Way back when I wrote about The Neb. The basic idea here was that you can’t trust your PC, so you should have a separate trusted device (The Neb) which is used only for final authorisation of transactions – all the work of getting the transaction set up is done on the untrusted PC. The core point being that The Neb has to include UI, because the user cannot trust what their PC tells them the trusted device is going to do (this is why the often-touted smartcard is a crap answer to the problem).
IBM’s version isn’t quite the same as my vision of The Neb, though – in their case, all data is routed through the ZTIC, which tries to guess when you’re about to send something you might wish you hadn’t. In The Neb’s case, only the data relating to the final transaction is sent to The Neb, explicitly, by the server, which then displays it and, if the user agrees, signs it. Their version has the advantage of requiring the server only to start supporting client certificates (and refusing connections without them, I guess) but the disadvantage that what they intercept and display is bound to be somewhat ad hoc. The Neb requires more support from the server, but can’t get confused about what is going on.