Crypto dongles to secure online transactions

Scott Guthery sbg at
Sun Nov 22 10:34:55 EST 2009

The FINREAD smart card reader was a European run at moving trust-bearing
transactions to an outboard device. It was a full Java VM in a
tamper-resistant box with a modest GUI, biometrics, lots of security on the
I/O ports and much attention to application isolation. FINREAD readers were
produced and an attempt was made to make its specifications into an ISO/IEC
standard. I don't know why it didn't get any traction but suspect that it
was more on business grounds than on technical grounds.  Telling folks they
had to buy a $100 card reader that was controlled and monetized by one
particular bank wasn't exactly a compelling offer.  

Recently GlobalPlatform has reinvigorated the STIP reader effort which is
from 35K feet the same thing.  GP took over STIP in 2004.  Google or Bing
for details.

As Dan Geer as observed over the years, reducing bank risk is not a consumer

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list