[EMAIL PROTECTED] (Peter Gutmann) writes:
(The usage model is that you do the UI portion on the PC, but perform the
actual transaction on the external device, which has a two-line LCD display
for source and destination of transaction, amount, and purpose of the
transaction.  All communications enter and leave the device encrypted, with
the PC acting only as a proxy. [...]

On Sun, 1 Jul 2007, Hal Finney wrote:
In theory the TPM was supposed to allow this kind of thing. [...] This was one of the main goals of the TPM as I understood the concept.
Unfortunately everyone got focused on the DRM aspect and that largely
torpedoed the whole idea.

There is a big difference between a TPM providing this kind of service, and Peter's device. The TPM is supposed to be hard-wired into a PC -- so if you are using it to safe your banking applications, you can do banking at one single PC. On the other hand, Peter's device is portable, you can use it to do safe banking from your PC at home, or in the office (only during lunch-breaks with the employer's permission of course), or even at a public internet cafe. To this end, Peter's device would be much more useful for the customer than a TPM ever could be.

BTW, Peter, are you aware that your device looks similar to the one proposed in the context of the CAFE project? See

This has been a more ambitious project, not just supporting secure banking applications at an insecure host PC, but rather a digital wallet.

Nevertheless, it may be interesting to study why the project failed (or ended without follow-on projects). I have no quick answer to this question, but as much as I understand, the banks where just not interested in deploying such a device. I guess, it was much too expensive at that time. Instead, in Germany we got the "Geldkarte", a simple and very cheap smartcard for payment purposes with neither a display nor a keyboard. The "Geldkarte" has been around us for about ten years, and, as far as I can tell, hardly any customer is interested in using it.

So long

Stefan Lucks      (moved to Bauhaus-University Weimar, Germany)
------  I  love  the  taste  of  Cryptanalysis  in  the  morning!  ------

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to