Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Smart Card Authentication in Mixed Environments? 11

Posted by Cliff from the life-does-not-consist-of-only-one-monolithic-OS dept.
Rednerd asks: "I've been looking into Smart Cards as a good alternative to password authentication but other than the ISO 7816 standard there doesn't seem to be a lot of standards that govern the use of these devices. It seems pretty clear that if I was working in an all Sun, or Microsoft environment implementing a network wide Smart Card solution would be simple, but there doesn't seem to be a lot of heterogeneous Smart Card support out there. I was wondering what kind of experience slashdot readers have had with Smart Cards in mixed environments? What cards and card readers seem to work the best? How have remote users dealt with the use of Smart Cards?"
This discussion has been archived. No new comments can be posted.

Smart Card Authentication in Mixed Environments? More

Smart Card Authentication in Mixed Environments?

Comments Filter:

  • What a great idea! (Score:3, Funny)

    by tunah ( 530328 ) <sam&krayup,com> on Saturday December 29, 2001 @06:01AM (#2761891) Homepage
    Seen in the war room:

    Exec 1: We've been having problems with unauthorised access.

    Exec 2: Yes, the employees are using the word 'password' or their login names as their passwords.

    Exec 1: And the employees that *do* use secure passwords can never remember them.

    Exec 2: Yes, employees are stupid. They need Smart Cards to make them Smart!

    Exec 1: And I need a new car!

  • Careful... (Score:4, Informative)

    by Crazyscot ( 9227 ) <crazyscot@@@gmail...com> on Saturday December 29, 2001 @07:47AM (#2761954) Homepage
    Are you proposing to use a smartcard alone to authenticate a login? Make sure you understand the security properties of what you're trying to achieve.

    A card is something you have, not hugely secure (easy to lend/steal, though easy lendability might be an advantage in some situations) unless combined with something you know (eg. passphrase) or something you are (insert the usual biometrics worries here.)

    If you want to build such a system yourself, GemPlus [gemplus.com] cards are very popular, also check out the smart cards division of Schlumberger [schlumberger.com]. You can get RS232-connected card readers (sorry, the make escapes me); I'm not in touch in this field, but I'd be surprised if there weren't USB-connected and keyboard-embedded readers too.

    • Re:Careful... (Score:4, Insightful)

      by larien ( 5608 ) on Saturday December 29, 2001 @11:34AM (#2762204) Homepage Journal
      Yup, there are USB and keyboard devices. Where I work, we use smart cards in Win2K and Compaq keyboards with inbuilt card readers. Even the laptops have a card reader builtin. For older hardware being reused, there are external USB or serial readers available, but you really want to use the USB versions as they are apparently much faster than the serial or keyboard devices.

      Oh, and we have to have a PIN (it says PIN, but it's really a password) to log in as well, to prevent card theft being an easy back door into the system.

    • I have the netsignia 210 smart card reader / programmer by litronic, it is a serial device.

      I have seen the native support for windows login in win 2k and Windows XP claims to support it w/o 3rd party software but I have yet to see it work with the above reader. Litronic wants you to purchase "netsign", which is around 70$ per liscense.

      If you find a way or get win xp to login with a smartcard / pin let me know.

      There is an open source movement for linux (might work for most unix os's) that was started by the university of michigan. (look at my ask slashdot from a little while back about xp login, there is a reply about the UM soultion).

      One cross platform thought would be to have an Active directory / domain controller for smart card login (yea ms sucks I know).

      Also lookin to the new smartcards that have thumbprint scanners on them (instead of the pin), they came out this year at comdex from siemens.
  • Have a look at OpenCard [opencard.org] and e.g. iButtons [ibutton.com]
  • First, there is almost no demonstrable ROI for using smart cards for logon only. You are better off looking into time-based tokens (SecurID, Defender, etc.) as they are cheaper, easier to maintain, suport and administer, and better supported as an OS authentication method.

    If you are set on cryptographic smart cards (my assumption), then you need something else to drive ROI. The easiest thing is to look at using cards for logon and S/MIME. The other way to go is to use the physical smart card an physical access device (HID and Honeywell can embed coils into the smart card).

    Not to pick, but whenever I see this question it scares me. It typically means that someone is more infatuated with the technology than with really trying to solve a business problem.

    Please, feel free to refute me if you think there is an ROI for smart card logon. I've never seen it.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close