Dear Peter, > It's my old idea of implementing PKCS#11 directly over USB. Issues > have been pointed out, and they would have to be solved of course.
Feitian offers two ranges of products: CCID (ePass2003 and other
products) and HID over USB (ePass2001 and other products).
At Gooze, we have HID over USB products in stock (around 100 unused
tokens) but we did not released them as they were incompatible with
OpenSC.
Under Windows, it seems that HID over USB range of products can be used
without drivers, just over USB. Under Linux, a small proprietary USB
framework is needed. If this is what you mean, you may be interested in
testing these HID products. Just write me a private email and I can send
you one of these tokens.
IMHO, CCID is superior as it is really plug-and-play under all systems.
Of course, CCID is needed, but it could be installed under all systems
by default. The last versions of libccid with udev really rocks. Pure
plug-and-play never exists, you always need an underlying library.
libccid is that library.
I agree PIN provisioning is really an issue. But if you think of
Android, there could be an application available from Android store to
do this job.
What we need is:
* Cheap hardware available worldwide, with onlines sales.
* A common framework under all systems, this is OpenSC.
* Compatibility with all systems, including Linux, Mac, Windows and
Android.
* A growing user base.
* A growing developer base.
A common strategy is to be able to answer "Yes" to all questions and
needs. With OpenSC, you can say YES to "Windows", "Mac", "Linux" and
soon "Android". You can say YES and ship tokens to most countries.
Remember crypto is a restricted market and you need authorizations to be
able to ship.
From my point of view, I would be more in favor of an Android phone
acting as a CCID device overs some secure wireless link over OpenSC.
GOOZE will soon release crypto chips for Android and this will become
one of our target project. We have the demo chips in stock. As usual, we
will offer free crypto chips for Android to hackers requesting it.
The only reason why Apple removed smartcard support is that (in my
opinion) it may be working secretly on a new iPhone replacing smartcards
and offering secure payment.
The target for new OpenSC developments should be smart phones. We may
discuss that in a few weeks after governance issues in OpenSC are
improved. All we need is to move forward.
Kind regards,
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
