fyi: On-card displays

Anne & Lynn Wheeler lynn at garlic.com
Mon Sep 25 23:19:02 EDT 2006 

Jeff.Hodges at KingsMountain.com wrote:
> From: Ian Brown <I.Brown at cs.ucl.ac.uk>
> Subject: On-card displays
> To: ukcrypto at chiark.greenend.org.uk
> Date: Wed, 20 Sep 2006 07:29:13 +0100
> 
> 
> Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
> So we finally have an output mechanism that means you don't have to
> trust smartcard terminal displays:
> http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-making-cards-more-secure/
> 
> So, when do we see the combined chip/fingerprint reader/display on a
> payment card :) Doesn't of course address the requirement that we want
> evidence (such as a signed paper receipt) that can later be adjudicated
> by a court with higher evidential standards than a bank statement that
> their systems work perfectly...

for a decade or so ... i've made comments that the increasingly powerful smartcards are obsolete because they are really pda(/cellphone) wannabes (after some of the gov. technology transfer legislation in the early 90s, we did some consulting for one of the gov. agencies on attempting to move some smartcard chip based technology into the commercial sector ... and we could already see it was rapidly becoming obsolete).

the smartcard target of portable computing device from 70s/80s required various kinds of iso standards because of the lack of appropriate portable input/output capability .... so there would be standardized, fixed input/output stations that could be used with the portable smartcards. that market niche for smartcards became obsolete with the appearance of pda/cellphone portable input/output capability sometime in the early to mid-90s.

possibly part of the problem was that there was significant investment in various kinds of smartcard technology during the 80s and 90s ... and when they became obsolete ... there was some amount of scurrying around attempting to obtain some/any return on the original investments ... even if it was only a few cents on the dollar.

they are now contending with various kinds of cellphone/pda payment delivery operations. 

there is some paradigm discontinuity tho. there is a tradition grown up where the institutions issue the card (payment, identification, etc) ... to some extent smartcard activities are attempting to capitalize on that legacy momentum. 

an individual's cellphone/pda tends to break that institutional centric issuing paradigm ... since it can involve an individual taking their cellphone/pda (that they already have) and registering it for various activities/transactions/identification ... aka another form of "something you have" authentication ... but it is possibly a personal device rather than an institution issued device.

so there are already various kinds of pda/cellphones with display, input capability ... and
some of them even have their own biometric sensing capability.

the issue with "electronic signature" is demonstration of intent ... we got into that when we were asked to help word-smith some of the cal state (and later federal) electronic signature act. various past postings mentioning issue of establishing intent
http://www.garlic.com/~lynn/subpubkey.html#signature


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list