jspωiki
Open Protocol for Access Control, Identification, and Ticketing with privacY

Overview#

Open Protocol for Access Control, Identification, and Ticketing with privacY (OPACITY) is a Diffie-Hellman-based protocol to establish secure channels in contactless environments.[1]

According to Eric Le Saint of the company ActivIdentity, co-inventor in the patent application, the development has been sponsored by the US Department of Defense.

The inventors have declared the contributions to OPACITY to be a statutory invention with the United States Patent and Trademark Office, essentially allowing royalty-free and public usage of the contribution. The protocol has been registered as an ISO/IEC 24727-6 Authentication Protocol and is specified in the draft ANSI 504-1 national standard (GICS).

Open Protocol for Access Control, Identification, and Ticketing with privacY is a family of Key-Exchange protocols based on Elliptic Curve Cryptography.

Open Protocol for Access Control, Identification, and Ticketing with privacYcomes in two versions, called Zero-Key Management (O-ZKM) and Full Secrecy (O-FS).

Open Protocol for Access Control, Identification, and Ticketing with privacY Zero-Key Management (O-ZKM)#

The first name is due to the fact that the terminal does not need to maintain registered public keys.

The parties in the O-ZKM protocol run a Diffie-Hellman key-exchange based protocol using an Ephemeral Key on the terminal’s side and a static (presumably on-card generated) key for the card.

This is a Cryptographically Weak approach as the terminal only uses Ephemeral Keys, anyone can in principle impersonate the terminal and successfully initiate a communication with the card!

Open Protocol for Access Control, Identification, and Ticketing with privacY Full Secrecy (O-FS)#

Open Protocol for Access Control, Identification, and Ticketing with privacY O-FS, uses long-term keys on both sides and runs two nested Diffie-Hellman protocols, each one with the static key of the parties and an Ephemeral Key from the other party. This at least rules out obvious impersonation attacks.

More Information#

There might be more information for this subject on one of the following: