Ward Vandewege wrote:
This. It's called 'remote attestation' (https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation). An obvious (first?) application will be your bank, which will refuse you access to their online banking system unless you run a 'trusted' software stack.
Yes and no - software is not the core business of banks, so they most likely prefer *not* to have to deal with these things, including customer support.
They simply buy solutions, such as Vasco DigiPass, and/or crypto chip cards. A progressive bank might have an IT department that actually develops an iOS app, but I think that will be about it.
There are some highlights however;
In Sweden, banks accept government-issued eIDs for login, as long as they follow the BankID coalition spec. There is an open source and free software implementation of this, which does allow to use any token or chip card supported by OpenSC.
In Germany, banks support a public API for home banking, for which it also exists at least one open source and free software implementation that works fine with the chip card issued by the bank again via OpenSC.
//Peter