No Subject

[<00043.an@edtec.com>]

Microsoft has been involved for some time with smart-card keyboard readers,
and I think some of my cohorts have seen the prototypes (I have not).
I figure strong authentication will become part of the the platform within
somewhere 
between 6 and 18 months.  With Intel putting crypto on the main board / CPU,
this poses very important issues --- it does not give me a warm fuzzy feeling.


Tim May writes:
> Could hardware-based chips be coming? At a recent meeting, John Markoff
> asked me if I'd heard anything about Intel's rumored contract to buy 20
> million (yes, 20 _million_) keyboards with crypto features built in. I had
> not heard this rumor.
> 
> (Since then, though, there have been rumblings that Intel is preparing to
> offer such keyboards, possibly with "user authentication" features (don't
> know what kind). This might, speculating here, be linked with  the Intel-HP
> (and maybe Verifone, which HP is buying?) key recovery work. Conceivably, a
> plan to sell a large user base (20 million?) on a hardware/keyboard-based
> "secure commerce" solution.)

I haven't heard anything about this rumor.  However, if you look at
the new USB chips being built by Cypress et al, it's not hard to
imagine keyboards with ISO smart card readers built in.  The USB chips
contain a simple RISC core, lots of I/O pins and something like 4-8KB
of FLASH or OTP memory.  The incremental cost is a slot with 6
contacts for the smart card.  Unlike PCMCIA, the ISO smart cards are
cheap to build and easy to interface to.  Schmlumberger is currently
promoting it's "CryptoFlex" card which can do 1024-bit RSA sigs as
well as triple-DES.  I believe that it can do a 1024-bit sig in
something like 20 ms.

Eric