Hi,
While memory sticks, CF cards, ATA cards (me old!), smartmedia devices
are just flash, with a FAT support licensed from Microsoft, the USB
frm factor of the same flash devices in the US shops tend to come with
applications. All the finger-print enable USB flash drives have come
with form-filling password managers for years. Whats interesting
recently, is that through USB-interfaced file-based mailboxes, the
Pentium application (such as Sandisk's GINA plugin) can interact with
the matching algorithms on the CPU of the bio-capable flash drive, as
a USB peer (versus a dumb flash data store).
So, in the U3 case, which CPU executes the application?
The PC's
If its the Pentium CPU, then one presumes the application is a Win32
application, loads into virtual memory, may or may not write to other
data stores, is subject to the windows execution model, and the Intel
instruction-level security model, and may or may not require
Windows/.NET security privileges to get its application work done.
Presumably, one needs to sign the media files, so that upon loading
windows trusts the publisher using Windows/W3c/java code signing
mechanisms, assigns privileges authomatically, runs the PE image -once
loaded - through the virus checker, etc. such that the user see none
of the behind the scenes activty ensuring integrity.
Actually, U3 has some (fairly simple .. looks like) accreditation
procedure but there is no application application signature procedure
yet that I have seen.
Yes, at this time, a U3 compliant application is a windows application
(at least) with support for the U3 SDK (at most).
I do hope they will go for Linux (clearly, I think, installing pcsclite
means "sudo"ing some stuff, but there is a fair chance it could be done)
Are we talking about a USB flash drive in which there are autorun
files created for the .exe files stored on the media, just like on a
CD R-W?
Yes and no: they have apparently at least two partitions mounted, one of
which looks to windows like a CDROM... thus the autostart. The latter
loads their own application (Launchpad) which, in turns, gives access to
the U3 compliant applications.
Check out this link: http://www.everythingusb.com/u3.html
If the application is running on the CPU of the flash controller yet
images on a remote desktop over (wireless) USB channel, thats more
interesting. We met an entrepreneur earlier in the year who wanted to
do this.
That'd be nice, but I feel a flash drive embedded CPU, powered by a USB
bus will never reach (at least not in my life time (I'm old too -:) ))
the CPU/bus speed necessary to handle a regular PC application.
I just feel they've opened a techno-door which could bring many neat
possibilities ... and give opportunities to us smart card addicts.
Regards,
Philippe
Regards,
Philippe
For a short time, I worked on a recent project in which a
combination ST22 secure core and an IDE bridge controller were
SOC'ed together to make a smartcard-enabled hard drive. The
smartcard had greater function that merely arming the bridge chip,
like some of the finger sensor-enabled hard drives you see in the
(mobile) military applications - and like the finger-enabled flash
readers (and USB boot drives) you buy now for 79$ in US shops (from
sandisk, lexar, etc).
From: "Philippe C. Martin" <[EMAIL PROTECTED]>
Reply-To: MUSCLE <muscle@lists.musclecard.com>
To: MUSCLE <muscle@lists.musclecard.com>
Subject: Re: [Muscle] SCU3 released
Date: Mon, 28 Nov 2005 09:52:21 -0600
Typos, sorry :
...I need to protect data that in on the drive .... >> ... I need
to protect data that is on the drive ....
...but that I can help "promote" the smart card concept ... >> ...
but that it can help "promote" the smart card concept ...
Philippe C. Martin wrote:
Hi,
I do not know what is behind the scene and how quickly it can be
cracked but:
1) you can tell U3 to use a password for access (I have not tried
yet but I read somewhere that a non-compliant U3 OS (ex: Linux
today) would not be able to see the drive content if the password
were on ... without that password, Linux sees it as another flash
drive.
2) the U3 APIs allow the application to put password protects on
certain private data areas
I do not know if there is crypto built-in ... for instance what
does the drive really do when a data section has a password ? => I
intend to use my own crypto if I need to protect data that in on
the drive.
I do not think U3 is a replacement for smart cards at all, but
that I can help "promote" the smart card concept by adding
mobility to its solutions ... I could _really_ see a U3 drive and
a chip in the same package a few years from now.
Regards,
Philippe
Peter Tomlinson wrote:
So the U3 drive is not a secure device in its own right? (i.e. it
seems
to me that it does not incorporate a crypto chip such as is used
in a
strong security smart card, and nor does its flash memory have
the kind
of security protection against penetration that smart card flash
has)
(I looked on the u3.com web site but found very little specific
about
the device spec.)
Peter
Philippe C. Martin wrote:
A U3 device (www.u3.com) is a flash drive which allows for
applications installation: you plug the U3 device in the USB
port and
your application is available. If the application does its job
correctly, application data is stored on the U3 device, not on the
PC.
Some of the issues I have been facing in the smart card business
are:
1) some application data cannot be written in the card because of
space (and some of the data does not need high security) 2)
potential
customers are often worried about software deployment - that is
especially true for my applications as Python and wxWidget are not
part of regular OS distributions (yes, Python is for Linux) 3)
because of 1) the smart card application (card + software) is
less mobile as the less vital data is stored on the PC (maybe
encrypted
with the card, but still stuck on the PC) 4) setting up smart card
demos at a client site/business branches can be very painfull, and
salespeople are somewhat reluctant to hack PCs (another painfull
lesson)
I just feel that there are applications where a combinaison of a
smart card and a U3 device (they call them smart drives) would
greatly improve deployment/mobility issues.
Putting my solutions aside, I feel a MUSCLE application on a U3
device can make a lot of sense.
U3 drives can be found already in large stores in the US (and I
live
in OK! - I do not know about other countries but I was told
about U3
by a smart card professional based in France).
I hope that is clearer - I often get excited about technology
and sometimes think I have found a great solution were people
see no business value whatsoever :-)
Regards,
Philippe
Ludovic Rousseau wrote:
On 28/11/05, Philippe C. Martin <[EMAIL PROTECTED]> wrote:
Hi,
Hello,
I am very happy to announce the release of SCU3 V 0.1 and
SCU3Python.u3p V. 0.1.
SCU3 is a python wrapper for U3 compliant devices
What is a "U3 compliant devices"? Is it the devices described at
[1]? What are the links with smart cards, PC/SC, etc.?
Bye,
[1] http://www.u3.com/
-- Dr. Ludovic Rousseau For private mail use
[EMAIL PROTECTED] and not "big brother" Google
_______________________________________________ Muscle mailing
list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
------------------------------------------------------------------------
_______________________________________________ Muscle mailing
list Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
