charismathics tech networking for earth. 2 oasis london, nov 27th and 28th 2006, sven goßel,...

charischarismathicsmathics tech networking for earthtech networking for earth

2 OASIS London, Nov 27th and 28th 2006, Sven Goßel, 19. Apr 2023

Desktops

Laptops

USBMemory

PalmPocketPC

BlackBerrySmartPhone

1995 2000 2005

Look at this growth over the past decadeLook at this growth over the past decade


The funny story about PKI smart cardsThe funny story about PKI smart cards

SIM cards in mobile phones represent ¾ of the market – token prices are cheap as never before

since 10 years, most of all players lost a fortune – and is yet investing huge amounts

with 1Bn PCs and notebooks installed – not more than 15mio PKI tokens are issued worldwide in 2006

PKI management systems are fully standardized – yet PKI tokens are not

Bill Gates called for the “end of passwords” – but nobody cares


OK – but why doesn´t this market fly?OK – but why doesn´t this market fly?

Here are a few “market analyst” reasons:

technical standards have evolved only the past 3 years PKCS#11 of RSA Labs was only freezed in 2003 Microsoft never really cared

secure data carrier never had enough performance

the worldwide number of suppliers is very small

privacy in computer systems is an elite issue

investments in security do not sell other than in large organizations

. . . . .


But the most important reason:But the most important reason:

Hardware and

Software are two different

worlds


A PKI token is a complex systemA PKI token is a complex system


The current market environmentThe current market environment

Most smart card and token vendors try to lock customers all software vendors and ASPs suffer by regular software

maintenance requirements each proprietary software interface is different each new chip generation multiplies number of supported

versions user typically has more than one token and more than one

reader log-on device (usually company ID card) using private PKI digital signature token

software user interface has to comply with specification standards usability vs. legal requirement

copy protection to avoid using it as standard middleware without license


charischarismathicsmathics Competence MapCompetence Map

data security IC

software

hardware services

business cases

customizationprofessional services

biometrics platforms

identity management


Technology Partners & AlliancesTechnology Partners & Alliances

hardware: Eutron Infosecurity, Bergamo, Italy OTP: Vasco Data Security, Brussels, Belgium PKI: ECOS, Mainz, Germany smart card software:

Siemens MED, Erlangen/Munich, Germany IBM, Zurich, Switzerland Trusted Logic, Versailles, France

smart card reader SCM Microsystems, Fremont CA, USA Omnikey, Wiesbaden, Germany

semiconductors Infineon Semiconductors, Munich, Germany NXP, Eindhoven, The Netherlands

software vendors: all major hard disk encryption software vendors all major VPN software vendors


smart security interfacesmart security interface©©


pre-boot

support

modules

CSSI software structure: a layer conceptCSSI software structure: a layer concept

application interface

web update interface

smart card interface modules

smart card hardware

SigGCNSeID

PKCS#15

charismathicsprofiles

any other profile

CardOS

4.x

TCOS2.03

JCOPjTOP

3rd party modul

e

other

Adobe Acrobat

application interface

3rd party modul

e

otherACOS

StarCOS

Internet Browser

Other Applications

Infineon

TPM

TSS Syste

mServic

e

otherTPM

genericTSS 1.2 API

MS Outlook

genericCSP module

genericPKCS#11


Microsoft follows the same conceptMicrosoft follows the same concept

extending the current CSP software module to a PKCS#11 comparable interface “base CSP” is nothing but a MS-CAPI patch includes now PIN change etc. all smart card IC vendors need to adapt their interface

Windows Update platform will automatically provide the modules no Microsoft certification required any more

self-signed soft token will be given inside Vista SUN already has this PKCS#11 already defines this

Charismathics CSP already offers all future MS functions smart card software modules already exist

Essentially Microsoft just tries to fill the gap: Smart cards had a low priority over the last 4 years.


plugńćryptplugńćrypt© © USB application examplesUSB application examples

end-user friendly product plug-and-play: pre-installed software allows full device mobility all PCKS#11 applications will run automatically software development focus is function and usability flash memory provides mass data storage capability

corporate security VPN access management hard disk encryption

Outlook email encryption and verification secured internet communication (eg online banking security) certified digital signature physical access control notebook replacement

records all personal data and settings


Product Availability and RoadmapProduct Availability and Roadmap

Q4 2006 Q1 2007 Q2 2007 Q4 2007Q3 2007Q3 2006

smart security

interface 3.5

WinNTx

smart security

interface 3.21

pre-boot

smart security

interface 4.0

Vista

smart security

interface

TSS 1.1

smart security

interface 3.5

pre-boot

smart security

interface

TSS 1.2smart security

interface 4.5

Vista

64bit Vista

Macintosh X

Linux Robot

Solaris

TSS 1.2

Win Mobile

smart security

interface 4.0

pre-boot

smart security

interface 4.1

Vista CNG

smart security

interface 4.0

Linux SuSe 9.0

eID card

file structures

javacard applets

ICAO, eGK, ELS…

web update services

card OS integrations

StarCOS 3.0 Micardo 3.0, TCOS 3.0

Javacard 2.1.1/2.2.1

PKCS#15

CNIPA

CNS/CIE

hardware services

Fully integrated

product


Customer and Application ReferencesCustomer and Application References

Cryptovision

S-Trust

charismathics tech networking for earth. 2 oasis london, nov 27th and 28th 2006, sven goßel,...

Documents

oasis london

sven goel

earth slide

license slide

germany smart card software

smart security interface

token vendors

netherlands software