!!! Overview
[{$pagename}] ([OPACITY]) is a [Diffie-Hellman]-based [protocol] to establish [secure channels|Secure connection] in contactless environments.[1]

According to Eric Le Saint of the company ActivIdentity, co-inventor in the patent application, the development has been sponsored by the US Department of Defense.

The inventors have declared the contributions to [OPACITY] to be a statutory invention with the [United States Patent and Trademark Office], essentially allowing royalty-free and public usage of the contribution. The [protocol] has been registered as an ISO/IEC [24727-6|ISO 24727] [Authentication Protocol] and is specified in the draft [ANSI] 504-1 national standard (GICS). 

[{$pagename}] is a family of [Key-Exchange] [protocols] based on [Elliptic Curve] [Cryptography]. 

[{$pagename}]comes in two versions, called Zero-Key Management (O-ZKM) and Full Secrecy (O-FS). 

!  [{$pagename}] Zero-Key Management ([O-ZKM])
The first name is due to the fact that the terminal does not need to maintain registered public keys.

The parties in the [O-ZKM] protocol run a [Diffie-Hellman key-exchange] based [protocol] using an [Ephemeral Key] on the terminal’s side and a static (presumably on-card generated) key for the card. 

This is a [Cryptographically Weak] approach as the terminal only uses [Ephemeral Keys], anyone can in principle impersonate the terminal and successfully initiate a communication with the card! 

!! [{$pagename}] Full Secrecy ([O-FS])
[{$pagename}] O-FS, uses long-term keys on both sides and runs two nested [Diffie-Hellman] [protocols], each one with the static key of the parties and an [Ephemeral Key] from the other party. This at least rules out obvious
[impersonation] attacks.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [A Cryptographic Analysis of OPACITY|https://eprint.iacr.org/2013/234.pdf/|target='_blank'] - based on information obtained 2016-02-03-