Re: [Fed-Talk] Re: ExpressCard/34 references
Re: [Fed-Talk] Re: ExpressCard/34 references
- Subject: Re: [Fed-Talk] Re: ExpressCard/34 references
- From: "Timothy J. Miller" <email@hidden>
- Date: Thu, 18 May 2006 09:14:47 -0500
Michael Kluskens wrote:
Just reread the latest IEEE Spectrum magazine. Two new wireless USB
protocols are set to complete in the market place (one is by Motorola
and the other I forget), so you stick your CAC card in a USB card reader
and plug the reader into the wireless USB box and plug the wireless USB
hub into the laptop (or inside it). With a small enough set of parts
you could keep the CAC card on your person and not have any external
parts attached to your laptop. Technically possible.
Don't hold your breath on these. Just look at the RIM bluetooth card
reader to see what had to be done to get NSA approval for CAC operation
over a wireless protocol--after bluetooth bonding, there's a
SecurID-like one-time hash generated and displayed on the reader that
the user has to manually input on the Blackberry before the reader can
be used.
Performing any operations that use a smartcard's private key material
over a wireless protocol Just Isn't Smart(tm). No, the private key
isn't exposed, but the PIN certainly will be as well as potential card
session hijacking. Note that the PIV standard explicitly says that the
contactless card interface will *not* access private key material. Ever.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden