TPM cost constraint [was: RE: Revenge of the WAVEoid]

Eric Murray ericm at lne.com
Mon Jul 8 08:22:37 PDT 2002 

On Sun, Jul 07, 2002 at 07:13:54AM -0700, Optimizzin Al-gorithym wrote:
> At 07:05 PM 7/6/02 -0700, Lucky Green wrote:,>
> Adding the cost of an EMBASSY or SEE environment to the,>purchase of
> every new PC is more than the market for bare-bones or even,>mid-range
> PC's will bear.,>,>--Lucky,>
> 
> Too bad PCMCIA cardreaders aren't widespread, then a bank could give
> away smartcards
> which would be arguably more secure than browserware.

Smartcards are more secure than browsers.  But normal cardreaders
don't keep malware that's on the PC from accssing the card.  It can snoop
on the user's PIN, or in the case of the few cardreaders that keep the PIN
local, wait for the card to be unlocked and then use it for illegitimate
purposes.  The smartcard still depends on the security of the PC.
It's not any more secure than the PC, its just portable.  That hasn't
been enough to make smartcards take off for PC-based applications.

A few companies have made secure smartcard readers that prevent this
type of attack.  One of those was N*able Technologies, which Wave bought
in '99.  The current EMBASSY chip is one that N*Able designed.  I was
Nable's chief architect.  I left after the buyout.  Nable's system was
for secure commerce, not DRM, but as a secure building block it can be
used for lots of things.

I don't know WAVE's pricing for the current EMBASSY chip, but based on
prices for earlier Nable chips, I'd guess that they could sell it for
$5-10 in quantity.  That's still a significant adder to the cost of a
motherboard.   But it isn't insurmountable.   The beneficiary pays for it,
not the end user.  All it takes is one customer who can get enough value
from it to make it worthwhile.  Microsoft is a good example... simply
increasing their license payment rate for Word from 50% of users to 60%
would make them more than enough $$ to cover the cost of an EMBASSY or
similar in most PCs.  The potential anti-competitive side effects then
come for free.

Of course marketing for PCs will attempt to get users to pay more
for the "security enhanced" DRM-equipped PCs.  But the added cost
doesn't need to be paid by the users to make it viable.

Eric

More information about the cypherpunks-legacy mailing list