If these results are true, then one might imagine that the offices of smart card companies would be besieged by banks and merchants. Indeed, earlier this year the analysts Frost & Sullivan forecast that the authentication of consumers on the Internet will be the next large growth area for chip cards. But some people (eg, me and Bill Gates) have been thinking this for a long time and nothing has happened.
Now, I’ve always thought that pushing security off the end of the Internet and into smart cards is the best way forward for all parties. The cost of securing PCs is prohibitive and the only way to do it properly and economically is the addition of tamper-resistant hardware. This was recognised some time ago — remember Microsoft’s Palladium vision — and remains completely sensible (if implemented properly). But why the tamper-resistant hardware should be in the PC as opposed to in your wallet or (more likely) in your phone I don’t understand. It would be nice to walk up to any old PC and by waving your phone over it make it (securely) yours. NFC makes this feasible, by the way, and it may yet transpire that authentication for the Internet becomes a major driver for NFC deployment.
In the meantime, USB or secure memory looks most promising with OATH-compliant flash drives hitting the street. But as they roll out into offices and homes, the issues of brand, trust and the like come into focus as the technology problem fades away.