http://armdevices.net/2010/03/06/arm-powered-mobile-payments/ Blog on ARM Powered® devices Tue, 07 Sep 2010 04:10:00 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://armdevices.net/2010/03/06/arm-powered-mobile-payments/comment-page-1/#comment-2273 Alban Rampon Tue, 09 Mar 2010 16:57:54 +0000 http://armdevices.net/?p=949#comment-2273 Hi David,<br>TrustZone could be called a special environment to which access is regulated. As this is embedded, in order to clone it you would need to reverse engineer at the die level = deprocess the chip.<br>This is not a matter of obscurity, but this way any keylogger or trojan would be useless and that is the point: working in a safe known environment.<br>Cheers, Alban. Hi David,
TrustZone could be called a special environment to which access is regulated. As this is embedded, in order to clone it you would need to reverse engineer at the die level = deprocess the chip.
This is not a matter of obscurity, but this way any keylogger or trojan would be useless and that is the point: working in a safe known environment.
Cheers, Alban.

]]> http://armdevices.net/2010/03/06/arm-powered-mobile-payments/comment-page-1/#comment-2147 Charbax Sun, 07 Mar 2010 17:53:21 +0000 http://armdevices.net/?p=949#comment-2147 If I understand this correctly, the PIN is only between you and the phone. So for example someone stealing your phone cannot use it to transfer money or authenticate unless they know your 4 digit pin code. The secure thing towards the web app happens at another highly encrypted level in the hardware which I think is not connected with your pin code. I'd rather have one pin code for net banking, payments, another pin code for all my web apps, than having to type in passwords on web browser sessions and have to think of having a different password for each site for it to be secure, and regularly change the password. If I understand this correctly, the PIN is only between you and the phone. So for example someone stealing your phone cannot use it to transfer money or authenticate unless they know your 4 digit pin code. The secure thing towards the web app happens at another highly encrypted level in the hardware which I think is not connected with your pin code. I'd rather have one pin code for net banking, payments, another pin code for all my web apps, than having to type in passwords on web browser sessions and have to think of having a different password for each site for it to be secure, and regularly change the password.

]]> http://armdevices.net/2010/03/06/arm-powered-mobile-payments/comment-page-1/#comment-2146 David Ashwood Sun, 07 Mar 2010 17:16:54 +0000 http://armdevices.net/?p=949#comment-2146 Security through obscurity isn't.<br>Tied to the phone? Phone cloning has been around for a long time.<br>People do reuse passwords but they also reuse PIN's - what would you rather have a 7+char password or a 4 char pin? Security through obscurity isn't.
Tied to the phone? Phone cloning has been around for a long time.
People do reuse passwords but they also reuse PIN's – what would you rather have a 7+char password or a 4 char pin?

]]>