On Sun, Jul 07, 2002 at 07:13:54AM -0700, Optimizzin Al-gorithym wrote:
At 07:05 PM 7/6/02 -0700, Lucky Green wrote:,> Adding the cost of an EMBASSY or SEE environment to the,>purchase of every new PC is more than the market for bare-bones or even,>mid-range PC's will bear.,>,>--Lucky,>
Too bad PCMCIA cardreaders aren't widespread, then a bank could give away smartcards which would be arguably more secure than browserware.
Smartcards are more secure than browsers. But normal cardreaders don't keep malware that's on the PC from accssing the card. It can snoop on the user's PIN, or in the case of the few cardreaders that keep the PIN local, wait for the card to be unlocked and then use it for illegitimate purposes. The smartcard still depends on the security of the PC. It's not any more secure than the PC, its just portable. That hasn't been enough to make smartcards take off for PC-based applications. A few companies have made secure smartcard readers that prevent this type of attack. One of those was N*able Technologies, which Wave bought in '99. The current EMBASSY chip is one that N*Able designed. I was Nable's chief architect. I left after the buyout. Nable's system was for secure commerce, not DRM, but as a secure building block it can be used for lots of things. I don't know WAVE's pricing for the current EMBASSY chip, but based on prices for earlier Nable chips, I'd guess that they could sell it for $5-10 in quantity. That's still a significant adder to the cost of a motherboard. But it isn't insurmountable. The beneficiary pays for it, not the end user. All it takes is one customer who can get enough value from it to make it worthwhile. Microsoft is a good example... simply increasing their license payment rate for Word from 50% of users to 60% would make them more than enough $$ to cover the cost of an EMBASSY or similar in most PCs. The potential anti-competitive side effects then come for free. Of course marketing for PCs will attempt to get users to pay more for the "security enhanced" DRM-equipped PCs. But the added cost doesn't need to be paid by the users to make it viable. Eric