Identity Experiences & Ideas: Sykipot Update

Tuesday, January 17, 2012

Sykipot Update

As I mentioned in my last post - one of my concerns was the possibility that a hacker could leverage the PIN access and the card update capability of the ActivClient to introduce malware on the card. After some investigation it appears that with the use of the Global Platform implementation it would be an extremely complex feat to execute. I do not believe it is impossible but the level of effort does not appear to have been taken and it would only be capable of happening during an actual card update which in most cases would be CMS initiated. There does not appear to be anything the data that has been released to indicate that there is a trigger for the action - so maybe one less concern.

No comments:

Subscribe to: Post Comments (Atom)

Who I am ....

An interesting thing on a blog about identity .... who is the author?

Well .... I guess it is a case where you want to divulge enough to have people stay interested but not too much as to create an identity issue.

I started in the data communications arena in the earlier part of the '80s. My first foray into security was helping solve an accounting issue in a switch at the German Bundespost. For the next few years after that I applied all those years of math, graph theory and computer science logic to designing data networks for banks and governments around the world.

In the early-mid '90s I was giving the opportunity to get involved with public key technology and have spent the last 20 plus years helping organizations and governments on the technical, application and policy side of "federated" identity. Over the last few years I have continued work on identity but now beyond PKI.

There is so much potential here ... we just need to be logical ... and not just technically logical but also logical in implementation and operational ideas and logical in considering what it is that people want and need.

Check the link in Datapoints below for "More About Me"