Dear List, I'm looking for partners to create an alternative to the existing smart cards.
Note: I would not consider this as alternative to government eID programs because they live their own life, usually completely unaffected of technology, prices, card readers (...), etc, :-) I started thinking about using non-crypto HW like this: http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3879 The following article proves that you don't need any exotic processor: http://www.cs.harvard.edu/~malan/publications/secon04.pdf I'm currently in sort of "feasibility study" where I evaluate different alternatives and technologies. The bottom line is that there is no token available on the market that can host more than a handful of keys. On the Internet you need a lot of more keys if 2FA (Two Factor Authentication) is going to take off in a big way. I believe that dirt-cheap electronics and ECDSA could be a great combination! On-line provisioning using KeyGen2 is also part of this concept: http://keycenter.webpki.org A stand-alone USB token should be possible to sell for $7 while the add-on cost for existing USB sticks may be something like 50 cent. Token middleware has to date been a real hassle. Even even if tokens follow standards, standards are still subject to interpretation, options, etc.. Having the implementation in source code makes a huge difference. Anders Rundgren
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
