so an idea about physical payment token arised on irc,
main points
* keypad for pc independent pin code entry
* cheap 7seg screen for payment sum confirming
* prom for program memory(possibly a protected ucontroller) to guarantee uninfected device side software
* eeprom for wallet.dat(encrypted with decryption key only on prom with read disable keys switched on prom)
* some communications with pc to get payment data for user to confirm and to sysnc wallets
benifits
* protection against infected pc, private keys never leave the device
* over the counter payment
pitfalls
* even protected ucontrollers are suspectible to power use analyzis, and other grazy hackery eg like this
http://www.bit-tech.net/news/bits/2010/02/10/tpm-security-cracked-wide-open/1* nothing protects against
http://xkcd.com/538/http://groups.google.com/group/bitcoincardhttp://bitcoincard.wikispot.org/Front_Page