Amir Herzberg wrote:
Nicely put, but I think not quite fair. From friends in financial and
other companies in the states and otherwise, I hear that Trojans are
very common there as well. In fact, based on my biased judgement and
limited exposure, my impression is that security practice is much
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
Erwann ABALEA wrote:
I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice Mr Smith (or Mme Michu) to buy an
expensive CC
Bill Stewart wrote:
Yup. It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you
fields reaches new peak; 1st
time enrollment of foreign students drops
http://www.nsf.gov/sbe/srs/infbrief/nsf04326/start.htm
--
Anne Lynn Wheelerhttp://www.garlic.com/~lynn/
I arrived at that decision over four years ago ... TCPA possibly didn't
decide on it until two years ago. In the assurance session in the TCPA
track at spring 2001 intel developer's conference I claimed my chip was
much more KISS, more secure, and could reasonably meet the TCPA
requirements at
actually it is possible to build chips that generate keys as part of
manufactoring power-on/test (while still in the wafer, and the private key
never, ever exists outside of the chip) ... and be at effectively the same
trust level as any other part of the chip (i.e. hard instruction ROM).
using
security modules are also inside the swipe pin-entry boxes that you see
at check-out counters.
effectively both smartcards and dongles are forms of hardware tokens
the issue would be whether a smartcard form factor might be utilized in a
copy protection scheme similar to TCPA paradigm
this is in reference to
the
use of public key certificates to secure ecommerce web sites. Every one
of
those https connections is secured by an X.509 certificate infrastructure.
That's PKI.
Opinion is divided on the subject -- Captain Rum, Blackadder, Potato.
The use with SSL is what Anne|Lynn Wheeler refer