Difference between TCPA-Hardware and a smart card (was: example:secure computing kernel needed)
Anne & Lynn Wheeler
lynn at garlic.com
Thu Dec 18 22:03:51 EST 2003
At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote:
>In the late nineties, the smart card world
>worked out that each smart card was so expensive,
>it would only work if the issuer could do multiple
>apps on each card. That is, if they could share
>the cost with different uses (or users).
>
>This resulted in a big shift to multi-application
>cards, and a lot of expensive reworking and a lot
>of hype. All the smart card people were rushing
>to present their own architecture; all the user
>banks were rushing to port their apps back into
>these environments, and scratching their heads
>to come up with App #2 (access control, loyalty...)
.....
I've maintained since the mid-90s ... that the idea of multi-app smartcard
is from sometimes in the '80s. the tarket was the portable computing
environment .... before there was portable input & output technology. One
of the reasons for smartcard standards was to have interoperability between
input/output support stations .... and the portable computing.
The mid-90s saw some take-off in capability of multi-app smartcards because
the technology that could be packaged into a smartcard got greater.
Also by the mid-90s, there was portable input & output technology and PDAs
and cellphones were starting to rapidly fill the target market niche for
multi-app smartcards (where everybody had their own portable computing
input/output capability w/o having to find a station someplace).
One of the other target market niches for the portable computing devices
was the offline environment (again left=over from the 80s) .... however,
with the pervasive penetration of the Internet into the world market ....
followed by all sorts of wireless capability .... any target offline market
niche is rapidly going the way of the dinosaurs. One might claim that
continuing momentum for multi-app smartcards is the enormous investment
that was made starting by at least the late '80s continuing up through the
current time.
So while there was an escalating amount of capability that could be
packaged in a smartcard form-factor by the late 90s along with an
escalating cost .... apparently requiring escalating feature/function to
try and justify the escalating costs .... why would somebody want
significant amount of capability in what is effectively a deaf & dumb
device (w/o its support stations) .... when you could get enormously better
usability by packaging the significant amount of capability in
PDA/cellphone form factor.
i tried to take the opposite track with the aads chip strawman .... find a
reasonably compelling business case for a hardware token .... and then
totally focus on that function.
the compelling business use selected was authentication. aads attempts to
totally focus on KISS authentication as a compelling business reason for a
hardware token .... with aggressive discarding everything that doesn't
support the authentication compelling business use (if something non-KISS
authentication is needed .... get a PDA or cellphone).
misc. aads stuff:
http://www.garlic.com/~lynn/index.html#aads
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list