A few more hopefully short comments... perry@piermont.com ("Perry E. Metzger") writes:
Why not? If the card knows its own key, then someone else can probably get the key out by some nasty mechanism.
There is no physical difference between cards. The key information is stored in EEPROM, and the links which permit the EEPROM to be written are burned after programming is complete. The EEPROM data is then only accessible to intimately associated circuitry in its vicinity. Presumedly the state of the EEPROM cannot be deduced by any external examination of the card, and any attempt to incrementally abrade the card down to the relevent circuit elements should completely obliterate the minute charge differences which represent the data. At least, that's the theory. The Europeans trust this technology well enough to let it represent real money, so presumedly they do not consider hacking a possibility. Perhaps our resident VLSI and Alpha Particle expert, Timothy C. May, could give us a guess as to whether Perry's "Nasty Mechanism" is more or less likely than Maxwell's "Daemon." inglem@adnetsol.com (Mike Ingle) writes:
The big latent assumption here being that you have only one-way communication with the subscribers. DSS has a modem. It could get a new key from a distribution center frequently - i.e. every day. Then the pirates would somehow have to update their keys daily, in real time. Once we have live packet communication (cable modems or ISDN D-channel, for example) the keys can be changed minute by minute, if necessary.
Assuming Perry is right and a smart card could have its innards transplanted into a hostile environment, the scheme you describe would offer no real protection. The compromised card would simply do the communication with the Key Distribution Center and give all the information to the pirates. A low-bandwidth link, such as a web page, would be more than sufficient to communicate the required bits to everyone else on the planet. The security of a smart card based system has to lie in the "data cannot be recovered even by destructive reverse engineering" aspect of it. If this is not a given, then cards can be exactly cloned, and one clone can tell others what they need to know to prevent the duplication from becoming known to the other side of any transaction. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $