Seeing as we can discuss PIV applet issues on muscle, I'll comment on a recent though process, based on investigating a new breed of (prototype) card concept.
I got my hands on a prototype COS designed for a 5 function ID-1 smartcard - intended to conform to FIPS 201. The card (1) bears picture for visual id (2) swipe stripe for US visa/mastercard terminals (3) 7816-1 card module with javacard PIV applets + others (4) HID-compliant loop for classical card access control at office doors (5) 10-char flexi-polymer display that updates its one-time password field (at either press, or each 60s).
Whats interesting abotu the COS, and the chip's TCB that underlies the COS, concerns the evolution of the concept of a 7816-1 module. The always-on COS has to resist laser-induced interference - i.e. recognize when its code or idata space has been attacked, and react to the integrity violation consistent with Mastercard testing rules. The chip TCP (and electronics) also now has to also allow the applet (via the COS) to DRIVE TTL io, e.g. the OTP polymer display, unlike a traditional passive 7816- module, and applet concepts that assume applets are merely sandboxed servers.
While I was initially somewhat worried by the politics of PIV, and FIPS 201, it interesting to see that its driving considerable technological advancement (a good thing, surely!) - to meet the practical requirements of a card that becomes a _multi-function_, national id card (that can also solve local problems, like office door access!).
The trends in smartcards are no longer questions of: shall processor cards evolve from memory cards, shall java applet/midlet security models replace an SLE 4442's security model? We are now at the point of understanding that the cards is now an always-on device, that can drives periperhals, with no host interaction! Classically, it can always act as a 7816-3 device of course, to accomplish host-related goals such as PKI, pin login, key management silos, security association control policies, secure storage TPM controls, etc.
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
