To replace the current antiquated credit card system with origin based credit systems. Offer customers features high on protecting their Assets (identity, money)
Abortion pills in Saudi Arabia (+919707899604)cytotec pills in dammam
Replace The Current Antiquated Credit Card System
1. Payment Systems Network
Replace the current antiquated credit card system
My Goal: To replace the current antiquated credit card system with origin based credit systems. Offer customers
features high on protecting their Assets (identity, money).
My Technology:
The Origin System
Triple (A)Signatures
(A) CCEPT Proof of Identity:
• Our Acceptance mechanisms (AntiPhishing) give you
the power, in an instant, to know if an incoming
communication is friendly or harmful.
(A) PPROVE Informed Consent:
• Our approve mechanisms gives the power to the issuer of
communications (banks, c/c merchants, CRM), the ability
of knowing they are dealing with the intended subscriber.
(A) UTHENTICATE Evidence of Deliberation:
Evidence of deliberation is the area we specialize in. Contact me for more info.
4 Year forecast: To be the largest supplier of accredited communication (sms, mms and pdf) by 2013.
8 Year forecast: To be the largest supplier of anticounterfeit mechanisms by 2018. (Provenance Verifiers &
Dynamic Identifiers)
My Motivation: To stamp out credit card fraud and digital identity theft.
Warren J. Smith CEO
Social Networking Entrepreneur
1.
2.
ROAD P
Vice President at Paytong info Tech Ltd., Co
sounds great! now in china, the IC chip bank card didn't develop so fast even though it be accepeted by users
worldwild. i think it can be a sharp market space in china.
3.
4.
Warren J. Smith CEO
Social Networking Entrepreneur
The transformation from the magnetic cards to the integrated circuit (short for IC) cards are no better than the
previous magnetic cards. Sure they may be harder to counterfeit. But the fundamental problem is when your c/c
details are used online. You still give your c/c details such as name, credit card number, address, security code. This
is not only unsafe but also gives away the identity of the c/c holder. Anyone that has the right technology can
intercept and reuse these details.
2. The Origin Card system protects the identity of the user. The card can be cross examined from a remote location.
The issuer can request the user to generate another dynamic identity in an instant. The identity is transferred by SMS
(Short Message Service). Why SMS? Its cheap, reliable and has a global reach through 860 GSM networks in 220
countries.
What is at stake? The identity of the user, and their assetsmoney. Why the EMV movement continues to roll out
systems that fail is beyond me.
What the Chinese market needs is a complete system. A system that values protecting their identity and assets is
paramount.
5.
6.
ROAD P
Vice President at Paytong info Tech Ltd., Co
i am intresting in your technology. if it possible, please send me the introduction of your solution.
roadpeng@paytong.com
all the best
Road
7.
8.
Lynn Wheeler
Independent Software Professional, 40+yrs virtualization experience, online at home since Mar1970
paper from last fall from Kansas City Fed:
Can Smart Cards Reduce Payments Fraud and Identity Theft?
http://www.kansascityfed.org/Publicat/ECONREV/PDF/3q08Sullivan.pdf
and some archived posts in the discussion:
http://www.garlic.com/~lynn/2008p.html#11
http://www.garlic.com/~lynn/2008p.html#14
http://www.garlic.com/~lynn/2008p.html#15
http://www.garlic.com/~lynn/2008p.html#18
http://www.garlic.com/~lynn/2008p.html#19
http://www.garlic.com/~lynn/2008p.html#44
http://www.garlic.com/~lynn/2008p.html#49
http://www.garlic.com/~lynn/2008p.html#55
The paper mentions X9.59 financial transaction standard.
We had been brought in to consult with small client/server startup that wanted to do payment transactions on their
server; they had also invented this technology called SSL; the result is now frequently called "electronic
commerce".
Somewhat as a result, in the mid90s we were asked to participate in the x9a10 financial standard working group
which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments
(*ALL* as in debit, credit, storedvalue, gift card, ACH, pointofsale, facetoface, unattended, cellphone, transit
turnstyle, lowvalue, highvalue; wireless, contact, contactless, aka *ALL*). The result was the x9.59 financial
transaction standard
http://www.garlic.com/~lynn/x959.html#x959
Pat of the effort was to do detailed, endtoend threat and vulnerability analysis of the various environments ...
3. identifying various things including lost/stolen, skimming, evesdropping, data breaches, insiders, external attacks,
and numerous more.
Disclaimer ... in previous life, I had several offices and labs in the los gatos lab. ... mentioned in this wiki reference
about origins of magnetic stripe:
http://en.wikipedia.org/wiki/Magnetic_stripe
as well as this reference regarding development of early ATM machines
http://en.wikipedia.org/wiki/IBM_3624
9.
10.
Warren J. Smith CEO
Social Networking Entrepreneur
Thanks Lynn for your insight. Can Smart Cards Reduce Payments Fraud and Identity Theft? Interesting read. Origin
Cards also have embedded chips, also to aid authentication, but the information generated from the card is of a
dynamic nature. What is relayed over the internet or via txt message is a representation of the intended subscriber's
identity. That is how you protect the identity of the user. We call them dynamic identities. If the current chip system
of other c/c brands promote their system as being complete and secure, why then would you want to then give your
credit card details etc over the internet, which would only expose your identity to phishing sites, fraudsters and
anyone else that can get their hands on your personal details. I really do feel for people that have been duped into
these socalled benchmark practices dished out by other c/c system. This process doesn't prevent identity theft or
credit card fraud but in fact assist Identity thieves and credit card cloning. When will the industry wakeup I just
don't know? Credit card fraud and the associated identity theft can only be achieved if the information is given up in
the first place.
Remote analogue cross examination is the key to determining if the credit card is in fact being controlled by the
rightful card owner. This aspect we have achieved. Furthermore, no chip card including Origin cards are safe from
counterfeiting unless an additional mechanism can STOP this. We have achieved this with Geometric Verifiers.
These are embedded into the matrix of the Origin card itself.
Again thanks Lynn for your insight. Much appreciated.
11.
Warren J. Smith CEO
Social Networking Entrepreneur
If an Origin credit card is stolen or lost, the imposter needs the rightful cardholder's password to access the cards
database to generate a dynamic identity, origin identifiers to make a purchase. If they manage to hack the database,
an additional alphapassword that doesn't reside on the chip itself but in the memory of the rightful card owner. This
is a masterpassword combination.
All of these security layers amount to zero, unless the analogue characteristics of the card can be cross examined
from a remote location by the issuer or clearing house, this is our specialty. The issuer’s assets are at stake just as
much as the identity of the subscriber.
PS Their are no embossed numbers or cardholders details on the card. That would just make it to easy for cloners,
and thieves. However, the cards COULD be branded by a well known credit card brand. Why would you want
anything else on the card except the brand of a security conscience c/c firm?
Posted 3 days ago | Delete comment
12.
Lynn Wheeler
Independent Software Professional, 40+yrs virtualization experience, online at home since Mar1970
4. In the AADS patent portfolio (even chugging along long after we left; they are all assigned patents and we have no
interest):
http://www.garlic.com/~lynn/aadssummary.htm
there is integration of 3factor authentication paradigm
* something you have
* something you know
* something you are
In the "AADS" scenario for X9.59 financial transactions .. there is the concept of "security proportional to risk" ...
where the amount/level of authentication can be proportional to the transaction value.
The idea of dynamic/static comes from analysis of class of "replay attacks" ... can a crook create a successful
fraudulent transaction from information from previous transactions (skimming, evesdropping, data breaches, etc).
In the AADS scenario ... it might be possible to use a chipcard for a lowvalue transaction (just dynamic data
produced by the chip) ... but w/o additional levels of authentication. Higher value transactions may require
additional levels of authentication. AADS scenario does have concept of online transactions ... so that amount of
fraud, even in lowvalue scenario can be bounded by deactivating the account number.
there is some xover with (linkedin) Financial Crime Risk, Fraud and Security group in "How can we stop Credit
card FRUAD?" thread ... part of it archived here:
http://www.garlic.com/~lynn/2009j.html#41
http://www.garlic.com/~lynn/2009j.html#46
http://www.garlic.com/~lynn/2009j.html#50
Posted 3 days ago | Reply Privately
13.
Warren J. Smith CEO
Social Networking Entrepreneur
I gotta hand it to you Lynn you surely do know your stuff.
14.
15.
Warren J. Smith CEO
Social Networking Entrepreneur
I'm glad you've pointed out the fundamentals of the 3factor authentication paradigm. That is precisely what Triple
(A)Signatures are, three times the action. Which you can see at anyone of my twitter sites which are geared for the
next revolution of banking/shopping, I call SNC Social Network Commerce (TOrigin for "Tweet
Speakers") http://twitter.com/warrenjsmithceo my twitter sites. My my social networking
project http://go.coolpage.com I'm still yet too decide if it will be Amazon’s Flexible Payments Service (FPS) or
PayPal’s Direct Payments compliant. Maybe a widget for both or none, not sure at this stage.
16.
17.
Warren J. Smith CEO
Social Networking Entrepreneur
Back to the issue of 3factor authentication paradigm, which I see you've already pointed out to another member's
discussion relating to biometric authentication, which I once put to a RSA Security sales person 10 years ago at an
I.T. convention sponsored by Microsoft here in Auckland. I put it to him that a digital representation or
measurement of one's fingerprint could be reused if that print was illegally captured/obtained and digitally presented
to gain illegal access to privy information. He argued that it was full proof, however, the security specialist in the
background got wind of our conversation and set the record straight for his New Zealand sale person and confirmed
that it was indeed possible to have a digital representation posing as the authorized user. Which gets me back to my
5. previous points made regarding cross examining the source or bet it the analogue source. Ten years ago biometrics
was still pretty much in its infancy, now you can definitely cross examine the digital representation by challenging
the source by taking heat/pulse readings of the finger/palm, getting the finger to move in a certain direction,
directions issued by the issuer of course, but an internal combined with a external 3D scan will prove the source or
origin is in fact real.
18.
19.
Warren J. Smith CEO
Social Networking Entrepreneur
3factor authentication paradigm
* something you have
* something you know
* something you are
Again Lynn thank you for your invaluable and professional insight for members following this discussion. YOU,
ME & P ROAD by the looks of things.
ELEMENTPROPERTIESACTION
keytokenaccept
assetsmoneyapprove
identitypasswordsauthenticate
Looks pretty similar to the 3factor authentication paradigm Lynn.
Triple (A) Signatures = 3x times the action required to prove ones credentials. But it goes both ways Lynn, the
issuer has to prove their credentials just as much as the subscriber does. That is why 3factor authentication on its
own isn't enough that is the very reason why phishing exists. Only the subscriber is expected to verify their
credentials, WHAT ABOUT the ISSUERS CREDENTIALS? PLEASE TELL ME!
Triple (A)Sigantures can't even raise the bar to reassure me I'm dealing with JOE who knows? Unless the analogue
source can be cross examined by the issuer to satisfy the issuer. Unless the issuer demands can be satisfied there
is absolutely no point of risking the issuers and subscribers assets, irrespective of the amount of monies transacted or
at stake.
Just a refresher; Triple (A)Signatures consist of the following: But cannot stand on their own feet in terms or
positive proofing the issuer & subscribers cedentials.
(A)CCEPT Proof of Identity:
• Our Acceptance mechanisms (AntiPhishing) give you
the power, in an instant, to know if an incoming
communication is friendly or harmful.
(A)PPROVE Informed Consent:
• Our approve mechanisms gives the power to the issuer of
communications (banks, c/c merchants, crm), the ability
of knowing they are dealing with the intended subscriber.
(A)UTHENTICATE Evidence of Deliberation:
20.
Lynn Wheeler
Independent Software Professional, 40+yrs virtualization experience, online at home since Mar1970
6. there is sometimes confusion regarding authentication and identification ... many times payments require
authentication ... but don't actually require identification. In fact, at one point, the EU was asking that electronic
transactions not require identification (as a privacy issue) ... aka names would be removed from payment cards.
we've also periodically observed possible semantic confusion between "human signature" (indication of having read,
understood, approves, authorizes and/or agrees) and "digital signature" ... possibly because the two terms both
contained the word "signature". we had been called in to help wordsmith the cal. electronic signature legislation ...
and the issue with (simple) digital signature not meeting the requirement for "human" signature was explored in
some detail.
there is also an dualuse vulnerability issue if the same private key (digital signature) is used both for straight
forward authentication processes as well as in conjunction with additional procedures for "electronic signatures" ...
part of past, longwinded discussion in crypto mailing list
http://www.garlic.com/~lynn/aadsm17.htm#57 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm17.htm#59 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#0 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#1 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#2 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#3 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#4 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#6 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#12 dualuse digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#13 dualuse digital signature vulnerability
21.
Warren J. Smith CEO
Social Networking Entrepreneur
Evidence of deliberation is the crux of the whole issue. Are you willing to risk your assets because a machine told
you so? If you answered yes to this question, then pack your bags and start looking for another job. Have you ever
seen the movie Terminator? What do you think the movie was about? (A) Machines taking over? or (B) Man
allowing machines to replace their decision making? If you answered (B) Unpack your bags, their could be hope for
you yet.
You see Lynn, mans reliance on the machine to do the thinking or deciding if a credential is friendly or harmful
means that we simply wouldn't or couldn't know if it was or wasn't. Which is why 3factor authentication is only
part of the equation? It my reckoning it amounts to zero, no gain but heaps to lose. Its half measured stuff to put it
plainly.
22.
23.
Warren J. Smith CEO
Social Networking Entrepreneur
Don't get me wrong Lynn I absolutely appreciate your comments. I am not suggesting the Origin System is full
proof, what I am attempting to illustrate is the need for mechanisms that give power of assurance to the issuer and
subscriber. The power to determine in an instant if a credential is harmful or friendly. But let that power sit with the
decision making of the human. I call this human verified vs machine verified. Lets admit once and for all that
problems do exist with the current credit climate and architecture and bring back trust in banking for the sake of our
people & great nation the United States of America.
24.
25.
Warren J. Smith CEO
Social Networking Entrepreneur
7. Authentication, Identification its all semantics to me Lynn, but your absolutely right there is a distinct difference
between the two, but both are similar in that they are both credentials.
26.
27.
Warren J. Smith CEO
Social Networking Entrepreneur
Just to take a leaf out of one of your comments as follows; "There is sometimes confusion regarding authentication
and identification ... many times payments require authentication ... but don't actually require identification. In fact,
at one point, the EU was asking that electronic transactions not require identification (as a privacy issue) ... aka
names would be removed from payment cards."
There is a direct correlation with what you have suggested here in regards to the EU asking that electronic
transactions not require identification (as a privacy issue). I want to take it a step further, Origin cards DO NOT
have embossed details on the cards itself, why should leaving out the identity of the card holder be reserved just for
the ereceipt or etransmission purposes only. The problem is more of a local issue rather than an electronic issue.
Furthermore, with the amount of ecommerce sites these days, how can you reassure me that all these databases are
adequate enough to ensure me that my credit card details are safe enough despite the EU's wish list..
28.
29.
Warren J. Smith CEO
Social Networking Entrepreneur
Again Lynn I've got to thank and acknowledge your expertise in this field and deeply appreciate your investigative
comments. I will be the first to admit I was still playing with marbles at school when you were an undergraduate in
the 70s and that learning is a continual process and that you can teach an old dog a new trick (I'm the old dog). I
learn from my son after teaching him webdesign and Macromedia flash 8, picture editing, sound editing, and he's
only 5 years old. In fact you can see 98% of his work in a power point presentation I have on my profile called iTM
(iPhone Teller Machines) a future vision to replace ATMs. I thank you for hiring up my knowledge. I hope we can
someday meet under more conducive conditions in an attempt to take on the card cloners, link manipulators,
fraudsters and identity thieves. Signing out, the sun has risen, in the first country to see the light New Zealand
(Aotearoa) "The land of the long white cloud"
30.
31.
Lynn Wheeler
Independent Software Professional, 40+yrs virtualization experience, online at home since Mar1970
Two things in X9.59 financial transaction. It provided for authentication w/o requiring name/identification and it
slightly tweaked the paradigm so that crooks could no longer utilize information from skimming, evesdropping,
and/or data breaches for the purposes of fraudulent transactions.
We had been tangentially involved with the cal. data breach notification legislation (first in the country) when we
were brought in to help word smith the cal. electronic signature legislation. several of the parties involved in
electronic signature were also involved in privacy and had done detailed, indepth consumer privacy surveys. The
number one issue in the privacy surveys was "identity theft" ... most notably fraudulent financial transactions as a
result of various kinds of data breaches. At the time, little or nothing seemed to be done about the problem ... so they
apparently felt that the publicity from the breach notifications might motivate corrective action.
Note that x9.59 did nothing about preventing skimming, evesdropping and/or data breaches ... but it did prevent the
fraudulent transactions that were the result of such exploits (i.e. it removed the financial fraud threat and the primary
motivation for crooks).
Now, the primary use of SSL in the world today ... is this earlier "electronic commerce" thing that we worked on,
involved in *hiding* information about financial transaction information (in order to prevent crooks from being able
8. to perform fraudulent transactions). X9.59 eliminates the ability of crooks to use such information for fraudulent
transactions ... and therefor eliminates the need to use SSL for that purpose
32.
33.
Warren J. Smith CEO
Social Networking Entrepreneur
Please Lynn, Origin cards cannot be skimmed, their isn't any magnetic strip, also eavesdropping can not be achieved
with Origin Cards, because the card holder generates a dynamic identity from the card in the palm of their own
hand; around the corner or in their car before inserting it into an iPOS terminal, or desktop terminal. No ones able to
peer over my shoulders or eaves drop on me because I’ll cover the card so much with my hands that only I can peek
at it before inserting it. My masterpassword is the last line of defense and noone can get a look in. I hope P Road
can jump in from here I'm too sleepy at the moment. It’s a good thing I'm my own boss, I'm sleeping in. Thanks
again for your comments.
34.
Warren J. Smith CEO
Social Networking Entrepreneur
An update continuation of this discussion can be followed at a supplemental discussion: Origin Open Platform –
“THE HOLY GRAIL by Warren J.