Shawn Willden wrote:
On Wednesday 22 March 2006 19:33, Karsten Ohme wrote:
Serious card terminals (OK, it is possible to spoof the PIN, but
maybe this will change and then it is.) have a key pad to enter the
PIN. It would violate the idea behind the concept that the
untrustworthy computer never sees the PIN, only the trustworthy
card terminal. Biometric (Although this is not a serious secure way
to authenticate users in the present time.) data may also only be
entered at the card terminal. The concept should include this.
Further support for my position! :-)
I agree that card readers with integral PIN pads are much better for
security, but with that improvement, PIN caching at the application
level becomes impossible and it becomes even *more* important to have
some mechanism to allow the card authentication state to persist over
time and across applications while simultaneously preventing another
user from hijacking the card.
Indeed, serious card terminals it has got to be. GP is working towards
that, the FINREAD European spec can do it (but a suitable profile has to
be derived from the wide scope of FINREAD), and Wave Systems worked this
out at the end of the 1990s. The role of the PC has to be simplified as
much as possible, and for online transactions communication between card
and server must treat the PC as just another insecure node along the
way. But this needs a major culture change in the way we specify the
card edge and thus write the card software - the user should authorise
the card to authorise the transaction.
But signature (e.g. of emails) is still a problem - the secure terminal
may need a big enough screen to be able to view the email - and the card
(token) needs a high speed interface because it will be in charge of the
terminal screen.
Peter
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
