Menu
▾
▴
Re: [Opensc-devel] Android 4.3 Hardware-Backed Security Features
|
From: NdK <ndk...@gm...> - 2013-08-28 07:03:54
|
Il 28/08/2013 08:09, Andreas Jellinghaus ha scritto: > Sure, a smart card can do more, and for having a card that is powered > only when in a reader / next to the reader, an integrated system of > storage and crypto functions is nicer. But for security in the device > environment: why isn't the HSM like mechanism superior? it seems easier > to implement to me, and is far more flexible - no fuzzing around with > PKCS#15 structures, storing the credentials on the host is far easier. I agree with your vision to a great extent. But it's a partial vision (not all systems are constantly on-line). A smartcard is something you can bring around easily. You can't do the same w/ an HSM. Sure, it lacks some features (like a pinpad and a display), but that depends on the chosen security perimeter and ability to work offline. But extending the security perimeter makes it harder to defend. Probably (quite for sure...) nowadays the smartcard form factor is "wrong": microsd or USB token have many advantages (first of all: communication speed!) that could open many scenarios... BYtE, Diego. |
