IBM Smart Card OS On A 1MB Smart Card

michaelpapet.com writes "IBM has ported/developed their Javacard smart card operating system for Sharp's 1MB smart card. Read Sharp's announcement here. Interesting features include: AES encryption; elliptical curve encryption; and 1MB of storage. Sharp's smart card package claims to be almost as small as a normal smart card package. In an industry that can considers 64K of memory a luxury, 1MB is staggering. Read Sharp's original 1MB smart card announcement here. Is this a 'Build it and they will come...' kind of solution? How small is an 'almost as small' smart card IC package?"

Please don't do it

[Stevyn]

No "640k is all you'll ever need" jokes, please!

Re:Please don't do it

[simcop2387]

ok how about this?

64k should be enough for anyone!

there i didn't make a 640k is all you'll ever need joke... oh wait does that count?

OS

[GuineaPigMan]

I have to ask... if it runs Java,
Can it run Linux?

Re:OS

[Melibeus]

As soon as I finish porting the kernel to java...

Re:OS

[44BSD]

Dunno if it can run Linux, but I've seen NetBSD running handily on a 512K Mac ;^). Could be a
little zany without an MMU, of course...

Re:OS

[WhiteDeath]

actually, linux runs just fine without an MMU - see uclinux

There doesn't seem to be a 2.6 version (only 2.4), but then I'm not sure if 2.6 hasn't had uclinux merged in. (a quick look at the config says no)

Re:OS

[Trejkaz]

It might be able to run something like uCLinux. I wonder...

Re:OS

[Trejkaz]

Dude. That would be awesome!

Then I could run Linux on Java on Linux on Java on Linux on Java on Linux on Java on Linux on Java ...

Re:OS

What the hell is wrong with you people?

George Bush and his Diebold cronies are in the process of blatantly stealing the most important election in a century, and you people can only talk about smart cards?

Get some priorities for fuck's sake!

Re:OS

[Chundra]

... on parrot, on windows. ;)

Re:OS

[mmkkbb]

with a 400k floppy or an 800k floppy? if it's 400k, then that's still under 1MB!

Re:OS

[XMyth]

Uhh...isn't 800k under 1MB?

Hehe

Re:OS

[lachlan76]

Add the 512k of RAM, remember.

Storage space

Interesting features include: AES encryption; elliptical curve encryption; and 1MB of storage.

Wow, 1MB of storage available on 1MB media, so that's like 0MB for the OS?

Also, why not start with a larger media? most digital cameras start at at least 16 MB. Something more than 1MB doesn't seem too unreasonable.

Re:Storage space

[AndroidCat]

Think of as a 1M hard drive. The card also has a dinky 8K RAM and 8K ROM. (Note that the press release for the card is a year old.)

Re:Storage space

Also, why not start with a larger media? most digital cameras start at at least 16 MB. Something more than 1MB doesn't seem too unreasonable.

Read the JavaCard spec.

Re:Storage space

For those not sure what a smart card is, it's sometimes used on credit cards, the tiny chip next to the last 4 digit number. Now you know why 1MB and the tiny OS is a big deal!

Re:Storage space

[John+Harrison]

I work for IBM with smart cards. My team directect Sharp the the JCOP (Java Card Open Platform) operating system over a year ago. The 1MB is rewritable storage. The OS is stored in ROM. It is a simplified version of Java (the JavaCard standard) that requires very little in the way of resources.

Functionality is added to the card by securely loading JavaCard applets to the 1MB of storage. More info on JCOP can be found here.

Re:Storage space

[slinky259]

Slashdot's a year late? Come on now...

Heck, a lot of the stuff that gets posted here I've already heard of... but a year late? We can all do better...

Re:Storage space

[Lumpy]

OK I bneed to ask you then.

WHY are there no apps for smartcards out there then?
I want to store basic important information on one. is there an app I can use? no.

Is ther anything shoret of the overpriced enterprise 60,000 user license stuff available? no.

smartcards are 100% useless to 90% of the planet.

so WHY is there no consumer apps available for these things??

I want to protect my passwords and other information.

it seems that you guys do not want me to do this.

at least in windows..... the funny part is that under linux I CAN do all these things.

why is that?

Re:Storage space

[John+Harrison]

Lumpy, For one thing, the smart card itself has no concept of Windows or Linux. All it knows about are the APDUs that are coming and going. I don't know why there are no consumer apps. There certainly are in Europe. You can store your browser bookmarks on your bankcard and things like that. I am not sure what sort of "basic information" you want to store. Most vendors concentrate on healthcare, banking, and finance rather than the hobbist market. If you want a password manager ActivCard makes a very capable one. IBM had one in the past but I believe that it has been discontinued. Another reason there are no consumer apps is lack of standards. Until recently most smart cards were very proprietary. Software was written for a specific card platform, burned into the mask, and would not work with other cards. With the advent of JavaCard some of these problems are going away. However that brings us to a new problem of card management. Who owns your smartcard? You might think that you do, but unless you have the keys needed to load new applets, then from the smartcard's point of view you are not in charge. Because of security functionality you can't just sit down, write a Java applet to store your passwords, and load it to your Visa card. This is a good thing, because Visa wants to know that the applets on the card came from them and are legit. However it reduces the hobbyist market substantially, doesn't it?

Re:Storage space

However that brings us to a new problem of card management. Who owns your smartcard? You might think that you do, but unless you have the keys needed to load new applets, then from the smartcard's point of view you are not in charge.

I don't think that's a big deal. You can buy cards cheaply enough (e.g. a 5-pack of Cyberflex 32K cards is US $110). The bigger problem is loading applets without an SDK, as those cost hundreds of dollars.

Re:Storage space

So this doesn't work with an existing OS then? It's something a user would boot off? If it *does* work with an existing OS how could the user interact with it in a manor which protects it from issues of security in regard to the host OS (how could a clear seperation be maintained yet access be restricted to the card)

Re:Storage space

[lachlan76]

So make an ASIC that calculates MD5, burn an EPROM with the MD5 of the binaries, and use the ASIC to verify the integrity.

Re:Storage space

[John+Harrison]

I am pretty sure that there are free SDKs out there. IBM's costs about $50 last time I checked. It is integrated with Eclipse and is the best kit out there. It comes with three sample cards (JCOP10, 20 and 31). Cards are pretty cheap. Much less expensive that $20 each.

Re:Storage space

[John+Harrison]

Um, you don't know the first thing about how applets are loaded to smart cards, do you?

Having written an applet loader I can tell you that it has nothing to do with what you are describing.

Re:Storage space

[John+Harrison]

What are you talking about? JCOP is the OS.

Re:Storage space

[lachlan76]

Ok, no, I don't know how applets are loaded. What I meant was to have an instruction built into the chip which verifies the integrity of the flash memory based on a hash on write-once media.

Re:Storage space

[cheez_ball]

Can you get DirectTV with one?

Re:Storage space

[John+Harrison]

no, different card. Sorry.

Re:Storage space

[John+Harrison]

For large volume applications the applications are already coded into ROM. You can go read the Open Platform/Global Platform spec at GlobalPlatform.org and see how applets are loaded and verified. You have to be able to derive the correct 3DES key to even talk to the card manager and then you need another key to sign all the APDUs. Finally there is optional integrity checking.

Re:Storage space

[CaycePollard]

"Because of security functionality you can't just sit down, write a Java applet to store your passwords, and load it to your Visa card. "

Why not? If Global Platform worked as advertised, and if the JVM really is as secure as Multos, then what woud the bank care if you had some game high score, web passwords or personal data applet on your Visa card? Surely it would be a good way to cut churn: you wouldn't want to switch Visa cards if you had to re-enter all of your web passwords.

Re:Storage space

[John+Harrison]

If the bank loaded the applet (it could be a general purpose filesystem with little or no security) then they wouldn't care. What they don't want at this point is a hobbyist writing their own applet and loading it themselves. If you don't have the card manager keys you can't load/delete/lock/instatiate applets.

Re:Storage space

[Fat+Boy+unslim]

Have a look at the muscle project - although originally aimed towards linux there is also stuff for windows. They provide an opensource card applet that can be used e.g. to hold certificates that can be used with Netscape.

http://www.linuxnet.com/smartcard/index.html

cheers

Re:Storage space

[lachlan76]

But I was posting about cards that could also be used for hobbyist applications.

Re:Storage space

[John+Harrison]

Regardless of the application, you need to have the keys. If you buy cards with the Visa test keys (usually only used for development and demos) then it would be pretty easy. I am not aware of any vendors that will arrange for secure unique key generation in small volumes, but I am sure that if you offered them enough money you could get some. If it is just for hobby applications then the keys might not matter and you could use the test keys. Still you need the tools to write, test, and load applets. You can get them from IBM here.

Re:Storage space

[lachlan76]

So then find way to namespace the keyspace, for example domain names, like what is used for the java class names, and incorporate that into the key.

That would stop accidental key conflicts. Not a very good solution, but better than nothing.

Sort of like Sony's FeliCa without RFID?

So, can this run PacMan?

redudancy alert

[xsupergr0verx]

One "640k should be enough for anybody" joke in the title should be enough for everybody.

Just in time for Fed IDs

http://csrc.nist.gov/piv-project/

Titanium Card

Check out the titanium card, I believe it has more than 1 meg of memory, and while we are on the topic of smart cards flip over to www.cardcoders.org

Re:Titanium Card

[XMyth]

Hehe....Watch for the JavaCard unlocker by Penga soon!

In other news...

Dave sues IBM for having smart card programers...











its a joke son, laugh!

Re:Hmmmm

Do you have experience with Java Micro Edition?

Picture of the card and tech specs

[AndroidCat]

Looks .. card-sized!

Re:Picture of the card and tech specs

Right, but the actual ISO specification defines the size of the chip on the card and this 1 MB chip is a little bigger than a card that meets the specification.

What Does This Have To Do With My Rights???

Timothy, what the hell does a smart card have anything to do with "rights" here? Is this "my right" to purchase it, or own it?

More proof slashbots have no concept of what real rights are.

YRO?

[erichill]

Looks like a hardware announcement.

Re:YRO?

YRO probably stands for YeaR Old now...

Security anybody?

[SpeedyGonz]

Sorry for this, i couldn't help it: *** TIN FOIL HAT MODE ON An IC card, capable of running a tiny java - based OS, used for, say, storing my Credit card details . . . sounds like clock frequencies on the high Khz to low Mhz order, am I right? What about somebody detecting it's electromagnetic activity (when used) using a device like that "Tempest project" one that detects the EM fields produced by CRTs. Does this thing use too small a voltage to be picked up by an antenna at short range? *** TIN FOIL HAT MODE OFF

Re:Security anybody?

Maybe you should just make a little tin foil hat for your smart card.

Re:Security anybody?

[slinky259]

Would encryption be of any use? I'm not familar with the "Tempest project" thing mentioned above.

And besides, if you're close enough to use a short range antenna (very short range, I'm guessing), you're close enough to mug 'em. Perhaps not as clean, and much more noticible, but a heck of a lot easier.

Re:Security anybody?

[wirelessbuzzers]

Tempest shmempest. A much more serious side-channel attack (i.e. an attack that allows one to break encrypted data or protocols through means other than the information transmitted intentionally by the card) is power analysis. This attack is exceedingly effective against many smart cards... is this one protected?

Re:Security anybody?

[detritus.]

Would encryption be of any use? I'm not familar with the "Tempest project" thing mentioned above.

More information on TEMPEST than you'd probably want to know.

Re:Security anybody?

[grokster]

Tempest shmempest. A much more serious side-channel attack (i.e. an attack that allows one to break encrypted data or protocols through means other than the information transmitted intentionally by the card) is power analysis. This attack is exceedingly effective against many smart cards... is this one protected?

Just run seti@home^H^H^H^Hcard on it during idle times and you'll mask the power consumption!

Re:Security anybody?

[l0b0]

As the normal user would write his/her password on the card, why bother with high tech? The biggest security problem is always the people...

Camera storage

my camera has 512mb of storage on a card the size of a postage stamp (SD) and you expect me to be impressed with 1mb !
or maybe it took IBM 20years to write an OS for it while i can stick knoppix on a SD card right now

cripes people lets have a bit of vision

Re:Camera storage

it's pretty much a very secure computer thats SMALLER than your SD card. THATS the buzz. Numbnuts.

Of course...

[jacksonj04]

Dare I ask how much an Os on these cards will actually be used? Aside from performing on-card authentication procedures which can easily be crammed into less than 1mb, I can't see any use. Of course, it could be that I'm tired and talking out of my arse.

Our school is looking at getting smartcard authentication for entry. How does having 1mb on the card give an advantage over say 64kb?

Re:Of course...

I can keep your photo, and all other information on it. log ON THE CARD all your entry points, etc...

1meg lets me store a LOT of information aobu the user... stuff I can use to control the user if I need to ... and if you encrypt it and record hash codes I can be sure the data is intact.

hell add biometric data in there, your thumbprint would be handy.

Virtual Machine?

[Jimmy+The+Leper]

Do I have to plug it in and then wait 45 seconds for the java virtual machine to load before it lets me do anything?

Also, now that it has java, does that mean I can run Project Looking Glass?

What is this good for?

[bentfork]

Smart cards are a great way to keep you private encryption key(s) and passwords safe, OFF your computer harddrive, and out of your computer memory.

Why? Because you the user can not know if the computer you are typing on is safe ( think spyware, malware etc... ) .

Current smartcard technology has been problimatic because you can only store tiny amounts of data on them. By tiny I mean really small, shorter than a few SMS (text based cellphone) message amount of data. ( dont forget the file allocation table takes up space...)

You also dont really store data on them, they store data for you. Smart cards are basically little computers, that will only respond with the correct password to give you your data. Pretty clever really.

Now it looks like they will be able to store much more data, like a couple 1024 bit keys, your encrypted passwords and lots of other great stuff like that.

That is what it could be used for... but I am sure everyone is going to buy them because they can save their IE Favorites, and their Email Address book on it.

Re:What is this good for?

[AndroidCat]

The nice part is that you can check biometric data without exposing the actual data outside the card. For example, you plug the card into a fingerprint reader and the reader gives the print data to the card. The card compares it to the stored data, and if it's a close-enough match, says OK and unlocks access to other data.

If it wasn't "smart", an outside system would have to have access to the real data to compare against the finger or password attempt.

Re:What is this good for?

yeah they're great. until you go looking for apps and tiils for them.

it saeems that they are invisible to nonexistant.

at least on the windows platform. under linux they are useable, hell I can login with a martcard under linux. windows? you have to own server 2003 and have a specially set up active directory server to use them. you CAN NOT set up a single machine to use them.

how about some fricking utilities??? a simple password keeper or gpg key keeper???

nope. it's all non-existant.

Re:What is this good for?

[bentfork]

I think these guys do that. They have a range of software. As a bonus they have a fingerprint scanner so you can be l337 too!

Here is a link to their Client Softwareinfo page.

I personally would like one of these Fingerprint Scanner + SmartCard reader My old scanner is getting a little old, and isnt USB.

hint hint :)

Re:What is this good for?

2 thoughts..

1) If I lose my smart card I'm totally fscked

2) keys and sensitive information are still accessible (at times) in memory, and possibly on the hard drive (pagefile/swap).

Re:What is this good for?

keys and sensitive information are still accessible (at times) in memory, and possibly on the hard drive (pagefile/swap).

This would be true for passwords, but cryptographic operations can be performed on the card, so keys would never leave it (and usually the card makes it impossible to export keys). There's still the problem of authenticating to the card through an insecure interface - without putting a keypad on the card, or some sort of port for a portable keyboard, you'll have to type your passphrase into an insecure computer.

People will probably come up with protocols to limit the risk of lost or damaged cards, without giving up much security. Maybe 2 cards could connect directly to each other and use Diffie-Hellman to create a shared key, and then you'd have a backup card.

Re:What is this good for?

[bogado]

This is vulnerable to a replay atack. The computer records the fingerprint and the atacker can use it the data to gaim access to the same card in a latter oprtunity.

Unless the reader is trustable and the card it self drive it.

Re:What is this good for?

[AndroidCat]

True, but at least it's not as messy as cutting off the finger or eyeball on a stick...

No

No I'm still waiting for it to finish loading...

The 20 Year Cycle

[Etcetera]

20 years ago, Apple was figuring out how to squeeze a graphical operating system into 128K of RAM. Permanent storage that didn't cost 5 figures was in the 400K range.

In this day of multi-gigabyte OS installs, it's refreshing to see people return to the "lean and mean" OS mentality, even if it's out of necessity. Hell, even 10 years ago, you could still install an entire installation of Mac OS 7.6 on a set of 10-12 floppies.

Those were the days. Nice to see such "hack"ish talent used again.

Re:The 20 Year Cycle

[phasmal]

So you would expect in 20 years time we will be developing 1MB systems for our nanobots?

-- phasmal

Re:The 20 Year Cycle

Apple had far more ROM than RAM. So technically they did not fit into 128k. Also if you ever used a Mac back then, you probably remember using floppies as a form of swap which totally sucked.

Re:The 20 Year Cycle

[AndroidCat]

ITYM nano-technology stem-cell for fighting terrorists.

a solution

[dingDaShan]

Is this technology easily mass produced?

Just a bunch more Flash

[nervesystem]

This is really just about adding high density flash to an existing smart card platform. Other then having alot of flash this (16 bit CPU, 4-8K RAM) card is just like most other JavaCards out there (such as in your cell phone or AMEX Blue card). The innovative smart cards these days have 32 bit CPUs such as the P9SC648 from Philips and ST22N256 from ST Micro. The Philips card is alot more powerful then IBM/Sharp's card and still has 512 KB Flash. The ST card has 256 KB Flash and 368 ROM and is shipping now for $4 to $5 in quantity.

Re:Just a bunch more Flash

[John+Harrison]

Actually most smart cards use EEPROM rather than flash. The Sharp card is a bit different in that it does use flash.

Here is the confusion

[GoClick]

The confusion here is that the average /.er doesn't know that a SmartCard is not a SmartMedia Card.

A SmartCard is NOT for holding pictures of your cat. It's primarily for identity verification. See
SmartCard

A SmartMedia Card IS for storing pictures of your cat or whatever else you might have. This is the large card that goes in SOME digital cameras. SmartMedia is a trademark of Toshiba. It is a flash memory format Please see
SmartMedia

Re:Here is the confusion

[nomadic]

A SmartCard is NOT for holding pictures of your cat. It's primarily for identity verification.

But what if I use it for identity verification of my CAT? What do you think about that, Mr. Smart Guy?!

Wait, I don't own a cat.

Re:Here is the confusion

[shepd]

Most people here are more intimately familiar with smart cards as satellite access cards (AKA CAM cards). Of course, a lot of lazy slashdotters have never bothered to take the card in their receiver out to check what it was until I just typed this. :-D

Re:Here is the confusion

[TommydCat]

A "trimmed" version of SmartCards called SIMs are used in GSM phones. They are litterally trimmed down from a standard sized smartcard.

They are most often packaged in the original card form with cuts so you can break out the smaller form factor. Placing them back into the larger card allows them to be used with ISO compliant card readers, which software is available for to allow you to update your phone book, etc.

Java applications are the big new thing with GSM phones (more so the dedicated phones rather than the cross-platform PDA phones), so eventually this will lead to innovation for what you can do with a traditional GSM phone as the price comes down (16k and 32k SIMs are the rule with the occasional 64k in new markets because they are that much cheaper).

Oh dear.. time to change my .sig

Size

[cuteseal]

Give it a few years, and everyone will be wanting 40 gig versions to store their mp3 collection on.

Java OS?

[Rgb465]

IBM has ported/developed their Java...operating system

Yeah, I wrote one of those back in '98...yeah, its still booting...

Intresting thing about javacards.

They are not really secure, the java card runs the applet in what is called "the sand box" basically protected memory that is held apart from the os, so the applet can run without accessing the os, or being able to attack the os..

Funny thing is if you blast the card with uv radiation (read a black light) you can force the switches in the card (by overloading with excess energy) to flip back and forth and cause the card to allow you to pop out of the sandbox.. =)

Suddenly you have access to the protected area of the smart card allowing you to dump the memory of the card read the stuff your not suppose to see).

Whoever posted the cardcoders link needs a slap, can someone please remove it.
-MistaEx

Re:Intresting thing about javacards.

[packman]

When you speak like that, it sounds like it's a piece-of-cake to do this. Also this is not java-related at all, this applies to all chipcards in general. All very nice in theory, but in reality - what you describe there requires a lot of multi-million-$ equipment, which only very few ppl (read: no-one) have in their private laboratory at home. Also don't forget you'll need some man-years of work to accomplish exactly what you want :)
Most chip-foundries have the equipment, some security-audit centers also of which I know there's one in france and one in switserland, but they are really rare. I think those are the only-ones in Europe, maybe there's also one in Germany, but of that I am not sure.
Really don't think you can find this equipment in your average supermarket. Also most of this equipment has military import/export restrictions applied to it, making it even harder to get :)

I work with chipcards on a daily base, and even the "non-intelligent" (asynchronious) cards, just read/write things protected by a fixed pincode are a though nut to crack if you only have the card. Typicly, these cards can store 256bytes (Siemens sle4442 cards) or 1kb of (rewritable) data, of which some parts can be fused to read-only.

The intelligent cards (synchronious cards) usually are a bit larger, 2K, 4K, 8K and 16K are common, 32K is already a lot, and 64K is - as said - extremely luxuary. They also cost a lot more per-card, but can run little applications. Depending on the card, this can be stored in non-volatile memory or burned permanently in rom. These applications usually are very small, but even card-java applications are slightly larger than native code for these cards, so you would need more space - certainly since the applications itself on javacards are usually also loaded into the expensive read/write non-volatile storage. A 10k application for such card is already huge. Most of the data-area is used by keys, which are relatively large for current sizes.
People not working with embedded software usually have no idea what can be done with 1mb. You would be amazed what could be stored on a 256byte card, i.e. the social-security (SIS) card in Belgium is a 256byte card (with paranoid encryption applied to it :p)

I don't think this will actually be sold & used a lot at the moment, no-one is waiting for such big cards, they are way to expensive for mass-distribution and usage. It's like jumping from the current hard-disk technology which provides 400gig max disksize to 8000gig disks, and this in an area where storage isn't the real issue. Most of the times, interfacing speed is the real issue, where the serial communication between the chipcard and the other side is simply way to slow.

I don't say that 1mb is completely useless, I know the new Belgian electronic passport should store a picture of the card-holder, which is atm done on (I think) an 8kb java-card, which is way to small (ppl are hardly recognizable on the stored image), but otherwise it would simply cost too much. These new larger cards will put pressure on the prices of these cards, so they'll become cheaper - and hopefully, the eventual cards used for the EID (Electronic-ID) card here will be larger, so the image could be clearer :))

More please...

[algf2004]

Innovation is a great thing...but I wish companies would give up on all this small media and put all their resources into something larger.

I'd pay a whole bunch for a small 200GB hard drive that I could hang on my keychain. Laptop drives are small, but not quite small enough. I'd put up with their extra size, but I haven't seen any break 80GB.

I'd just like to be able to plug my own hard drive into someone else's computer and have my own OS and files all ready. No smart cards, just smart technology. We should be able to build something like that by now...

elliptic curve, not "elliptical"

[__aazofn1209]

I'm sure this card incorporates some form of elliptic curve cryptography, rather than "elliptical curve encryption", which doesn't mean anything AFAIK.

I guess all of the other mathematicians are watching election coverage rather than pointing out slashdot editing errors...

Re:elliptic curve, not "elliptical"

You think there's a difference in encryption and cryptography? maybe a negligible one.
"Cryptography is, traditionally, the study of ways to convert information from its normal, comprehensible form into an obscured guise, unreadable without special knowledge -- the practice of encryption." - http://en.wikipedia.org/wiki/Category:Cryptography

Re:elliptic curve, not "elliptical"

[__aazofn1209]

You think there's a difference in encryption and cryptography?

No. I'm saying that the correct term is "elliptic curve", not "elliptical curve" as it says in the original post.

I can just see it now.

[sheaman]

"American Distress now provides the Credit Card X2! Uses WiFi technology to play your favorite movies and songs to you with wireless headphones! Plus, includes new neural-link Counter Strike!" Actually, that would be pretty cool. At least the Wifi part, though that could be threatening to security.

Stupid

[Markus+Registrada]

Why would any sane person waste crushingly scarce ROM and RAM space on a Java interpreter? Everybody involved knows exactly what the target hardware is, and can compile directly to it. This has failure written all over it.

Just give me the raw hardware, I'll program that.

more redundancy

but can it run linux?

meltdown

[rts008]

If I overclock it will it melt my wallet? Where do you plug the power supply in? How long before some 133t cashier/bank teller pwns my card?

Stuck in the Early 80's.....

I predict that by 2024, we will have 3 GHZ smart
cards with 250GB of storage, and the ability to run SmartCardDoom 3

Smartcard readers in PCs and laptops?

[mikelang]

When we will see readers in common equipment?
It would be nice to have PGP and SSH key stored on my ID card :-).

Re:Smartcard readers in PCs and laptops?

[TheRaven64]

What would be even more interesting would be to have the card contain a cryptographic processor that handled all of your encryption needs built in. This would allow you to keep your private keys on the card, without having them accessible from the computer. The main advantage of this would be public terminals - you could plug in and use them without having to worry if the machine was secure (an attacker could still, in theory, read the data you retrieve but not your key, keeping the remote system secure). Even nicer would be if the device had a FireWire 800 interface and could be used to encrypt hard drive accesses - unplug it and no one can access your data.

Re:Smartcard readers in PCs and laptops?

[mikelang]

I agree, but it could be hard for vendors to agree on portable API (so that device would be OS-independent).

64K a luxury

[stretch0611]

In an industry that can considers 64K of memory a luxury, 1MB is staggering.

Surely I am not the only one old enough to remember The Vic-20 with its 5K RAM that greeted you with "3,583 bytes free." (which was left after necessary internal storage and buffers) And if you had an additional $150 you could buy the "luxury" of a 16K RAM Cartridge.

An OS on a 1MB card?

[StikyPad]

What's next, you're going to tell me they can fit an entire operating system on a 20Kb ROM? That's preposterous.

Hmm

[Ventashar]

Did anyone notice that the date on the post was 11/13/2003?? Ya know..like a year agoish?

1MB

[torrents]

1MB may be amazing by todays standards but it's quite likely with constantly falling flash prices that we may see smart cards sporting 512MB+ in the near future... Possibly changing the way people use systems in corporate and public environments...

Where the hell can you buy these

[hsmith]

all the sites they link you have to bulk pucrhase them!
:mad:

How small, indeed?

[mwood]

As in, "how big a mallet do I need to pound it into a *standard* card receptacle?"

Correction

[John+Harrison]

The lead for JCOP has told me that for flash based systems the OS is loaded into flash rather than rom since there is so much storage space. On EEPROM systems it is written in the ROM.

Re:Ohio and Florida call for Kerry

i saw this in M2 ... What a sorry little fag you must have been come 11/3.