Re: Use of SmartCards and PKI Components

[jack suess <jack () UMBC EDU>]

You might look at the US federal smart card initiative HSPD-12. This
will ultimately support many of the things you list. The US federal
government will be buying millions of these over the next 18 months
which should help drive down the price and increase vendor support.

http://smartcard.nist.gov/

jack

On Apr 11, 2006, at 5:02 PM, Mike Wiseman wrote:

> I'd like to hear opinions or experiences regarding the
> implementation of PKI/SmartCard systems - particularly for IT
> security applications like user authentication for VPN, websites,
> applications, S/MIME usage, document signing, etc.
>
> I'm working on a project to implement such a system to provide high
> 'level of assurance' user authentication for a targetted group of
> users but it would be nice to support the use of the devices more
> broadly for those users that need the security. I'm finding
> increasing maturity in PKI/SmartCard application and platform
> integration. Support is available in many commercial and open
> source desktop applications - even OpenSSH and Putty login
> authentication via X.509 cert/key on a SmartCard is available
> nowadays. I'm not too interested in using PKI components without
> the SC container - the institutional user ID/password system
> provides for this level of security. SC and USB components are
> relatively inexpensive - $30 - $50 range. The CA operation is
> another design choice - whether to stand up an internal CA or use a
> commercial provider. I'm investigating OpenCA at the moment which
> seems to provide a great deal of functionality.
>
> Some of the issues to tackle include automated certificate/keypair
> renewal, whether to use USB or SC form factors, the use of hybrid
> cards - multiple technologies on a sigle card for physical security
> and accounting and how long the USB devices can be expected to last.
>
> Mike
>
>
> Mike Wiseman
> Computing and Networking Services
> University of Toronto