Re: Dallas Semiconductor turns on Internet commerce at the touch of a button

[frantz@netcom.com (Bill Frantz)]

At 11:13 AM 10/7/96 -0400, Robert Hettinga wrote:
>Dallas Semiconductor turns on Internet commerce at the touch of
>a button; wearable computer chip generates uncrackable codes using public
>key cryptography
>----------------------------------------------------------------------
>    DALLAS--(BUSINESS WIRE)--Oct. 7, 1996--
>...
>    Unlike a loose plastic card, the iButton stays attached even
>while communicating, making misplacement less likely.  Messages or
>transactions are authorized only after the PIN is validated by the
>iButton, the same technique automatic teller machines use to
>dispense cash.

What bothers me about such schemes is this:  What happens if the insecure
machine which accepts your PIN and transfers it to the iButton then
performs a transaction which you have not authorized.  E.g. it transfers
$10 rather than $.01.  You can collect quite a bit by repeating the scam.

I have not heard of a trust protocol which does not require some form of
input and/or output on the iButton itself.  All the ones which can be used
by normal humans (e.g. do not require the user to do public key
cryptography in his/her head) require both a small display and a
approve/disapprove button.  I think the credit card calculator form factor
is attractive for this application.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA