**The Design of a Reasonably Secure Digital Computer System**

**(version 2.0)**

**(...continued from the previous post...)**

=== Discussion ===

=== Discussion ===

A reader of this article might wonder: what exactly was proved, and what are all the assumptions? This article isn't attempting to prove that the secure-system-1 can be implemented by available technologies and simultaneously satisfy the

**requirement of a secure system**and resistance to

**susceptibility-to-inquisition**. Instead, this claim is taken as something to be examined, or constantly refined, depending on the changing conditions of the known technologies.

The description of the secure-system-1 has been made such that we expect it to be relatively simple to prove that the secure-system-1 can satisfy the

**requirement of a secure system**. At the same time we expect it to be possible, by currently available technologies, to create a physical implementation of secure-system-1 that is "sufficiently" resistant to

**susceptibility-to-inquisition**(the word "sufficiently" is not well defined here; it depends, at least, on some unspecified context).

We expect a physical implementation of

**secure-system-N**to be achievable by currently available technologies, inexpensive, suitable for mass-production, and "sufficiently" resistant to

**susceptibility-to-inquisition**.

What this article argues is that the secure-system-1 can be divided into any desired number of discrete components which form the secure-system-N, where the functionality of the secure-system-N can be made to exactly match the functionality of the secure-system-1, while at the same time secure-system-N retains all the security properties that the secure-system-1 had. When dividing secure-system-1 into multiple components, the security properties of the secure-system-1 can be retained by the use of a symmetric key cipher and write-only nvRAM.

One important aspect of the discussion is the interface between the user and the secure-system-N. This article has described some simple and reasonable means of making that interface secure, which primarily reduces to providing some low-effort method that makes the interface between the user and the secure-system-N immune to man-in-the-middle attacks.

While outside the scope of this article, it can be noticed that the properties of the secure-system-N are very similar to the properties of the user. When the trivial differences between them are ignored, it can be observed that the user and his secure-system-N form a

**secure cybersystem**, which can be perceived as a one whole, where the property of security is retained by denying the capabilities of a man-in-the-middle on the easily accessible internal interfaces of the secure cybersystem.

Another important aspect of this article is that it provides a description of a reasonably secure and practical secure-system-N. As an ideal, the secure-system-N can be compared to the actual systems of today. In this comparison, a reader can quickly find out where the systems of today are lacking in security when compared to the secure-system-N.

(the end of the article)

## Comment