[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
Trustech 2018-rundgren
1. Saturn – Open Decentralized Payment Authorization System
Trustech November 28, 2018, Cannes, France
Anders Rundgren, WebPKI.org
https://github.com/cyberphone/saturn
2. “Tokenization”
TTP Service
Recent
Addition
Merchant
Card: 6785 0345 5677 2455
User Signature key:
Client side
Merchant side
Issuer Banks
User Payment Authorization
Issuer
Lookup DB
Acquirer/Card Processor
Pre-Internet Payment Card Credential
Signed Auth
Payment Decentralization (Disruption) Scheme
Merchant
Issuer: https://mybank.com/payment
Account: FR14 2004 1010 0505 0001 3M02 606
User Signature Key:
Issuer Banks
Enhanced Web-enabled Payment Credential
Signed Auth
Decryption
Key
Issuer Specific Encryption Key:
Signed + Encrypted Auth
POOF!
POOF!
3. POOF!
POOF!
Low level “Trusted” Card Protocol
Medium level Security Protocol High level End-to-End Secured 360° Web Protocol
Payment Terminal + Card Personal Payment Terminal
Virtual Card Logo
Optional: Real-Time
Account Balance
Adapted to:
Your Language &
Your Disability
UI Showing:
• Direct Payment
• Booking
• Gas Station
• Etc.
TEE Protected Keys
4. Externally exposed APIs always require a hole in the fence!
Open Banking
On-line Banking
But the size of the hole varies…
5. Merchant Bank User Bank
User with Saturn “Wallet”
Relation
Relation
Relation
Enhancing the “Four Corner Model”
Authority
Object
Authority
Object
Authority
Object
Merchants