|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Muscle] NIST Services
From: Scott Guthery (sguthery
mobile-mind.com)
Date: Tue Apr 12 2005 - 11:29:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anders:
NIST/PIV has nothing whatsoever to do with physical transmission or the
physicality of the platform. You can run it on a USB token, a PCMCIA
token, a harddisk, a TPM, a cell-phone or a tom-tom.
Just as you can run TCP/IP over fibre channels and pigeons (yes, there
is an Internet Draft of TCP/IP over pigeons), you can build the ISO/IEC
7816-4 command set or any of its concretizations - e-Sign, IAS, SIM,
PIV, etc. - on any platform you want and communicate with it using any
communication technology you want.
The physicality of the platform and the communication channel are
totally immaterial.
Cheers, Scott
-----Original Message-----
From: muscle-bounceslists.musclecard.com
[mailto:muscle-bounceslists.musclecard.com] On Behalf Of Anders
Rundgren
Sent: Tuesday, April 12, 2005 12:22 PM
To: MUSCLE
Subject: Re: [Muscle] NIST Services
Peter,
It is a bit complex for me to digest your message, I just wanted to
express my concern that passports and such should use a card format
while remote access stuff should be based on the best container
available. What the latter is will change over time.
The NIST/PIV solution is not making use of available technology like USB
which is going to hurt this project unless there are many other
governments that intend to buy into this scheme.
I'm quite interested in NF technology which I though believe will not
reach PCs for a while. Hopefully it will get more acceptance than
Bluetooth which still is just an option. Options suck.
I actually believe that iPod will have more impact on the creation of a
new security infrastructure than the entire security industry combined
(!), as iPod need swift interfaces to PCs as well as peer-to-peer. iPod
may though turn out to be phone some day :-)
It is really pretty weird right now. Will it get worse?
Time will tell.
Anders
----- Original Message -----
From: "Peter Williams" <home_pwmsn.com>
To: "'MUSCLE'" <musclelists.musclecard.com>
Sent: Tuesday, April 12, 2005 17:50
Subject: RE: [Muscle] NIST Services
Anders!!
I'm surprised at the generality of the claim, given your usual focus on
the
mobile phone as the universal token (an obviously appealing notion.)
Would
you not support phones with near-field transport? For peer-peer data
transport and device enumeration? This gets past the whole legacy of
7816-based half-duplex signaling, and the whole proprietary terminal
business imposed by VISA/VeraPhone etc to bias the infrastructure for
the
card issuers benefit)
We are now manufacturing some tiny low-power Near Field USB tokens
(courtesy
of Phillips), if anyone wants to pay to manufacture a dozen, to play -
as
developers. They are also mifare responsive (separate circuit), for use
in
physical access control.
If you want to talk to an early-stage NF "complete-system" supplier in
the
US (ie. go beyond playing with our NF dongles), we can direct that
contact
too. If anyone is at CT/ST in Las Vegas (US) on Wednesday, lets chat!
Obviously, a dongle is not enough for a working solution: it has to fit
with
the fixed terminal, the phone, the card/dongle/phone provisioning and
key
management system, the mifare sensors on billions of office doors, etc.
Peer-peer NF enumeration and wireless bus transport, plus end-end GP
SCP-2
security, plus OTAR and off-issuer application loading with GP DAP
controls.
Now, there we have a more realistic basis...one that incorporates the
potential of the universal bio handset (the finger-swipe enabled phone!)
We have a set of working finger-swipe dongles to play with too, if any
wants: there are different parameters and behaviors obviously, for the
different sensor and swipe device classes. They use our own off-card
match
and user enrollment software, for the bio recognition stuff. They are
being
sold now heavily in ...urr... Scandinavian banks.
Would be fun to make a device that links the three streams of work
together
- NF mobility, plus bio-swipe, plus a NF-based "match-on-peer" - where
the
phone's DSP is the peer for performing the match.
> -----Original Message-----
> From: muscle-bounceslists.musclecard.com [mailto:muscle-
> bounceslists.musclecard.com] On Behalf Of Anders Rundgren
> Sent: Tuesday, April 12, 2005 4:57 AM
> To: MUSCLE
> Subject: Re: [Muscle] NIST Services
>
> Ok, So lets get political!
>
> To mix physical access based on biometrics with remote (a.k.a.
logical)
> access
> based on "keys" is not such a terribly good idea as these uses
constrain
> each other.
lman/listinfo/muscle
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]