On 2011-10-10 12:05, Martin Paljak wrote: > Hello, > > On Mon, Oct 10, 2011 at 12:27, Anders Rundgren > <anders.rundg...@telia.com> wrote: >> Is there any support for trusted (OS-level) PIN input in OpenSC?
> Trusted path for me means guaranteed by tamper-proof mechanisms, which > usually means separate hardware-guaranteed channel, which in turn > would mean something like TPC, which generally does not play well in > Linux world. There are (AFAICT) two variants of this: One which is tamper-proof. This is primarily intended to protect against physical attacks against the operating system etc. Although interesting from a crypto-nerd perspective, I believe a scheme that protects against Internet-scale attacks would be good-enough. Such a system should withstand trojans (misbehaving "apps") that the user have downloaded while the OS still is intact. Such a mechanism would probably only require OS-level support to work. >> Or is this supposed to be catered for by separate PIN-pads only? > I think pinpads is the best we currently have. Having signatrue > devices with dedicated display capabilities (like the SCM one with > integrated Linux and ethernet) would be nice. This is feature that 0.1% of the market will buy into. I doubt that the SCM mechanism has any use on the Internet or am I wrong here? Didn't the Spanish EID-solution plot with embedded "secret" keys in their middleware? >> I expect this feature will be standard in mobile devices. > > For "serious stuff" have a look at this trusted display: > http://www.gdc4s.com/content/8F084607-EF60-4B0F-8E4A-BC796AB7BC26/images/edgeparts_red2010.jpg That was a phone to "crave" for :-) Anders > > Martin > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
