0

asymetric key is normally used for signature for non repudiation.

But what if one uses EMV CAP in TDS mode as described here http://en.wikipedia.org/wiki/Chip_Authentication_Program ?

Is non repudation possible since the user uses a banking card he cannot pretend he didn't sign could he ?

user310291
  • 1,413
  • 2
  • 12
  • 13
  • I don't know what you're asking. Asymmetric cryptography can be used for encryption, for signature, or for non-repudiation (among others); it depends how you use it. Whose repudiation are you concerned about? What is the connection between CAP and whether the user has signed his card? Could he what? – Gilles 'SO- stop being evil' May 15 '12 at 21:46
  • I'm talking about symetric not asymetric. EMV CAP TDS uses symetric encryption and a pin code. – user310291 May 21 '12 at 17:59

1 Answers1

2

This question is a bit unclear.

It is important to understand that non-repudiation is a complex subject that involves legal, social, and technical considerations. Non-repudiation is not just a matter of algorithms. You seem to think that use of public-key cryptography is sufficient for non-repudiation; this is far from the truth.

I suggest you read up on non-repudiation; the concept is much more complex than this question seems to appreciate. In particular, there is not sufficient information here to determine whether the system you have in mind achieves non-repudiation to a reasonable degree.

Here are some readings on non-repudiation:

Community
  • 1
D.W.
  • 98,420
  • 30
  • 267
  • 572
  • I read your answer in the other thread. In some countries if your computer has been compromised you are responsible it is like you have your credit card stolen. So let's suppose that what I know is only to prove that signature was actually done using that card ? – user310291 May 21 '12 at 17:59
  • @user310291, I think some of your premises are faulty. I'm not sure if I follow you, but if I understand your comment, it sounds like you're claiming that "if you have your credit card stolen, you are responsible for any fraudulent transactions that may result". That is not the case, at least not in the US. In the US, if your credit card is stolen and used to make fraudulent transactions, you are not responsible for the charges. – D.W. May 22 '12 at 05:44