- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 06 Nov 2013 04:10:37 +0100
- To: Web Payments CG <public-webpayments@w3.org>
Through my TrustedComputingGrouop membership I just got an entirely different solution the trusted UI/chrome issued created by GlobalPlatform. It's essentially the same system pushed by Intel as IPT (Identity Protection Technology) which among a number things _bypasses_the_operating_system_ by (temporarily) taking over the keyboard and screen. To make the scheme less susceptible to spoofing user-defined information information is also displayed such as a picture of something personal. http://www.intel.com/content/www/us/en/architecture-and-technology/identity-protection/protected-transation-display.html So it seems that there are three quite distinct approaches on the table: - The "sledge-hammer" approach (pardon me GP and Intel...) outlined above - White-listing mentioned by Manu and Kumar - Yours truly's K2C (Key to Code) scheme for making spoofed data "useless" Given these facts, I would be pretty cautious making trusted chrome a part of a possible payment standard. The white-listing concept seems to currently lack a write-up doesn't it? Anders
Received on Wednesday, 6 November 2013 03:11:10 UTC