[EMAIL PROTECTED] wrote:
From: Ian Brown <[EMAIL PROTECTED]>
Subject: On-card displays
To: [EMAIL PROTECTED]
Date: Wed, 20 Sep 2006 07:29:13 +0100
Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
So, when do we see the combined chip/fingerprint reader/display on a
payment card :) Doesn't of course address the requirement that we want
evidence (such as a signed paper receipt) that can later be adjudicated
by a court with higher evidential standards than a bank statement that
their systems work perfectly...
for a decade or so ... i've made comments that the increasingly powerful
smartcards are obsolete because they are really pda(/cellphone) wannabes (after
some of the gov. technology transfer legislation in the early 90s, we did some
consulting for one of the gov. agencies on attempting to move some smartcard
chip based technology into the commercial sector ... and we could already see
it was rapidly becoming obsolete).
the smartcard target of portable computing device from 70s/80s required various
kinds of iso standards because of the lack of appropriate portable input/output
capability .... so there would be standardized, fixed input/output stations
that could be used with the portable smartcards. that market niche for
smartcards became obsolete with the appearance of pda/cellphone portable
input/output capability sometime in the early to mid-90s.
possibly part of the problem was that there was significant investment in
various kinds of smartcard technology during the 80s and 90s ... and when they
became obsolete ... there was some amount of scurrying around attempting to
obtain some/any return on the original investments ... even if it was only a
few cents on the dollar.
they are now contending with various kinds of cellphone/pda payment delivery operations.
there is some paradigm discontinuity tho. there is a tradition grown up where the institutions issue the card (payment, identification, etc) ... to some extent smartcard activities are attempting to capitalize on that legacy momentum.
an individual's cellphone/pda tends to break that institutional centric issuing paradigm
... since it can involve an individual taking their cellphone/pda (that they already
have) and registering it for various activities/transactions/identification ... aka
another form of "something you have" authentication ... but it is possibly a
personal device rather than an institution issued device.
so there are already various kinds of pda/cellphones with display, input
capability ... and
some of them even have their own biometric sensing capability.
the issue with "electronic signature" is demonstration of intent ... we got
into that when we were asked to help word-smith some of the cal state (and later federal)
electronic signature act. various past postings mentioning issue of establishing intent
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]