Tim, I would love discussing the details but unfortunately the USG and their suppliers is in such a mess that I don't think it would be constructive: http://www.trustdigital.com/downloads/TD_EMM_CAC_Pack_101008.pdf It is about a 50 cent built-in TPM versus $200+ of highly inconvenient c**p that unlikely will ever be directly supported by the mobile platforms vendors.
Anyway, *my* ambition is making 2FA (Two Factor Authentication) as simple and cost-efficient as is possible. Adding security-hardened silicon is something that will come automatically when (if actually...) the need demand/usage increases. My former US colleges tell me that US consumers will never use devices for authentication on the Internet. Given the *current* devices I think they are right refusing. Quite challenging, isn't it? Anders ----- Original Message ----- From: "Timothy J. Miller" <tmil...@mitre.org> To: "Anders Rundgren" <anders.rundg...@telia.com> Cc: "Alon Bar-Lev" <alon.bar...@gmail.com>; <opensc-devel@lists.opensc-project.org> Sent: Tuesday, May 05, 2009 22:51 Subject: Re: [opensc-devel] OpenSC's future relevance Anders Rundgren wrote: > Conclusion: the smart card industry is working with dated designs > that doesn't really scale. The smartcard industry knows where the money is, and it's not in selling cards. > Tim: private keys are protected by a master key residing in EEPROM > in the USB controller. That's fine for *storage.* Storage is only *one* place where key exposure is a concern. Where's the key when it's being used? Are you using the USB controller as a crypto engine? -- Tim _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel