On 7/12/07, <b class="gmail_sendername">Martin Paljak</b> <<a href="mailto:martin@paljak.pri.ee">martin@paljak.pri.ee</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 12.07.2007, at 18:43, John Wang wrote:<br><br>> For nationally issued ID documents, I wouldn't be surprised if<br>> government agencies like customs will have readers, but I doubt<br>> most individuals will have readers (that require external hardware
<br>> and software drivers) to use them from their personal computers.<br><br>Many newer laptops have smart card readers built in.</blockquote><div><br>I'm not up to date on this. What percentage of new laptop sales have built-in smart card readers? Do major laptop vendors like Apple, Dell, Gateway, HP and Lenovo include built-in smart card readers in their popular models?
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Many computer<br>sellers in Estonia bundle a card reader with their offer and it costs
<br>about 6€ to buy one from virtually any computer shop in Estonia if<br>your coputer does not have it. Currently roughly 80% of Estonians<br>have an eID card. 50k+ users use it already (I guess daily. And the<br>number is growing fast, expected to reach 300k+ by 2009).
</blockquote><div><br>Thanks for mentioning the Estonia eID project. According to <a href="https://open.id.ee/about/english">https://open.id.ee/about/english</a>, Estonia eID "has not yet been offically
launched and is in public beta phase." I'll read up on this more soon but it is it far enough along to claim success or would it be better to wait and see a bit longer? My guess is the following is a marketing, not technical, claim "Your online identity can never be stolen because your OpenID is
attached to your real identity." Never is a very strong word. One way to make this difficult to steal would be to require biometrics at known/controlled authentication points but even in those situations, compromise can happen. I didn't see any biometric component for the eID so I'm not sure how it would be tied to one's real identity.
<br><br>Also, what do you mean by "bundle"? Is it an external USB device or built right into the computer as an internal, unremovable (except with screwdriver) component? I'm not sure about the eID project but just giving free external readers to people hasn't been successful in getting them to use them in the past.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Most institutions that actually bite security (like banks) already have<br>their internal smart card rollouts for years I guess.
</blockquote><div><br>Internal roll out is a bit different than consumer use on an external network. Smart cards and other authentication devices that require infrastructure upgrade are typically more successful when the issuer also controls the infrastructure, however this isn't the case with consumer PCs attached to the Internet. If they have had successful rollouts, I imagine they would be talking about them and we wouldn't have to speculate. Which major banks of done this successfully?
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Looking at usage patterns you are looking from a different view point<br>- government stuff does not mean 'only those who can be forced to use
<br>shall use them' - people buy stuff if it helps them do something more<br>easily. Digital signatures and e-services enabled by having strong<br>authentication are something that allow me to live in my summer<br>cottage all summer and never leave it as I can do most 'paperwork'
<br>over the internet. Securely. I save 2x the price of the reader if I<br>don't have to go to the city for some 'official stuff'.</blockquote><div><br>I'm sure most of the people on this list can be classified as "early adopters" but will it pass the "grandmother test"?
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">You will buy a reader if you have something to do with it.<br><br>> After all, why don't end users have magstripe readers for credit
<br>> cards with their personal computers today?<br>> The hardware as been available but I don't think the benefits<br>> justify the additional costs.<br><br>Magnetic stripes is not a technology to compare with smart cards
<br>(even though you can find them both on credit cards) Magstripe is<br>just a way of 'reading data' whereas smart cards provide actual value<br>(crypto) not just a bunch of bits to blindly read.</blockquote><div>
<br>They are different in terms of technology but they have the same reader issues from an end user perspective. People have been trying to get Internet users on smart cards for over 10 years.<br><br>I'll leave the future predictions alone for now but it would be interesting if they do take off. I'm also waiting for the day we can automatically split group lunch costs and "beaming" money to the restaurant instead of using cash. That would be cool IMO.
<br></div></div><br>-- <br>John Wang<br><a href="http://www.dev411.com/blog/">http://www.dev411.com/blog/</a>