At 11:13 AM 10/7/96 -0400, Robert Hettinga wrote:
Dallas Semiconductor turns on Internet commerce at the touch of a button; wearable computer chip generates uncrackable codes using public key cryptography ---------------------------------------------------------------------- DALLAS--(BUSINESS WIRE)--Oct. 7, 1996-- ... Unlike a loose plastic card, the iButton stays attached even while communicating, making misplacement less likely. Messages or transactions are authorized only after the PIN is validated by the iButton, the same technique automatic teller machines use to dispense cash.
What bothers me about such schemes is this: What happens if the insecure machine which accepts your PIN and transfers it to the iButton then performs a transaction which you have not authorized. E.g. it transfers $10 rather than $.01. You can collect quite a bit by repeating the scam. I have not heard of a trust protocol which does not require some form of input and/or output on the iButton itself. All the ones which can be used by normal humans (e.g. do not require the user to do public key cryptography in his/her head) require both a small display and a approve/disapprove button. I think the credit card calculator form factor is attractive for this application. ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz@netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA