On Friday, March 19, 2004, at 10:19PM, Joseph Smith <[EMAIL PROTECTED]> wrote:
><<Trusting a card reader always means your're expecting the card reader to >be tamper proof.>>> >What you are describing is already out there. You have described a mechanism >to validate the card, to the reader. It's known as a Card Authentication >Method. SCM has readers for contact or contactless to do a CAM. You can even >insert your own Java Card ICC in the reader. This is a plus because you can >program the embedded chip the way you want it. When a card is inserted it >can perform an authentication upon it. Also it can recieve input from >middleware encrypt it and send it >down to the card. But I want an input API for javacard. That's what's missing. >As far as CLC, are you sure this isn't covered in JSR 177 ? No it isn't. JSR-177 (for not adequately analysed reasons) defines all the javacard.*Exception classes. I'm not sure what the idea is, but it's not intended as an environment to run unmodified JavaCard application. ><<A DEFANGED_biometric DEFANGED_sensor DEFANGED_on DEFANGED_the DEFANGED_card >DEFANGED_is DEFANGED_not DEFANGED_in DEFANGED_the DEFANGED_range DEFANGED_of >DEFANGED_this DEFANGED_specification >as I don't know anything about Biometric sensors for smart cards. But it >could be added, of course. >> >There are cards that actually have a bio sensor on it and performs the match >on the ICC. I believe Atmel makes a chip for this. > ><<The secure input device should be on the token you're carrying with you.>> >A PIN pad ? >What if I require an alpha numeric PIN ? >A input device I need to plug in everywhere I go ? And remove everytime I go >somewhere else ? If the token is a USB stick you could have a combination lock just like a combination lock on a bike's lock: It could be part of the token. >If not a PIN Pad, this would be something else I have to carry ? >If PIN Pad, must meet ISO7816 card dimensions. >If PIN Pad, how can I see the values I'm entering ? ie, where's my >"********" display ? > >Wave Systems has a keyboard with an embedded chip that encrypts keystrokes. >This adds a layer of security to any desktop application. > >Starting a JSR on this might be difficult because it requires hardware >modifications not just software APIs. As you know, hardware is difficult to >manage in Java without a native interface. Even Java Cards call the card >native OS !. Yes. If the specification includes an input device the implementor of this optional sepcification need to implement it by native code. Bernhard --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
