Educause Security Discussion mailing list archives
Re: Use of SmartCards and PKI Components
From: Bill Betlej <bbetlej () MBC EDU>
Date: Thu, 13 Apr 2006 08:13:12 -0400
Jack is right on. I was at an executive briefing yesterday on the Blackboard Commerce System. They indicated that Blackboard would soon we incorporating the "new industry smartcard standards" as a part of their system. Smartcard technology has been around for over a decade, but each vendor had their own standards, and the idea never really took off. The Federal government interest has forced industry standards, and will likely break open the technology in the market place. Looks like you waited until the right time. Bill Betlej -----Original Message----- From: jack suess [mailto:jack () UMBC EDU] Sent: Tuesday, April 11, 2006 10:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Use of SmartCards and PKI Components You might look at the US federal smart card initiative HSPD-12. This will ultimately support many of the things you list. The US federal government will be buying millions of these over the next 18 months which should help drive down the price and increase vendor support. http://smartcard.nist.gov/ jack On Apr 11, 2006, at 5:02 PM, Mike Wiseman wrote:
I'd like to hear opinions or experiences regarding the implementation of PKI/SmartCard systems - particularly for IT security applications like user authentication for VPN, websites, applications, S/MIME usage, document signing, etc. I'm working on a project to implement such a system to provide high 'level of assurance' user authentication for a targetted group of users but it would be nice to support the use of the devices more broadly for those users that need the security. I'm finding increasing maturity in PKI/SmartCard application and platform integration. Support is available in many commercial and open source desktop applications - even OpenSSH and Putty login authentication via X.509 cert/key on a SmartCard is available nowadays. I'm not too interested in using PKI components without the SC container - the institutional user ID/password system provides for this level of security. SC and USB components are relatively inexpensive - $30 - $50 range. The CA operation is another design choice - whether to stand up an internal CA or use a commercial provider. I'm investigating OpenCA at the moment which seems to provide a great deal of functionality. Some of the issues to tackle include automated certificate/keypair renewal, whether to use USB or SC form factors, the use of hybrid cards - multiple technologies on a sigle card for physical security and accounting and how long the USB devices can be expected to last. Mike Mike Wiseman Computing and Networking Services University of Toronto
Current thread:
- Use of SmartCards and PKI Components Mike Wiseman (Apr 11)
- <Possible follow-ups>
- Re: Use of SmartCards and PKI Components jack suess (Apr 11)
- Re: Use of SmartCards and PKI Components Bill Betlej (Apr 13)