>verification takes place (I paraphrase).
The cost of circuit switched crypto vs end-end message switched crypto went on for years : complete impasse between (UK-backed) NATO theory and US military infrastructure practice.
15 years LATER, only one of the infrastrucures exists, in practice.
GSM did show that circuit switched crypto has value, to support roaming, national policy and intercept points, etc. But even Sonera could not apply it to value-added business problems that drive smartcard adoption. Folks just layered end-end SSL over the GSM bearer, using a 1024bit sledgehammer to solve all the issues, in one thump.
> >David Corcoran: > > > One of my big concerns on the emergence of contactless is that we are > > > sort of starting over from a protocol perspective. > > > Contact card readers are just now finally getting to the point where > > > interfaces are standardized and a > > > reader will work with lots of different cards without problems. As > > > contactless emerges, I'm almost positive there > > > will be similar issues with certain readers not working well with > > > certain cards like we had with the contact cards > > > a few years ago. Hopefully it won't take long before vendor A-Z's > > > contactless cards will work with vendor B's contactless > > > reader. Contactless works well now because the contactless provider > > > provides the card and reader in most cases or has > > > strategic relationships with another vendor that provides the reader. > > > As this technology broadens, we may open ourselves up > > > to problems we had with contact based cards a few years ago. > >ICAO is just learning about card to reader interoperability problems >(Australia and Montreal are doing the work). ISO/IEC 14443 is not of good >quality, and I don't think any serious electronic engineer was involved in >its development - perhaps no-one has ever done the end to end gain >calculations on the RF (air) interface. Its a 'near field' RF situation, >with the magnetic field dominating, so card to terminal is a loose coupled >transformer. The difficulties (and here I have been advised by a retired >electronics engineeer, but, as he is retired, he says he's not going to do >the tricky maths) are that the coil in the card is usually tuned (with a big >spread from card to card) to a few MHz above the 13.56MHz carrier frequency, >the coil in the reader is tuned to the carrier frequency (or just a bit off, >which raises red flags), and 14443 says nothing about the parameters of >either of these coils or of the receiver circuitry at each end. 14443 also >probably doesn't say enough about the transmitter circuitry in the card. >ISO/IEC SC17 WG8 has before it a work item to develop the spec of a >reference card reader (probaly DSP based, so that it can provide diagnostic >information), which can then be put out by WG1. This week there has been a >WG1 meeting, and I hope to hear soon if there has been progress - I doubt >it. > >Anders Rundgren wrote: > > > > > >> http://www1.chinadaily.com.cn/en/doc/2003-10/15/content_272271.htm > > >> > > >> But I believe a "Wireless Citizen Card" is much more > > >> interesting long-term because if you are "identified" > > >> you can "be" all the other things you need to be like > > >> paying using 3D Secure which do not require a local > > >> credit card (as it resides on secure servers). > > >> > > >> So far it looks like the EU will lose the initiative as > > >> we have no dominant software vendors and other > > >> important parties seem unable to go outside of their > > >> own core business. > > >> > > >> I say it one more time: The smart ID card is dead and gone. > > >> It is beyond repair. > > >> > > >> It is like X.500 versus the Web. > > >> Or OSI versus TCP/IP. > > >> Or BetaMax versus VHS. > > >> > > >> I saw it happen in "slow-motion"... > > >> > >Is it necessary to do the same thing everywhere for every purpose? Currently >countries issue travel documents (passports for those going out, visas for >those coming in), and some of them issue separate national ID cards. Anders >has for some time been saying we should use mobile devices, but countries >are wedded to having something that has visible manifestations of it >carrying your ID information. Countries need to learn how to add chips to >their travel documents and get the infrastructure running, and then they can >go on to 2nd generation devices (mobile devices, but you will still carry >your paper passport on many cross border journeys), > >But we HAVE lost the initiative in the western hemisphere, because Japan has >started to roll out their citizen service cards using slightly non-standard >Type B 14443 cards and large memory chips (up to 1 Mbyte, I think). Their >problem is that the chips use a bit too much power (worst case tolerancing, >of course). But when the transaction time is long (>300 msec), the card >really needs to be put in a tray or slot, so there isn't a real problem. > >Put the chip in a housing with power (e.g. a mobile device) and the power >problem goes away. But then we should look at a different interface (e.g. >the Philips near-field peer to peer interface where both sides have power, >doubling up with 14443 functions when only a base station (reader) has >power). > >A last note in something rather long: high performance chips for contact >smart cards now have a USB interface and large memories - they will run off >into Anders' nirvana but with wires attaching them to the host PC (or they >will be embedded in the PDA). Of course, they can be packaged as plug-in USB >tokens as well as in ID-1 fomat. > >Anders: get yourself to CardTechSecurTech (Washington, end April) and tell >us where we can find you. > >Peter > > >_______________________________________________ >Muscle mailing list >[EMAIL PROTECTED] >http://lists.musclecard.com/mailman/listinfo/muscle
Fast. Reliable. Get MSN 9 Dial-up - 3 months for the price of 1! (Limited-time Offer) _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
