charismathics tech networking for earth. 2 oasis london, nov 27th and 28th 2006, sven goßel,...
TRANSCRIPT
charischarismathicsmathics tech networking for earthtech networking for earth
2 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
Desktops
Laptops
USBMemory
PalmPocketPC
BlackBerrySmartPhone
1995 2000 2005
Look at this growth over the past decadeLook at this growth over the past decade
3 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
The funny story about PKI smart cardsThe funny story about PKI smart cards
SIM cards in mobile phones represent ¾ of the market – token prices are cheap as never before
since 10 years, most of all players lost a fortune – and is yet investing huge amounts
with 1Bn PCs and notebooks installed – not more than 15mio PKI tokens are issued worldwide in 2006
PKI management systems are fully standardized – yet PKI tokens are not
Bill Gates called for the “end of passwords” – but nobody cares
4 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
OK – but why doesn´t this market fly?OK – but why doesn´t this market fly?
Here are a few “market analyst” reasons:
technical standards have evolved only the past 3 years PKCS#11 of RSA Labs was only freezed in 2003 Microsoft never really cared
secure data carrier never had enough performance
the worldwide number of suppliers is very small
privacy in computer systems is an elite issue
investments in security do not sell other than in large organizations
. . . . .
5 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
But the most important reason:But the most important reason:
Hardware and
Software are two different
worlds
6 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
A PKI token is a complex systemA PKI token is a complex system
7 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
The current market environmentThe current market environment
Most smart card and token vendors try to lock customers all software vendors and ASPs suffer by regular software
maintenance requirements each proprietary software interface is different each new chip generation multiplies number of supported
versions user typically has more than one token and more than one
reader log-on device (usually company ID card) using private PKI digital signature token
software user interface has to comply with specification standards usability vs. legal requirement
copy protection to avoid using it as standard middleware without license
8 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
charischarismathicsmathics Competence MapCompetence Map
data security IC
software
hardware services
business cases
customizationprofessional services
biometrics platforms
identity management
9 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
Technology Partners & AlliancesTechnology Partners & Alliances
hardware: Eutron Infosecurity, Bergamo, Italy OTP: Vasco Data Security, Brussels, Belgium PKI: ECOS, Mainz, Germany smart card software:
Siemens MED, Erlangen/Munich, Germany IBM, Zurich, Switzerland Trusted Logic, Versailles, France
smart card reader SCM Microsystems, Fremont CA, USA Omnikey, Wiesbaden, Germany
semiconductors Infineon Semiconductors, Munich, Germany NXP, Eindhoven, The Netherlands
software vendors: all major hard disk encryption software vendors all major VPN software vendors
10 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
smart security interfacesmart security interface©©
11 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
pre-boot
support
modules
CSSI software structure: a layer conceptCSSI software structure: a layer concept
application interface
web update interface
smart card interface modules
smart card hardware
SigGCNSeID
PKCS#15
charismathicsprofiles
any other profile
CardOS
4.x
TCOS2.03
JCOPjTOP
3rd party modul
e
other
Adobe Acrobat
application interface
3rd party modul
e
otherACOS
StarCOS
Internet Browser
Other Applications
Infineon
TPM
TSS Syste
mServic
e
otherTPM
genericTSS 1.2 API
MS Outlook
genericCSP module
genericPKCS#11
12 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
Microsoft follows the same conceptMicrosoft follows the same concept
extending the current CSP software module to a PKCS#11 comparable interface “base CSP” is nothing but a MS-CAPI patch includes now PIN change etc. all smart card IC vendors need to adapt their interface
Windows Update platform will automatically provide the modules no Microsoft certification required any more
self-signed soft token will be given inside Vista SUN already has this PKCS#11 already defines this
Charismathics CSP already offers all future MS functions smart card software modules already exist
Essentially Microsoft just tries to fill the gap: Smart cards had a low priority over the last 4 years.
13 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
plug´n´cryptplug´n´crypt© © USB application examplesUSB application examples
end-user friendly product plug-and-play: pre-installed software allows full device mobility all PCKS#11 applications will run automatically software development focus is function and usability flash memory provides mass data storage capability
corporate security VPN access management hard disk encryption
Outlook email encryption and verification secured internet communication (eg online banking security) certified digital signature physical access control notebook replacement
records all personal data and settings
14 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
Product Availability and RoadmapProduct Availability and Roadmap
Q4 2006 Q1 2007 Q2 2007 Q4 2007Q3 2007Q3 2006
smart security
interface 3.5
WinNTx
smart security
interface 3.21
pre-boot
smart security
interface 4.0
Vista
smart security
interface
TSS 1.1
smart security
interface 3.5
pre-boot
smart security
interface
TSS 1.2smart security
interface 4.5
Vista
64bit Vista
Macintosh X
Linux Robot
Solaris
TSS 1.2
Win Mobile
smart security
interface 4.0
pre-boot
smart security
interface 4.1
Vista CNG
smart security
interface 4.0
Linux SuSe 9.0
eID card
file structures
javacard applets
ICAO, eGK, ELS…
web update services
card OS integrations
StarCOS 3.0 Micardo 3.0, TCOS 3.0
Javacard 2.1.1/2.2.1
PKCS#15
CNIPA
CNS/CIE
hardware services
Fully integrated
product
15 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023
Customer and Application ReferencesCustomer and Application References
Cryptovision
S-Trust