Boy, I sure stuck my foot in my mouth this time. First of all, I meant to send my previous letter to Scott Guthery, not to the whole list. D'oh! I forgot that the Reply-To was not the same as the From. I apologize for sending to the list what could certainly be construed as a commercial email.
Second, now that the damage is done, I'd like to emphasize that my letter was *only* in response to his comment: > The only place the secure smart card exists is on paper ... which > is, I suppose, why we have more smart card standards than we have > successful smart card applications. It was *not* intended to suggest that the Forte card is at all a solution for the subject of this letter (and thread), a smart card with a replaceable OS. It most certainly is *not* that! [EMAIL PROTECTED] asked a bunch of stuff, some of which I'll try to answer below, but again a disclaimer: I am *not* working on the Forte project myself, and am not authorized to speak for SSP-Litronic on this subject beyond what's in the web site. That said, I'll try to make a few comments. > On Friday 15 August 2003 08:58, David L. Markowitz wrote: > > > > If you're looking for a highly secure smart card, with FIPS 140-1, > > Level 3 validation (real soon now :), check out: > > > > http://www.sspsolutions.com/products/forte/ > > > > Disclaimer: I work for SSP. > > Can the ROM, EEPROM, and SRAM be entirely reprogrammed externally? No! The ROM is, of course, read-only. The OS can be patched via the EEPROM. > Does > low-level documentation exist for the on-board components > such as the > cryptographic processor, the DES engine, and the real-time clock? Of course, but I highly doubt it's available publicly. Much of this is probably classified. > Does it require the purchase of a development kit, and does > it require > signing an NDA to get access to such a beast? Don't know, but I suspect yes and yes. > The ARM7 architecture seems to be described in sufficient > detail at the > following location: > > http://www.arm.com/techdocs.nsf/html/ARM7Docs > > Something that isn't explained in the SSP docs that I could > locate for > that smartcard are what measures are taken in tamperproofing > the card. > Are there voltage ranges, timings, etc that trigger it? What are > the results of tamper detection? Complete erasure and a reset of > the card's on-board circuitry? Some of this stuff I *know* is classified (and I don't mean company proprietary). If anyone wants more info I will have to refer them to someone else here, either technical or sales. Email me if you are interested. I must warn you though that as a small company with very limited resources, we're not interested in supporting the hobbyist (yet). We're looking for customers who want thousands to millions of these.
smime.p7s
Description: S/MIME cryptographic signature
