Anders Rundgren wrote: > > PTD = Personal Trusted Device (usually in the form of a mobile phone)
> The SIM-card (which only applies > to GSM) CDMA countries are also adopting plug-in SIMS. > > In addition there is a need to improve the security in the > entire mobile computing platform. > > Apparently a "remedy" will relatively soon come to the world > consisting of billions of (for the users) precious mobile phones: > http://www.arm.com/news/TrustZone270503 > > PTDs compared to smart cards, are likely to reduce the complexity > of integration with Windows, Linux and Mac OSes as the > "reader" is replaced by Bluetooth/WI-FI and the cryptographic > operations are high-level dittos. > > Do PTDs have usage advantages over smart cards? Absolutely. > The main "ingredient" making PTDs secure and potentially > extremely versatile, is the fact that user keys are controlled by > a trusted device containing an Internet browser, a powerful CPU, > lots of memory, a keyboard, and supporting a wide range of > connectivity options. Only one corner of the device trusted, apparently, so overall system security seems to have most of the same problems as at present. Is there any evidence of any independent security analysis of the system architecture? > This should be compared to inserting > a smart card into an unknown slot running unknown software > on a computer that the user may not be in control of. A well-known problem, being addressed by the combined efforts of the FINREAD/STIP/GP consortium. I wonder if ARM, or those who endorse its TrustZone technology, intend to work with that consortium to provide a common method for complete system security when the PTD is used as a terminal to a network. Peter _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
