|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] CardEdge specification ComputeCrypt
From: Peter Tomlinson (pwt
iosis.co.uk)
Date: Mon Apr 25 2005 - 01:17:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Karsten Ohme wrote:
>
> The hash values could be generated at the PC and then only
> this result had to be padded and encrypted, but if the aim is to have a
> trustworthy signature this should be done by the card (the the problem
> is to get trustworthy clear text from the PC).
>
The problem is indeed to get trustworthy text from the PC, and that is
troubling lawyers in the UK. One legal working party, without technical
knowledge, developed the concept of a trusted word processor - that
could be realised with a particular profile developed from the FINREAD
spec (which GP is now involved in, and which has been accepted by ISO
WG4 as a New Work Item for standardisation [1]) and trusted word
processing software. However, there is also increasing interest in
secure end-to-end methodology, which could result in a configuration
where the trusted word processor runs on a central server with several
thin client workstations, the text is streamed securely down to the
secure token held by the person operating the workstation, and that
token signs the entire document with his/her signature on behalf of
his/her organisation.
Peter
[1] Unfortunately, because of its origination in the banking world,
FINREAD mandates EMV compliance. However the Wave group in the USA
independently developed the concept, and Giesecke and Devrient have
recently announced an alliance with the Wave group.
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]