Eugen Leitl <eugen@leitl.org> writes:
I have no smart card background, unfortunately. I've heard G&D ignores requests from open source developer people, though.
Yup. It's standard banking-industry stuff, unless you're a large bank/government/whatever and are prepared to sign over your firstborn and swear eternal secrecy, they won't talk to you.
Are keywords like STARCOS SPK2.3 (Philips P8WE5032 chip), ITSEC E4 certification (with StarCert v 2.2.) etc. associated with a good security track?
They're associated with good buzzword-compliance. Since it's impossible to get any technical details out of them, it's rather hard to say. If you've got something like a PKCS #11 driver off them then you should be OK, but if you want to do any low-level work with the card yourself, find another vendor.
Features
Nothing you can't get from a pile of other vendors who will actually talk to you. Unless you've got some business reason to deal with them, I wouldn't bother (I have nothing against them per se, they just do business in a way that isn't useful to me... and I'm sure they think the same of me). Peter.