"Paul A.S. Ward" wrote:
> 
> I'm not sure why no one has considered the PC banking problem to be a
> justification for secure computing.  Specifically, how does a user know
> their computer has not been tampered with when they wish to use it for
> banking access.

It is and it has been.  Just not so much in
North America, and not in sense of making
the PC secure.

In Europe, the smart card field routinely
decided that trusted devices were required
to access the smart cards.  Such devices
were created and distributed.  Smart cards
are very expensive, though, and "free"
Internet banking dampened the enthusiasm
somewhat.

When it came to Internet banking, there
was much more of an emphasis on cost control,
and a range of cheap challenge response
hardware tokens are used to authenticate
each transaction.

In both these modes, the banks used secure
computing, but they did it by providing a
secure computer other than the PC [1].

When it comes to the PC's operating system,
there is apparently no economic way to achieve
what you suggest - ensuring that it hasn't
been tampered with - so few bother to worry
about it.  If more security is desired, the
preferred method is to bypass the PC's OS
completely.


iang

[1] Note that I use the term "secure" here
in a relative sense.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to