Re: The bank fraud blame game

Tue, 03 Jul 2007 08:09:03 -0700 



[EMAIL PROTECTED] (Peter Gutmann) writes:

(The usage model is that you do the UI portion on the PC, but perform the
actual transaction on the external device, which has a two-line LCD display
for source and destination of transaction, amount, and purpose of the
transaction.  All communications enter and leave the device encrypted, with
the PC acting only as a proxy. [...]


On Sun, 1 Jul 2007, Hal Finney wrote:

In theory the TPM was supposed to allow this kind of thing. [...] 
This was one of the main goals of the TPM as I understood the concept.

Unfortunately everyone got focused on the DRM aspect and that largely
torpedoed the whole idea.



There is a big difference between a TPM providing this kind of service, 
and Peter's device. The TPM is supposed to be hard-wired into a PC -- so 
if you are using it to safe your banking applications, you can do banking 
at one single PC. On the other hand, Peter's device is portable, you can 
use it to do safe banking from your PC at home, or in the office (only 
during lunch-breaks with the employer's permission of course), or even at 
a public internet cafe. To this end, Peter's device would be much more 
useful for the customer than a TPM ever could be.



BTW, Peter, are you aware that your device looks similar to the one 
proposed in the context of the CAFE project? See

  http://citeseer.ist.psu.edu/48859.html


This has been a more ambitious project, not just supporting secure banking 
applications at an insecure host PC, but rather a digital wallet.



Nevertheless, it may be interesting to study why the project failed (or 
ended without follow-on projects). I have no quick answer to this 
question, but as much as I understand, the banks where just not interested 
in deploying such a device. I guess, it was much too expensive at that 
time. Instead, in Germany we got the "Geldkarte", a simple and very cheap 
smartcard for payment purposes with neither a display nor a keyboard. The 
"Geldkarte" has been around us for about ten years, and, as far as I can 
tell, hardly any customer is interested in using it.


So long


--
Stefan Lucks      (moved to Bauhaus-University Weimar, Germany)
                       <Stefan.Lucks(at)medien.uni-weimar.de>
------  I  love  the  taste  of  Cryptanalysis  in  the  morning!  ------


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]























					Reply via email to