If you tell enough stories, perhaps the moral will show up.


Nationwide Token Delivery

Huge excitement when Mrs U received a smartcard reader for her Nationwide online banking. (OK -- I was excited, and that'll do for the purposes of this post.) It's cheap and nasty -- made in PRC -- and she doesn't have much money in that account , so it looks like an all-customers rollout. I hope it's the proper APACS EMV style job that'll work on any UK payment smartcard. It would be too depressing if they fucked this up with proprietary gimmicks.

I'm really impressed by the potential of the smartcard+disconnected reader combo. It really opens up potential to use the same token -- the card -- for authentication on the PCs (directly with attached USB card readers), authentication on the SSL VPN with untrusted clients (no drivers needed with a disconnected reader and a OTP app on the card), and a building pass with HID coils built into the card. When I'm back at work, I hope to have some integrators lined up to show me what they can do.

No comments: