I like those, but I really really want something which can do bt 4.0le with an existing pairing (stronger than just bluetooth 4.0 le security, though) between my host (ideally, mac/win/linux desktop/laptops, also phones) and the device, with some level of on-device logging, access control, etc.
A type 2 pinpad + openpgp smartcard might be the best practical thing right now -- a PIN on the card, plus a passphrase from the host (I think you can require both?). Type 3 showing a hash of what you sign, or a serial number of number of signs, would be even better.
The GPF cryptostick (usb) is also nice -- I think you could also take the Werner smartcard and cut it down to a smaller size for a USB stick sized reader. Sadly GPF stick 1.2 is out of stock everywhere.
Yeah, I guess I just don't trust smartcards all that much from a hardware security perspective, vs. modules with battery inside a metal envelope. I'm sad Maxim/DS killed the Crypto iButton line -- it was a great compromise between smartcard cost ($20-30) and HSM physical security. The software was never great, though.
A type 2 pinpad + openpgp smartcard might be the best practical thing right now -- a PIN on the card, plus a passphrase from the host (I think you can require both?). Type 3 showing a hash of what you sign, or a serial number of number of signs, would be even better.
The GPF cryptostick (usb) is also nice -- I think you could also take the Werner smartcard and cut it down to a smaller size for a USB stick sized reader. Sadly GPF stick 1.2 is out of stock everywhere.