Difference between TCPA-Hardware and a smart card (was: example:secure computing kernel needed)

[Bill Stewart]

>At 09:38 AM 12/16/2003 -0500, Ian Grigg wrote:
>
>>In the late nineties, the smart card world
>>worked out that each smart card was so expensive,
>>it would only work if the issuer could do multiple
>>apps on each card.  That is, if they could share
>>the cost with different uses (or users).

Of course, at this point the assertion that a smart card
(that doesn't also have independent user I/O)
costs enough to care about is pretty bogus.
Dumb smartcards are cost-effective enough to use them
to carry $5 in telephone minutes.

The real constraint is that you're unlikely to have
more than one card reader in a machine,
so multifunction cards provide the opportunity to
run multiple applications without switching cards in and out,
but that only works if the application vendors cooperate.

For instance, you may have some encrypted session application
that needs to have your card stay in the machine during the session
(e.g. VOIP, or secure login, SSH-like things, remote file system access),
and you may want to pay for something using your bank smartcard
during the session.  That's not likely to work out,
because the secure session software vendors are
unlikely to have a relationship with your bank that lets
both of them trust each other with their information,
compared to the simpliciy of having multiple cards.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com