Smart Card Authentication in Mixed Environments?

Posted by Cliff on Friday December 28, 2001 @09:22PM from the life-does-not-consist-of-only-one-monolithic-OS dept.

Rednerd asks: "I've been looking into Smart Cards as a good alternative to password authentication but other than the ISO 7816 standard there doesn't seem to be a lot of standards that govern the use of these devices. It seems pretty clear that if I was working in an all Sun, or Microsoft environment implementing a network wide Smart Card solution would be simple, but there doesn't seem to be a lot of heterogeneous Smart Card support out there. I was wondering what kind of experience slashdot readers have had with Smart Cards in mixed environments? What cards and card readers seem to work the best? How have remote users dealt with the use of Smart Cards?"

1 of 11 comments (clear)

Min score:

Reason:

Sort:

Careful... by Crazyscot · 2001-12-28 23:47 · Score: 4, Informative

Are you proposing to use a smartcard alone to authenticate a login? Make sure you understand the security properties of what you're trying to achieve.

A card is something you have, not hugely secure (easy to lend/steal, though easy lendability might be an advantage in some situations) unless combined with something you know (eg. passphrase) or something you are (insert the usual biometrics worries here.)

If you want to build such a system yourself, GemPlus cards are very popular, also check out the smart cards division of Schlumberger. You can get RS232-connected card readers (sorry, the make escapes me); I'm not in touch in this field, but I'd be surprised if there weren't USB-connected and keyboard-embedded readers too.