On 2011-10-28 16:08, rajesh banginwar wrote: > Yes, that was going to be my follow up question :-) > > > I agree with you that crypto acceleration has only limited benefits > and only in some cases (depending on how much data etc). Following > up on Brian's response, will be doing some additional research on that topic.. > coming to key mgmt, Is the recommendation to implement a service provider > for key mgmt? Any ideas what google wallet uses as far as Java APIs are > concerned?
I hope that nobody takes the offense but although the Android platform is marketed as "open", the stuff that goes into the platform, including the future plans for it, is hardly more open than for example Apple's or Microsoft's counterparts. The Google Wallet has not been disclosed in detail because Google cannot do that due to the NDA for the NFC chip. Reverse engineering is your friend :-) Anyway, Google Wallet represent a V0.3 design so we shouldn't bother too much about it at this stage except by using it and getting experiences that could be of use for a NextGen version. I'm personally unconvinced that payment and identity solutions need different technical foundations so I'm running an (entirely) open effort for creating a unified solution. Since it also includes enhanced smart cards and networked boxes it is probably a bit outside of Google's somewhat narrow vision but I remain confident that is the right approach reaching the critical mass that at least the existing security hardware vendors have failed with. The scheme builds on "Open Security Hardware": http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf Anders > > Thanks, > > > -Rajesh > > > ________________________________ > From: Anders Rundgren <[email protected]> > To: Android Security Discussions <[email protected]> > Cc: Brian Carlstrom <[email protected]>; rajesh banginwar > <[email protected]>; Pandit <[email protected]> > Sent: Friday, October 28, 2011 1:10 PM > Subject: Google Wallet. Re: [android-security-discuss] Dalvik crypto provider > > http://www.google.com/wallet > > already has a HW crypto provider. Like many HW-related things > in the mobile world it is NDA-protected. > > Anyway, client devices will not include HW crypto to enhance > performance (it is hard beating a 1GHz ARM processor...), but > for improved protection of keys. > > Anders > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
