What you are describing is already out there. You have described a mechanism to validate the card, to the reader. It's known as a Card Authentication Method. SCM has readers for contact or contactless to do a CAM. You can even insert your own Java Card ICC in the reader. This is a plus because you can program the embedded chip the way you want it. When a card is inserted it can perform an authentication upon it. Also it can recieve input from middleware encrypt it and send it
down to the card.
As far as CLC, are you sure this isn't covered in JSR 177 ?
<<A biometric sensor on the card is not in the range of this specification as I don't know anything about Biometric sensors for smart cards. But it could be added, of course. >>
There are cards that actually have a bio sensor on it and performs the match on the ICC. I believe Atmel makes a chip for this.
<<The secure input device should be on the token you're carrying with you.>>
A PIN pad ?
What if I require an alpha numeric PIN ?
A input device I need to plug in everywhere I go ? And remove everytime I go somewhere else ?
If not a PIN Pad, this would be something else I have to carry ?
If PIN Pad, must meet ISO7816 card dimensions.
If PIN Pad, how can I see the values I'm entering ? ie, where's my "********" display ?
Wave Systems has a keyboard with an embedded chip that encrypts keystrokes. This adds a layer of security to any desktop application.
Starting a JSR on this might be difficult because it requires hardware modifications not just software APIs. As you know, hardware is difficult to manage in Java without a native interface. Even Java Cards call the card native OS !.
Joseph Smith www.javacard.info
From: Bernhard Fastenrath <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [OCF] proposal: JSR to add input devices to JavaCard Date: Fri, 19 Mar 2004 14:01:17 +0100
On Friday, March 19, 2004, at 01:34PM, Peter Tomlinson <[EMAIL PROTECTED]> wrote:
>Bernhard,
>
>Direct input of PIN to the Javacard? How? PIN pad actually on the card?
>Biometric sensor on the card? Or secure extensions to card readers to allow
>input? I just do not understand the architecture of what you are trying to
>do.
A biometric sensor on the card is not in the range of this specification as I don't know anything about Biometric sensors for smart cards. But it could be added, of course.
The idea is to create a specification for a security token that may support CLC and offers some kind of input device on the token itself. Trusting a card reader always means your're expecting the card reader to be tamper proof. I don't think that's a good idea. The secure input device should be on the token you're carrying with you.
Imagine a combination lock on a USB stick, for example. That's a very straightforward and convenient form to enter a PIN everybody understands from using mechanical combination locks. It should be inexpensive to build something like that into a USB stick. The USB stick could have to caps: A covered combination lock on one side, the USB connector on the other side.
--- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
_________________________________________________________________
Get tax tips, tools and access to IRS forms – all in one place at MSN Money! http://moneycentral.msn.com/tax/home.asp
---
Visit the OpenCard web site at http://www.opencard.org/ for more information on OpenCard---binaries, source code, documents. This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe ! in the body.
