[1271] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (John Deters)
Mon Jul 28 18:33:34 1997
Date: Mon, 28 Jul 1997 17:21:16 -0500
To: pgut001@cs.auckland.ac.nz, PADGETT@hobbes.orl.mmc.com, cryptography@c2.net
From: John Deters <jad@dsddhc.com>
In-Reply-To: <87009152730237@cs26.cs.auckland.ac.nz>
At 12:05 AM 7/29/97, Peter Gutmann wrote:
[ A. Padgett Peterson P.E. Information Security wrote ]
>>Expect three flavors - direct, dedicated readers (but don't hold your
breath -
>>too many machines already have all IRQs in use). These will be the most
>>expensive - unless under $40-$50, forget it except for very very nervous.
>>
>>Second flavor would be a PCMCIA (PCCARD) carrier. Most notebooks today have
>>more than one slot.
>>
>>Third (and I think essential for mass market) is a 3.5" floppy carrier. Saw
>>one over a year ago from Fischer but cost is a problem - must be under
U$10.00
>>to be sucessful.
>
>There's a fourth kind which you haven't mentioned: Readers built into
>keyboards. These are starting to appear (mainly in Europe), require no
extra
>IRQ's or slots or serial ports or whatever, and only a small change in the
>keyboard driver software. Most of the components (case, lead, connector to
>computer, power source, interface circuitry) are already present, so the
cost
>is relatively low. It remains to be seen how popular they'll become though.
>
>Peter.
Siemens Nixdorf was offering a smartcard reader keyboard wedge as well as a
parallel port implementation. Since the solution we were considering
already had a wedge plus a second keyboard, we leaned more towards the
parallel port solution. Ultimately, our management ended up choosing IBM,
and we did not get any smart card reader equipment. In retrospect, this
probably kept us from purchasing what might be obsolete equipment.
As far as the technology push behind any retailers' decision as to what
type of system to go with, the credit card companies will tell us loudly.
Eight years ago, we were "economically urged" to install magnetic swipe
readers. Visa sent us a letter saying that our rates would be increased by
about 1/2 % if we did not install MSRs. To us, that translates to a "cost
avoidance" of well over one million US$ annually, or spread out over our
POS terminal count, about $80. Given that we installed readers for about
$70 each, the ROI was there to do it immediately.
I suspect that when (not if, but when) Visa or Amex comes to us and says,
"We're going to increase your rates by 1/2% if less than 98% of your
transactions are smart-card processed by October 1st," we'll have smart
card readers installed by September 30th.
For the merely curious, 2600 magazine a few years ago republished an
article from HackTic (the Dutch hackers magazine) on how to read a smart
card via parallel port (of course, they placed more emphasis on how to
emulate a telephone rather than how to "use" it.) From this, I would
hazard a guess that a parallel port-based home-use reader could be sold for
30-50 US$
JOhn
--
J. Deters "Don't think of Windows programs as spaghetti code. Think
of them as 'Long sticky pasta objects in OLE sauce'."
+--------------------------------------------------------------------+
| NET: mailto:jad@dsddhc.com (work) mailto:jad@pclink.com (home) |
| PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) |
| ICBM: 44^58'36"N by 93^16'27"W Elev. ~=290m (work) |
| For my public key, send mail with the exact subject line of: |
| Subject: get pgp key |
+--------------------------------------------------------------------+
