Overview#

Open Protocol for Access Control, Identification, and Ticketing with privacY (OPACITY) is a Diffie–Hellman-based protocol to establish secure channels in contactless environments.[1]

According to Eric Le Saint of the company ActivIdentity, co-inventor in the patent application, the development has been sponsored by the US Department of Defense.

The inventors have declared the contributions to OPACITY to be a statutory invention with the United States Patent and Trademark Office, essentially allowing royalty-free and public usage of the contribution. The protocol has been registered as an ISO/IEC 24727-6 authentication protocol and is specified in the draft ANSI 504-1 national standard (GICS).

Open Protocol for Access Control, Identification, and Ticketing with privacY is a family of key-exchange protocols based on Elliptic Curve Cryptography.

Open Protocol for Access Control, Identification, and Ticketing with privacYcomes in two versions, called Zero-Key Management (O-ZKM) and Full Secrecy (O-FS).

Open Protocol for Access Control, Identification, and Ticketing with privacY Zero-Key Management (O-ZKM)#

The first name is due to the fact that the terminal does not need to maintain registered public keys.

The parties in the O-ZKM protocol run a Diffie–Hellman based key-exchange protocol using an ephemeral key on the terminal’s side and a static (presumably on-card generated) key for the card.

This is a Cryptographically Weak approach as the terminal only uses ephemeral keys, anyone can in principle impersonate the terminal and successfully initiate a communication with the card!

Open Protocol for Access Control, Identification, and Ticketing with privacY Full Secrecy (O-FS)#

Open Protocol for Access Control, Identification, and Ticketing with privacY O-FS, uses long-term keys on both sides and runs two nested Diffie–Hellman protocols, each one with the static key of the parties and an ephemeral key from the other party. This at least rules out obvious impersonation attacks.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 04-Feb-2016 01:12 by jim