Andreas Jellinghaus wrote: > Am Dienstag 20 April 2010 20:48:07 schrieb Douglas E. Engert: >> Andreas Jellinghaus wrote: >>> Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren: >>>>> The idea is to make it. It should be really straightforward, and >>>>> useful if the token you want to design is centered around PKCS#11 >>>>> operations. >>>> Then we are *exactly* on the same page, we need NEW tokens! >>> why does it have to be a token? why not a modification for the software >>> of my smart phone? >> Because your smart phone is becoming your PC, with too many applications >> and complicated OSes that introduce additional security risks? > > with iphone or windows mobile: I would agree. if they have a sophisticated > security concept to make the system different from normal PC operating > systems, that would be new to me. > > but android looks quite nice, with each application sandboxed and strikt > rules for communication. sure: not perfect, but a nice first step in the > right direction from my point of view. > > also what good is there, if my pc is hacked, then why use a smart card? > a hacker could manipulate the pdf I want to sign, so it shows "10$" > while the one I sign with the card would be "10.000$"... > > sure with smart cards you can maybe steal a signature, but not the key > itself. but admitting, that pc + smart card is better than pc + password, > but not perfect, is a good first step in allowing other solutions too: > they don't have to be perfect either.
As an invited expert member of TrustedComputingGroup I wouldn't count out MTMs (Mobile TPMs) because they can provide secure key storage. The provisioning unfortunately sucks... > so my "smart phone" idea is my silly ideas to this discussion about > alternative concepts. no need for everyone to jump on this wagon. > but maybe we can discuss everyone else "silly idea" too, and see > what architectures could help several people? Absolutely! Since the phone is getting more important each day, authentication from the phone is also getting more interesting and critical. In the Asia this is happening faster than in the EU and US. Regards Anders _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
