Anders: Make battery life 5 years. Give the SIMs 16 MB and 4096-bit private keys with sub-second signing. Provide secure PIN entry, a root certificate and touch screens in every handset.
There is only one interesting question: "Who do I sue when it doesn't work?" Telia? Schlumberger? Nokia? Ericsson? You? It's not about technology. It's about accepting liability. Banks do it. Telcoms don't. End of story. Cheers, Scott ============================== The Swedish branch of Nordea is planning to combine bank cards with electronic identity. Putting an electronic ID in a bank card -------------------------------------------- To put an electronic ID (usually in the form of PKI) in a [smart] bank card has been mentioned quite often by bank-people as a great idea. The author of this letter is largely unconvinced of the merits of such a system. Below are some reasons for this. 1. An account is a shareable resource, while a personal ID is not, which makes such a "resource mix" principally rather dubious. 2. Having an on-line world and assuming that the user can be sufficiently authenticated, the distribution of static account resources like EMV becomes completely redundant. 3D Secure (et. al.) shows the way forward not only for payments but for many other usages. 3. Putting an ID in a mobile phone having extensive local and remote communication facilities eliminates the need for card readers completely, as well as supporting numerous usage scenarios that physical bank cards will never be able to do. A question arises; will this third thing ever happen? Progress has indeed been very limited. Due to things like battery capacity improvements, crypto hardware improvements, and deprecation of the operators' SIM-based solutions we should expect some major action in this area the coming 18-36 months. In addition, Microsoft's entrance in the mobile phone market, will also put pressure on the other players as Microsoft in their next update claims to have about the same PKI support in their two phone OSes, as has been available in Windows for years. Sincerely Anders Rundgren Project leader for one such mobile phone-based PKI project, occasionally referred to as "the smart card killer". +46 70 - 627 74 37 --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
