Crypto dongles to secure online transactions

Anne & Lynn Wheeler lynn at
Wed Nov 18 18:16:34 EST 2009

On 11/18/2009 12:22 PM, Bill Frantz wrote:
> Perhaps I'm missing something, but my multiple banks will all accept my
> signature when made with the same pen. Why wouldn't they not accept my
> signature when made with the same, well protected, signing/user verifying
> device. I might have to take it to the bank to give them its public key in
> person, but that seems a minor inconvenience.
> This kind of device sounds like a fine device for a banking industry
> committee to specify.

we ran into that with doing chip that required to post-fab personalization ... eliminating lots of the costs thruout the whole infrastructure (eliminating personalization actually makes the delivered cost to the user less than the current infrastructure).

we then looked at the current "institutional-centric" paradigm ... where each institution wants to deliver token/card to user ... with having eliminating any personalization requirement ... then we claimed we could moved to a "person-centric" paradigm ... where a person could use the same token for potentially all their interactions ... having to wade through all the institutional arguments ... and addressing each one that stood in the way of moving from an institutional-centric paradigm to person-centric paradigm.

the smartcard industry was looking at possibly replacing every pin/password with a unique smartcard/dongle.

we claimed we do something like two orders magnitude reduction in fully-loaded costs by going to no personalization (and other things) ... and then another two orders magnitude reduction in number of tokens by transitioning from institutional-centric paradigm to person-centric paradigm (compared to proposed smartcard/dongle replacing every pin/password).

we then came up against that the bank marketing departments have taken advantage of the requirement for institutional personalization ... to put their brand and other stuff on every token. They started out saying they didn't want to do chip because it increased costs ... and when we showed we can come very close to driving costs to zero ... it turns out the marketing departments like the current infrastructure (despite the costs) ... because they feel it is important to have their brand on the token in each person's wallet.

There were various sorts of distractions/obfuscations ... like what happens if the "only" token fails ...
there is nothing that prevents a person from having two "person-centric" tokens (or personally choosing to have a their own unique token per institution). Then it was ... what happens if the only token is stolen. It turns out that the standard threat is the wallet/purse is stolen with all the cards (eliminating any different between there being single token or multiple tokens).

In any case ... with a paradigm that has been in place for this long ... there are quite a large number of people that don't want to change ... some for no other real reason than its different ... for others they have leveraged current paradigm for things that couldn't have been independently justified on its own.

Early on uptake in various standards organization was good ... until some of the change implications started percolating thru the infrastructure. It was analogous to what we did with secure x9.59 financial transaction standard ... and then the implications of eliminating all the associated fraud started to sink in.

40+yrs virtualization experience (since Jan68), online at home since Mar1970

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list