We believe that the corrupt point-of-sale terminal problem to be a major challenge for using smart cards in electronic commerce. We have begun a discussion of potential solutions by discussing equivalences among varying types of I/O-enhanced smart cards and the types of protection they provide.
We also believe that these mechanisms could also find applications outside of POS transactions. For example, consider the key management case: Imagine that a user has a portable device (such as a smart card) with a private key (for asymmetric) for electronically signing documents. How can the user make sure that his or her device only signs the document that he or she approved?
Our informal calculus of equivalences is meant to be suggestive instead of a formal reasoning method for smart card security. However, we believe that this notation could be formalized, and that the process of making it mathematically rigorous may illuminate further issues in the use of smart cards in hostile environments.