TLS client handshake with a payment card

摘要

Transport Layer Security (TLS) is the de facto standard for preventing eavesdropping, tampering or message forgery of higher-risk Internet communications, for example when making a payment. At heart TLS is a stateful cryptographic protocol built around a public key infrastructure (PKI). However TLS is configurable; at one extreme it provides little protection and at the other end of the scale it provides protection against most threats to an Internet communication. In practice the ldquoIrdquo part of PKI is often not available at the client end so only the server end is authenticated. In this paper an optional TLS extension is proposed that dispenses with the need for the client to be registered with a PKI registration authority and instead uses a payment card to authenticate the user. This facilitates wider use of the available TLS services and can provide additional security services: enhanced privacy and certain non-repudiation services, for example.