Marc Petit-Huguenin: How did you get one bought (cant find any buy option, and It would be good if you could point me to a webstore that sells those secure MicroSD cards) and how much do they cost?
Nikolay: In this case, the security is about singulary. The key should be copy protected, but it does not need to be use-protected because I want to be sure, that if I leave the phone on a table, go on toilet, come back and take it back, I can be sure that nobody has access to my key, even if they impersonated me in that little brief amount of time that I was on toilet for example. Having the key stored in "software" (eg software token or in standard phone memory), the key is no longer secure, since if I leave my phone out of sight even for a brief amount of time, its possible that somebody just copied my key. If I store the key in software, I would need to have 100 % of sight of the phone all the times, else the key could be regarded as "compromised". In other words, if I have the phone in my hand, I should be *absolutely* confident in that nobody can authenticate as me. Another example, I lend my device to my friend for the purpose that my friend can log in to my account for a brief time. When I then get the device back from my friend, I want to be sure that my friend doesn't have a copy of my private key and can log in as me, in case we stop being friends and sabotage for me. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
