[EMAIL PROTECTED] (Peter Gutmann) writes: > (The usage model is that you do the UI portion on the PC, but perform the > actual transaction on the external device, which has a two-line LCD display > for source and destination of transaction, amount, and purpose of the > transaction. All communications enter and leave the device encrypted, with > the PC acting only as a proxy. Bill of materials shouldn't be more than about > $20).
In theory the TPM was supposed to allow this kind of thing. The idea was that the OS would support secure applets that could not be molested by legacy software. Only such an applet would have access to your payment information. Some specialized, perhaps customized screen would be displayed by the applet to get you to authorize the final transfer. This was one of the main goals of the TPM as I understood the concept. Unfortunately everyone got focused on the DRM aspect and that largely torpedoed the whole idea. Still we might see it eventually. Research in this direction is still going on, particularly in IBM's Integrity Measurement Architecture[1] and some of the new security extensions to the Xen virtualization software[2]. Hal Finney [1] http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html [2] http://xensource.com/files/xs0106_security_print.pdf , also http://www.hpl.hp.com/techreports/2007/HPL-2007-69.pdf --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]