does not need to maintain registered public keys.
The parties in the O-ZKM protocol run a Diffie–Hellman based key-exchange protocol using an ephemeral key on the terminal’s side and a static (presumably on-card generated) key for the card.
This is a Cryptographically Weak approach as the terminal only uses ephemeral keys, anyone can in principle impersonate the terminal and successfully initiate a communication with the card!