[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] PECSENC denkt ueber Beschraenkungen bei SmartCards nach

[Das President's Export Council Subcommittee on Encryption (PECSENC)
des U.S.-Praesidenten hat gestern, am 14. Mai 199 in oeffentlicher
Sitzung getagt. Einige Papiere dazu sind jetzt auch on-line
verfuegbar. Einer der interessanten Aspekte scheint offenbar auch zu
sein, dass man in den USA ueber regulatorische Zugriffe auf die
SmartCard-Industrie nachdenkt, da die Crypto-Faehigkeiten auf
Chipkarten einigen leuten unheimlich werden.                 -AHH]


-------------------------------- CUT --------------------------------

[Attachment 3] 

                                        SMART CARDS 


The nature of computing changes day by day. one of the more obvious
changes has come in the size of what can be called a computer. No
where is this more evident than in the smart card technologies. 


In this environment the issues include: 

     1. What would cause the DOC/BXA to want to regulate smart cards? 

     2. What would be the objectives of such regulation? 

     3. What would be the market impacts of those objectives? 

     4. What would be the risks to current encryption export policies
     of not regulating smart cards? 

     5. What would be the risks to current encryption export policies
     of regulating smart cards? 

     6. Would export controls be imposed based on the architecture of
     the IC; i.e., cryptographic co-processor? 

     7. Are smart cards covered by the personal use exceptions? 

     8. Would smart cards used to transport encryption keys be

     9. Is it necessary to regulate smart cards, because the
     cryptographic keys are likely recoverable using timing attacks,
     differential power analysis, static power analysis, or other
     physical attacks? 

     10. Would the IC or the software on the card to be regulated?

     11. If smart cards are to be controlled are current policies
     sufficient to regulate smart cards? 

     12. How would such regulations be implemented? 

     13. Most smart card applications use cryptography for
     authentication. What would be required to document that those
     applications could not be converted to alternative use
     applications such as confidentiality? 

     14. Who would be responsible for compliance, the application
     owner or the cardholder? 


-------------------------------- CUT --------------------------------