This exercise is to discuss secure means of signing documents with equipment that the consumer would find convenient and economical. Some of the schemes are good enough for high security applications. I think that solutions to the signature problem also support privacy via crypto. I will try not to require this however.

Here are several design points. There are many variations on these.

Secure OS on standard personal computer.
This is the high end solution. It is expensive to implement and solves many other problems. Various accommodations for legacy applications are possible.
Dual boot system.
This is much more modest and presumes a protected medium from which to boot a simple application with no substantial OS. This application would perform the narrow job of showing the operator what is to be signed and then signing the document. Dismounting the medium while untrusted OSes are running protects the medium’s contents. Checks to be signed and signed checks can be passed back and forth either in RAM or disk.
Dedicated personal computer
In this scheme an ordinary low end computer costing much less than $1000 is devoted to signing. It communicates with the untrusted computer by conventional means, Infra Red, Start-Stop, or Ethernet.
Dedicated Pilot
A pocket version of the above dedicated PC. It displays text to be signed.
Pilot with rudimentary trusted OS.
This would provide enough function to run untrusted applications. This scheme presumes some trusted OS that provides an API suitable for the major Pilot applications.
Contrasting the trusted OS for the PC and Pilot:
Keykos plus OS emulation would do. I am not now aware of a much simpler scheme.
OS emulation is much easier here. There is no disk to swap to and many features of Keykos would be impossible and inappropriate. I don’t know just what the shape of such a system would be. The strategy would need to take advantage of some doubling of system RAM as there is no other way to gain the extra storage. I would guess 20 to 50 kB of storage for the OS plus whatever crypto applications.


The bottom line involves some form of paranoia. Just because you are paranoid doesn’t mean you don’t have enemies. I am sure that companies that sell protection learn to phrase things positively. I won’t try here.

A marketing strategy to induce paranoia seems crude. Here are some products to protect against various kinds of crime:

Those examples come with scare statistics that you can quote. I have not seen real numbers for loss due to computer crime. It is widely believed that such loss is little discussed. The net effect is that it is difficult to make a quantitative case for protection against computer crime.