[EMAIL PROTECTED] wrote:
From: Ian Brown <[EMAIL PROTECTED]>
Subject: On-card displays
To: [EMAIL PROTECTED]
Date: Wed, 20 Sep 2006 07:29:13 +0100


Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-making-cards-more-secure/

So, when do we see the combined chip/fingerprint reader/display on a
payment card :) Doesn't of course address the requirement that we want
evidence (such as a signed paper receipt) that can later be adjudicated
by a court with higher evidential standards than a bank statement that
their systems work perfectly...

for a decade or so ... i've made comments that the increasingly powerful 
smartcards are obsolete because they are really pda(/cellphone) wannabes (after 
some of the gov. technology transfer legislation in the early 90s, we did some 
consulting for one of the gov. agencies on attempting to move some smartcard 
chip based technology into the commercial sector ... and we could already see 
it was rapidly becoming obsolete).

the smartcard target of portable computing device from 70s/80s required various 
kinds of iso standards because of the lack of appropriate portable input/output 
capability .... so there would be standardized, fixed input/output stations 
that could be used with the portable smartcards. that market niche for 
smartcards became obsolete with the appearance of pda/cellphone portable 
input/output capability sometime in the early to mid-90s.

possibly part of the problem was that there was significant investment in 
various kinds of smartcard technology during the 80s and 90s ... and when they 
became obsolete ... there was some amount of scurrying around attempting to 
obtain some/any return on the original investments ... even if it was only a 
few cents on the dollar.

they are now contending with various kinds of cellphone/pda payment delivery operations. there is some paradigm discontinuity tho. there is a tradition grown up where the institutions issue the card (payment, identification, etc) ... to some extent smartcard activities are attempting to capitalize on that legacy momentum.
an individual's cellphone/pda tends to break that institutional centric issuing paradigm 
... since it can involve an individual taking their cellphone/pda (that they already 
have) and registering it for various activities/transactions/identification ... aka 
another form of "something you have" authentication ... but it is possibly a 
personal device rather than an institution issued device.

so there are already various kinds of pda/cellphones with display, input 
capability ... and
some of them even have their own biometric sensing capability.

the issue with "electronic signature" is demonstration of intent ... we got 
into that when we were asked to help word-smith some of the cal state (and later federal) 
electronic signature act. various past postings mentioning issue of establishing intent
http://www.garlic.com/~lynn/subpubkey.html#signature


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to