Scott, What about such a processor included on every motherboard? Wouldn't that make it a bit different in the implementation model?
Microsoft is considering promoting it through the TCPA (http://www.trustedpc.org) and http://research.microsoft.com/crypto/ (last one under "Project"). I know it seems like a wild stretch, but I think it is being heavily considered by everyone if this holds true: http://yuan.ecom.cmu.edu/trust/cd/ Perhaps I'm not the swiftest arrow in the quiver, but if there were a unhackable vault built into the PC, keyboards, readers, then the portability issue that you spoke of might not be such a big deal? Of course this would require a ubiquitous solution. National Semiconductor seems to embrace it as of this week: http://www.national.com/news/item/0,1735,733,00.html the specs: http://www.national.com/pf/PC/PC21100.html I see this as a complimentary technology for SCs, particularly in N. America. The SC can become a critical component of a trusted PC. This study released on the unfortunately day of 11Sept01 seems to indicate this: "Hart Poll Finds 72 percent of PC Owners Would Purchase a More Secure Computer If Available" http://www.itsecurity.com/tecsnews/sep2001/sep149.htm Best Regards, jb -----Original Message----- From: Scott Guthery [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 8:07 AM To: 'Jason Barkeloo '; '[EMAIL PROTECTED] ' Subject: An Alternative Look at the FinRead Reader 1) Replacing one $10 portable card many $100 stationary readers is not a compelling offer for either cardholders or smart card application developers. 2) The approach assumes that there is a FinRead reader wherever you want to use your card AND that it has been loaded with the applet that goes with your card. 3) And who holds the keys for the FinRead reader? The keys that say what applets get loaded and therefore what cards can be used with the reader. Neither the cardholder nor the application provider. It's the bank. 4) And who does the smart card application programmer have to go to to roll out their new application? They have to ask permission of and pay fees to the holder of the keys to the FinRead reader. Again the bank. The bank's FinRead offer to cardholders is as follows: "You pay me $100 for each computer on which you want to use your card and give me control of which card applications you can use. In return, I will let you use my banking application ... for which I will charge you another fee." The bank's FinRead offer to smart card application providers is as follows: "You pay me an installation fee for each card you issue and pay me a transaction fee for every time your card is used. In return, I will allow your customers to use the reader they purchased from me with your cards." The reason we have this problem is because card manufacturers only pay lip service to smart card standards. Why do we think they will behave any different when they manufacture FinRead readers? Just having a specification on paper is meaningless unless there is incentive to abide by it. There is no more incentive to manufacture standard compliant readers than there is to manufacturer compliant smart cards. Even if the FinRead readers were all electrically and physically inter-operable, the keys that they contain will not be. An applet approved by CitiBank will not be able to be loaded into a FinRead reader controlled by NatWest. FinRead in essence not only institutionalizes incompatibility, it monetizes it. The cardholder and the smart card application provider will actually have to pay a fee for the privilege of using a non-interoperable system. The alternative of course is to have a FinRead reader connected to your computer for each smart card application you want to use. I must admit it's a brilliant business plan on the bank's part. Get the customer to pay to reduce the bank's risk and at the same time take control of who the customer does business with. Only a clueless fool would connect a FinRead reader to their computer or PDA. IMHO as always. Cheers, Scott -----Original Message----- From: Jason Barkeloo To: [EMAIL PROTECTED] Sent: 3/1/02 6:50 AM Subject: RE: [OCF] Smart card application Anne, You might want to check out what the French Banks are doing through Cartes Bancaires with the new FinRead (Financial Reader) specifications being promoted by the EU/EC. The specs are at: http://www.finread.com. Multiple applets are embedded in the reader, keyboard, or motherboard on a co-processor. In this way, no matter what card is used it can be read and accepted. It basically brings ATM functionality to the PC, PDA, Mobile phone, STB, NIC, etc., anywhere the co-processor resides. This approach will bring down the price of the SCs, a rather large impediment to deployment in North America. It also brings interoperability, which is grossly lacking today (one-to-one relationship between the reader and the card). Imagine a consumer needing to plug in a different reader each time he/she wants to use a different card. For example, say you have two different cards - a Visa and MasterCard. You want to make a purchase using the Visa card. The reader plugged in is the one with your MasterCard. Now you must unplug the MasterCard reader and plug in the Visa reader. The wrinkle? Both readers are the same model number from the same vendor! No interoperability. With FinRead, it is one reader for any card. The match occurs within the embedded co-processor. For each card there is an applet, not a separate reader. This is the ATM functionality. I might add that if the PC OEMs deploy this solution, the movement of movies, music, and other digital contents can be secured. Imagine an applet in the co-processor that "meters" the movement of digital content like a utility. The artist gets paid, the PC OEM gets a micropayment for facilitating the transaction, and card issuer still gets its micropayment too. Regards, jb -----Original Message----- From: GHOSHAL,Biswajit [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 11:42 PM To: [EMAIL PROTECTED] Subject: RE: [OCF] Smart card application Hi Anne, Whatever said and done, till now smart-cards are yet to become "smart" (i.e. - use a single card to access various kind of applications). Card vendors, in collaboration with financial institutes in different countries are implementing single-application smart-cards only. Some intellegent people are developing web-apps that can interact with smart-cards. But I don't know of any implementation where using a single-card one can interact with different kind of applications...if anyone else in this mailing-list know of such implementation - please let others know... Best Regards, Biswajit > -----Original Message----- > From: Anne Kwong [SMTP:[EMAIL PROTECTED]] > Sent: Friday, March 01, 2002 12:55 AM > To: [EMAIL PROTECTED] > Subject: [OCF] Smart card application > > Hello. > > Could anyone let me know if there are any websites or books out there that > talks about how people use smartcard today and what kind of application > people are developing? > > Thanks for any info that you can provide. > > Anne > > > --- > > Visit the OpenCard web site at http://www.opencard.org/ for more > > information on OpenCard---binaries, source code, documents. > > This list is being archived at http://www.opencard.org/archive/opencard/ > > ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email > ! to > ! [EMAIL PROTECTED] > ! containing the word > ! unsubscribe > ! in the body. --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body. --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body. --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
