Difference between TCPA-Hardware and a smart card (was: examp le: secure computing kernel needed)

Sun Jan 4 23:10:53 EST 2004

Just some thoughts.

> -----Original Message-----
> From: Anne & Lynn Wheeler [mailto:lynn at garlic.com]
> Sent: Sunday, 21 December 2003 5:40 AM
> To: Ernst Lippe
> Cc: Jerrold Leichter; cryptography at metzdowd.com
> Subject: Re: Difference between TCPA-Hardware and a smart card (was:
> example: secure computing kernel needed)
<snip>

> So what might convince institutions to accept a consumer
> presented hardware token for authentication ... as opposed
> to mandating that the only hardware token that they will
> trust are the ones provided by the institution.
> 
> -- 
> Anne & Lynn Wheeler -  http://www.garlic.com/~lynn/ 

Let me twist that paragraph a little.

Hardware tokens are definately best for the owner, the owner will trust the
token (assuming they can control/load/program it)

Taking the goal of everyday people in the role of consuming desire to trust
their token they should then have full ownership rights (i.e. under the hood
control or choice of competing secure products), why then would anyone else
trust them?

1.It would have to be a nice open standard, not prone to attack.
2.Since it would be owned by the user it must be cheap to implement.
3.It would need to be widely accepted.
4.Not easily destroyed by a hostile transaction.

1- GPG signed invoice,approval,reciept process
2- tough, might get their if phones could do gpg, other options would be
cheap palm running gpg or gpg smartcard
3- not going to happen today, could be forced by goverment control but gov.
system unlikely to benefit people, but may cause black system to rise up
4- non contact, IR beaming, bluetooth, induction. Assuming public key
exchange, privacy is maintained.

Hardware cost and lack of public percieved need will hold this back.  Once
cost and need find a balance then payment processors will start appearing.

Sadly I only see this all happening only as a response to an oppressive
financial transaction law.

Terrorisim could be stamped out simply by only allowing loyal people to buy
food, in fact any undesirables could be stamped out in very short order once
money came under tight control.

Stick an id chip in peoples hands so their token only works for them (to
unlock private key for signing).
ID chip could carry toxin in case person proves dis-loyal.

It could be a simple matter to enforce such a system.
1.ban cash as terrorist/black market/tax avoidance tool
2.show insecurity of existing cash replacements (stolen tokens, lending to
terrorists)
3.mandate goverment provided solution with ID chip
4.each public key must be certified by gov.
5.anyone using a key unmarked by gov is terrorist.
6.combine with rfid's in all products to determine who buys items that
combine to indicate terrorism
7.activate toxin in terrorists
8.world free of terror!?!?

Such a system could be implemented in a few short years. World free of
terror by 2006?

The only danger to such a world of peace would be those who refuse goverment
signed keys and use their own payment provider and trade amounst themselves,
they would have to be hunted down seperately.

Did I miss anything?

	cya,	Andrew...

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com