Well, Ill make an offer - seeing as we are a classical open source group: giving software and knowhow away for free in order to make markets, and get commercial revenue from related services.
For developer use (and in certain US markets) I can distribute a new USB musclecard, our group at ventavia inc designed and prototyped for a client with special needs not addressed by your usual VeriSign etc 2 factor USB token. Out new device, now in manufacturing, looks like a memory stick, and has a professional case, light pipe, etc. It has two ports, one at each end - USB (for Ludovic's CCID) and 100kbps serial (at TTL line levels). The serial port has an (old-fashioned) BASIC responder listening on the line, some of whose commands can direct IN and OUT messages from/to the javacard. Other commands signal other less well-known security chips on other boards. This practice allows embedded system with a TTL GPIO outputs (e.g. another javacard chip with GPIO intended to drive a led ) to easily signal the muscle applet on the board. The idea here is that your average master controller (in a military ammunition lockbox, for example) REQUIRES NO smartcard-specific standards KNOWHOW, whatsoever: just send a few command bytes, with end-end crypto for sync.). So what say we to forming a technology showcase experiment. Ill attempt to put the PIV applets on this device, and someone else finds a banking tradeshow, govt/industry forum meeting (*), etc. in which we show off the muscle technology **set** - to whoever's present (a) Ludovic's CCID talking on a PC to (b) Dave's musclecard API to a ICC in memory stick format (c)which can be inserted into almost any industrial electronics environment (d) which can talk to the PIV applet, as an alternative to the muscle applet. Can even add the bio device support, if one wanted. Hopefully there is a build of the PIV applets that creates a small load file; I already have a muscle applet build that's stripped of features for low-end javacards - but code space is tight on these super cheap chips. Peter. (*) I thinking of something like the old NIST FPKI meetings where we all mixed profile making with opportunities for 1 vendor each month to present pre-competitive details on a widget's design, addressing the specific initiative. This kept NIST's prfiling efforts close to actual available OPEN technology. (In the DMS POC and IOC phases, DISA used to organize similar informal events for folks doing Fortezza value-add, at the Washington Navy Yard. I'm sure there are modern equivalents.) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:muscle- > [EMAIL PROTECTED] On Behalf Of Scott Guthery > Sent: Thursday, June 30, 2005 12:21 PM > To: MUSCLE > Subject: [Muscle] NIST FIPS-201 PIV Reference Implementation > > > Dave Corcoran has indicated that discussion of the NIST FIPS-201 PIV > Reference Implementation is an appropriate topic for this, the MUSCLE, > distribution list. > > There is in the reference implementation distribution a Word document > called "Updates to SP-800-73 - June-25-2005", that contains some > questions the answers to which would provide additional technical detail > to and udpated SP 800-73. Some of these questions are in fact questions > about interpretations of ISO/IEC 7816-4. > > I'd greatly appreciate hearing your opinion as to the answers to any or > all of these questions. > > Cheers, Scott > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
