There are many examples of authentication devices and electronic methods of credential exchange. These typically involve a trade-off between security, flexibility and ease of use. For example, a smart card transaction requiring that the card be inserted into a reader gives high confidence that the communication between the card and the reader involves only those two parties, but is relatively inconvenient. A transaction involving a wireless reader such as that used in some subway ticketing system does not even require the user to take the card from their wallet, but unauthorised and undetected third party involvement would be quite straightforward.
Further, these devices typically require an access point where a network function or access point function undertakes the credential processing. Thus a client appliance identifies itself to a master device which then applies pre-selected protocols to the transaction based on that identification. Peer to peer authentication is not catered for. For example, in the case of a credit card or smart card, they are placed within an ATM or other network active receptacle which undertakes the required processing. No transaction is possible between such cards in the absence of a network.
Nor is mutual suspicion credential exchange possible. The client must trust the master and identify itself to the master. This is not a problem where the master device is part of a fixed installation which serves to establish that it is bona fide. This becomes much more problematic when both devices are mobile.
In addition, the user selectable features are a part of the network rather than a property of the card itself.
There is a need for a limited use “business card” and identification token for organisations where personnel may not necessarily know each other but need to know role information such as security clearances, financial approval authorisations, access rights or medical treatment records. It is useful to provide for token to token exchange which establishes user and organisation selectable bona fides of the two parties.
In this process, the touching of the tokens or rather the very close proximity of the tokens must be such that each user can be assured that only those tokens are participating in the process. Otherwise spoofing may be possible by third party wireless systems acting in variations of classic “man in the middle” or classic “hijack” attacks.
For example, in the Defence domain, two people who meet without formal notification of clearance details but with such tokens could exchange credentials which were signed by the Defence Certification Authority and could therefore calculate the level of information they were permitted to discuss.
In a hospital a doctor could authorise a drug treatment by signing an order, and could check that the doctor had prescribe rights at that hospital.