Here are several design points. There are many variations on these.

Secure OS on standard personal computer.

This is the high end solution. It is expensive to implement and solves many other problems. Various accommodations for legacy applications are possible.

Dual boot system.

This is much more modest and presumes a protected medium from which to boot a simple application with no substantial OS. This application would perform the narrow job of showing the operator what is to be signed and then signing the document. Dismounting the medium while untrusted OSes are running protects the medium’s contents. Checks to be signed and signed checks can be passed back and forth either in RAM or disk.

Dedicated personal computer

In this scheme an ordinary low end computer costing much less than $1000 is devoted to signing. It communicates with the untrusted computer by conventional means, Infra Red, Start-Stop, or Ethernet.

Dedicated Pilot

A pocket version of the above dedicated PC. It displays text to be signed.

Pilot with rudimentary trusted OS.

This would provide enough function to run untrusted applications. This scheme presumes some trusted OS that provides an API suitable for the major Pilot applications.

PC

Keykos plus OS emulation would do. I am not now aware of a much simpler scheme.

Pilot

OS emulation is much easier here. There is no disk to swap to and many features of Keykos would be impossible and inappropriate. I don’t know just what the shape of such a system would be. The strategy would need to take advantage of some doubling of system RAM as there is no other way to gain the extra storage. I would guess 20 to 50 kB of storage for the OS plus whatever crypto applications.

Markets

A marketing strategy to induce paranoia seems crude. Here are some products to protect against various kinds of crime:

• Alarm systems such as that used at Agorics
• the thing that you put on a car’s steering wheel to prevent theft