Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Interesting TPM blog:

http://www.opensubscriber.com/message/muscle@lists.musclecard.com/2244289.html

Re: [Muscle] 7816 TPMs from China?
Peter Williams
Thu, 29 Sep 2005 07:35:02 -0700


The infamous ST micro TPM also has a "7816" feature. Various subtle signals suggested the SINOSUN design team was influenced by the ST architecture: or, there was OEMming involved.


its just not clear in either high-level spec (from the SinoSUn or ST) whether the 7816 is for connecting TO smartcards, or is an alternative to the LPC bus interface.


For the bio _reader_ market, where the TPM plays the role of the traditional Gemplus reader controller, it would make sense for the reader-TPM to have

(a) an USB SIE
(b) support for some TPM-specific USB class of endpoint support
(c) GPIO/SPI for interfacing to the finger sensor
(d) OUTBAND 7816 to interface, classically to a 7816 device in module form.


Whether the 7816 channel could be used to interface (on a staked die, perhaps) to an 7816 co-processor PERFORMING part of the TPM function is presumably a matter for the TPM firmware, on the 8bit controller.

We could see this category of reader chip as either:

(a) the TPM chip performs the role of a traditional reader + SAM(s)

(b) the TPM chip interfaces to another TPM on the _inserted_ card of a user, over 7816, in some way, supporting a partioned, Network-TCB architecture (c) (a) and (b) merge somehow, when core TPM functions "recognize" SAM modules.


I asked the govt sales rep from Wave Systems about this notion: shall a TPM talk unto a smartcard? I got a cagey answer; but he did admit that "work was ongoing". I asked the question: can motherboard TPM ever support authenticating a user id token, bound to the OS via CCID. I didnt ask about the SAM concept, tho, for PC readers or phones/PDAs.


I know one software company that is doing javacard + GPIO work, for a major chip manufacturer. In fact, they specifically mentioned the device was was "firmware + GPIO", PLUS javacard capability, rather than javacard shall drive the GPIO directly. That could reflect a "TPM + Javacard SAM" multiple die controller, if you think about it.


Interesting. Ill go digging some more, with a local expert in TPM + bio goings on.




From: Axel Heider <[EMAIL PROTECTED]>
Reply-To: MUSCLE <muscle@lists.musclecard.com>
To: MUSCLE <muscle@lists.musclecard.com>
Subject: Re: [Muscle] 7816 TPMs from China?
Date: Thu, 29 Sep 2005 14:50:29 +0200

Peter,

> Now, for the internal China market, we have (from a local
> China designer/manufacturer)

> https://www.trustedcomputinggroup.org/ShowcaseApp/sh_catalog_files/4b16e66a5d4ad26ea97bc62d52efc792095d0211/SSX35%20Product%20Description%20-%20Summary%20Mar.05.pdf
> So, do we now have a 7816 interface to TPMs?
> Presumably, there is a set of APDUs too? are they standardized in any
> forum?

That sounds really interesting. I've looked at their website
http://www.sinosun.com.cn , but it does not contain much more
information. Anyway, "serial interface in conformance to
ISO 7816 Standard" sounds a little bit strange to me without
giving further details. Does not say anything about APDUs - maybe
they refer only to electrical characteristics. This could mean,
that a modified smartcard reader firmware (which allows sending
not only APDUs, but also TPM commands according to the published
TCG specs) could be used to access the chip.

So far, I'm not aware of any APDU standards from TCG. On the other
side, putting TPM commands in ISO7816 APDUs could work. The question
remains, if (or in which scenario) a smartcard-TPM would really make
sense, because it is no longer fixed to a specific platform. In this
case, I can see no real advantage compared to existing smartcards.

If you get further information about this SSX35 chip, it would ne nice
if you post them here or notify me.

--
mfg Axel Heider

Civilization is just a temporary failure of entropy.
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle