Phase 2 - Secure display and pin collection

10 views
Skip to first unread message

Smartcard Guy

unread,
Jun 26, 2011, 3:27:43 PM6/26/11
to bitco...@googlegroups.com
So they do make on card display cards, there have been a few companies over the years who have tried to build products around the technology but none of the ones I knew of are around anymore.
 
The way the smart card industry works is they do most stuff custom, for example GSI tech is a printing company who incorporates an NTERA flexible display via a custom printing process into a smart card http://www.gsitech.com/functional-printing/apps_displays-graphicIcons.asp
 
They don't sell a product like this but instead make custom "solutions" for banks and other similar organizations; when they do runs of a card its a lot of them.
 
At the time these displays were not controllable from the chip on the card in a standard way, last time I was at Cartes (a smart card conference) talking to folks about the technology (2009 I think) they were "converging" an approach that would allow a standard javacard chip to interact with the display, but they did not have them yet.
 
These cards also can have blister buttons, the card in the video just has one, it tells the card to wake up and generate an OATH compliant OTP number; they have them that have more than one as well, the space available on the card however makes using a card that has more than one difficult at best, especially when in a reader. The cards they had at the time in low quantity were $30 each (before the chip)) they thought they could get pricing down to around $10-15 each in high volumes, again this data is from 2009 so just use it as a right idea.
 
In an application for us I think we would need two blister buttons, on/off and approve. This has some negative usability implications but I can't think of a way around it.
 
Another option is secure pin entry devices, one example would be the OmniKey USB pin pad with display, see: http://www.hidglobal.com/prod_detail.php?prod_id=190, these can be had for about $50-$60 each.
 
With these the card and the reader interact together without the host being involved. You trust that the reader isn't malicious (the card cant verify this in a open system, e.g. when it doesn't have a way to authenticate the reader because there is no central authority); closed systems can have the readers have a key that is used to authenticate to the card and visa versa but the standards in this area are very weak/incomplete.
 
In general I think the reader with the embedded display and PED will be the least complicated way to get to where we want to be, it requires us to trust hardware and has the burden of likely only working with readers we custom integrate but its cheap and is a logical extension of what we have been talking about in phase 1.
 
When we get further along I will get more information on these two approaches so we can make an informed decision as a group.
 
Ryan
 
 
 
 
 
 

Ludwig Maes

unread,
Jun 26, 2011, 10:54:26 PM6/26/11
to bitco...@googlegroups.com
This is very usefull information!

btw, 30$ is about 1.5BTC, I think a lot of BTC owners are willing to
pay for such a card if it implies a real next level of security...

please, since you seem to have contacts in this industry, tell us as
much as you can find out, especially about current state of
affairs,...

what do you mean with "blister" buttons?

I understand that display smartcards are typically used for OTP, but
in context of bitcoin that makes little sense, it would be interesting
to know if the OTP has its own dedicated chip, or if it is a program
that runs on the same smarcard processor, if the latter probably the
producers can tell us how to print to the display... for bitcoin we'd
need alphanumeric display not just numeric displays...

in the visa OTP card on youtube there seems to be a on/off button and
10 buttons for pin codes...

Please add readers with pinpad and display to the wiki (I already
found one in the 44 euro range which seems similar to 50-60$...)

"With these the card and the reader interact together without the host
being involved. You trust that the reader isn't malicious (the card
cant verify this in a open system, e.g. when it doesn't have a way to
authenticate the reader because there is no central authority); closed
systems can have the readers have a key that is used to authenticate
to the card and visa versa but the standards in this area are very
weak/incomplete."

this implies that if the reader has been certified by the right
authority and is thus available on the market, that the protocol
mandates that the smartcard controls the display, as I questioned
before, this would make a lot of sense, but I have yet to see a
specification/standard that implies that the smartcard and not the
computer controls the display... could you please find a reference? or
next time you hear this from a SC company, ask them for the public
standard or specification that mandates the smartcard is in control of
the display (and not the computer)

I have no idea where to find this, but from security point of view it
makes complete sense...

again thanks for the info!

Reply all
Reply to author
Forward
0 new messages