"Paul A.S. Ward" wrote: > > I'm not sure why no one has considered the PC banking problem to be a > justification for secure computing. Specifically, how does a user know > their computer has not been tampered with when they wish to use it for > banking access.
It is and it has been. Just not so much in North America, and not in sense of making the PC secure. In Europe, the smart card field routinely decided that trusted devices were required to access the smart cards. Such devices were created and distributed. Smart cards are very expensive, though, and "free" Internet banking dampened the enthusiasm somewhat. When it came to Internet banking, there was much more of an emphasis on cost control, and a range of cheap challenge response hardware tokens are used to authenticate each transaction. In both these modes, the banks used secure computing, but they did it by providing a secure computer other than the PC [1]. When it comes to the PC's operating system, there is apparently no economic way to achieve what you suggest - ensuring that it hasn't been tampered with - so few bother to worry about it. If more security is desired, the preferred method is to bypass the PC's OS completely. iang [1] Note that I use the term "secure" here in a relative sense. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
