Osman Koyuncu wrote:
Anders, I could not agree more...
Keystore, attestation (both ways) are quite important. There must be an
interest for a unified set of APIs for apps for this purpose in
Android.ving
There probably is but although Android is open (source), Google's plans
are not. As an invited expert member of TrustedComputingGroup/mobilewg
I can testify that openness is a very difficult topic :-)
Please forgive my ignorance here, where is your project today, what kind
of traction is there. Do you mind giving me a brief update....
The project has gone through major changes since I have realized that
even the traditional PC market is in need of a new scheme so I expanded it
to easier (unfortunately not the same thing as easy...) reach the critical mass.
Traction is currently missing which is kind of sad but also quite reasonable
since probably none of the "Big Guns" even have a Product Manager
working with consumer/citizen 2-factor-authentication solutions.
Well, if they have these guys must be a very shy :-)
That the US gov. is about 10 years after their EU and Asian counterparts
with such solutions for citizens has also contributed making this a no-issue
among the US-centric platform vendors. Even Africa is ahead of the US!
Project status in brief:
- Spec: BETA
- PoC container and protocol: BETA
- Missing: Android, Browser, and Hardware integration
I'm currently looking for funding and collaborators. I'm also talking to
banks since the scheme is intended to support "virtual credit cards" which
has been on the radar for ages but so far has gotten nowhere. I believe that
the historical separation between payment and authentication solutions have
been quite contra-productive, so I hope to "unite" them. A key is a key!
Anders
http://webpki.org/auth-token-4-the-cloud.html
Regards,
PC
On Wed, Oct 6, 2010 at 1:36 PM,
<[email protected]
<mailto:android-security-discuss%[email protected]>> wrote:
Today's Topic Summary
Group: http://groups.google.com/group/android-security-discuss/topics
* Is there a way for an app to constrain 3rd party usage?
<#12b82d452a61fe34_group_thread_0> [1 Update]
* Nokia: Secure HW in standard phones
<#12b82d452a61fe34_group_thread_1> [1 Update]
Topic: Is there a way for an app to constrain 3rd party usage?
<http://groups.google.com/group/android-security-discuss/t/288bc64c8ac3e436>
Jeff Enderwick <[email protected]
<mailto:[email protected]>> Oct 06 09:05AM -0700 ^
<#12b82d452a61fe34_digest_top>
Apologies in advance if this is an ignorant question.
Is there a way for an app to ensure that it exclusively gets
keyboard
input from the bundled keyboard(s)/IMEs?
Is there a way for an app to know which keyboard is in use when
receiving input in a text field?
Is there a way for an app to constrain the set of keyboard choices
(only for itself, not the system as a whole?
Thanks,
Jeff
Topic: Nokia: Secure HW in standard phones
<http://groups.google.com/group/android-security-discuss/t/7ab363673a5eefb2>
Anders Rundgren <[email protected]
<mailto:[email protected]>> Oct 06 08:49AM +0200 ^
<#12b82d452a61fe34_digest_top>
The following scheme will reportedly be a standard feature in
the next
iteration of Nokia phones.
http://www.trust.rub.de/media/trust/veroeffentlichungen/2010/07/13/KDESA2010_key_attestation.pdf
/*It is interesting noting that none of the US giants have
anything like
ObC in the pipe-line in spite of their expressed enthusiasm
for the
"Cloud"*/. Maybe the "grand plan" is that we should keep our
keys in
the Cloud as well? I wouldn't like to present that to a bank or
e-government....
--
You received this message because you are subscribed to the Google
Groups "Android Security Discussions" group.
To post to this group, send email to
[email protected]
<mailto:[email protected]>.
To unsubscribe from this group, send email to
[email protected]
<mailto:android-security-discuss%[email protected]>.
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
--
You received this message because you are subscribed to the Google
Groups "Android Security Discussions" group.
To post to this group, send email to
[email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
