-----BEGIN PGP SIGNED MESSAGE----- I've been searching around the 'net looking for online references to the actual protocols and methods used in smart card user authentication, but have found very little. I understand from reading Schneier that there are several established protocols to demonstrate knowledge of some secret without leaking any information about this secret. Is this how these (smart card) systems work? The Nov. '94 issue of 'Communications of the ACM' has an article about using smart cards to store secure OS kernel and user configuration information (I imagine both Unix _and_ Windows :), which is fascinating to read, but doesn't delve into these technical details. It seems that the there are a myriad of rather innovative applications for these things. What is the state of this technology today? I understand there are working systems for use with credit transactions and telephone billing. Who are the major players in the marketplace, what types of standards have evolved to describe the interfaces they use, and what kind of Cypherpunk interest is there in these products? What kind of realistic attacks exist that would compromise the security offered by smart cards? Guess I'm just interested in some good pointers to information (online or written) that could give me a grasp on the technical details. Thanks, Johnathan Corgan == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan@aeinet.com -Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyyGmk1Diok8GKihAQE6MQP/dPRmR4X8p459WvgwTiiL+zO/oq1zyE2E KxD/1JEQ4e6MC7tGNiPktvXqFXtv5JgXxbPhWkUZTQjkEyMulDCv2h0hUGySdiHx Zq4lvCtCRRdb6r5O+tQJQpCbCW3NRsx3A6yJPK2YvH1lYRciDlMdWDQyGAGefuUN xO6jMEGnGEw= =9RjV -----END PGP SIGNATURE-----