[rdl]

The awesome/amazing thing is you can actually do this in properly designed systems -- the key is generated on a separate processor (or, on some ARMs, in a special processor mode), and inaccessible directly to everything else; it can only be used to do operations. If you're superbadass, you can let it put some kinds of access control logic inside the trusted envelope too, so you can rate limit requests, or do additional checks (i.e. "you can't sign a request to pay a bitcoin unless the request signature is valid AND the bitcoin address has >4x that amount, or 2 weeks pass after posting public notice...").

HSMs can do this (no one really does, though); smartcards can too. The problem is no one wants to physically plug a smartcard into a phone, so you're stuck using stuff physically built into the phone. The alternative would be a bt 4.0 le cardholder which talks to the phone, and contains either an internal smartcard or a smartcard slot.

For DOD, there's a badgeholder for the CAC which speaks bluetooth (old, 2.1 I think) to the RIM Blackberry. Updating that to 2013 to work on the iPhone would be pretty awesome, using 4.0le, particularly with a decent smartcard (not sure what the state of the art is; I remember screwing with old javacard stuff with the iButton which sucked.)

[limmeau]

"no one wants to physically plug a smartcard into a phone"

SIM cards come to mind.