Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smart Card Authentication in Mixed Environments?

Posted by Cliff on from the life-does-not-consist-of-only-one-monolithic-OS dept.

Rednerd asks: "I've been looking into Smart Cards as a good alternative to password authentication but other than the ISO 7816 standard there doesn't seem to be a lot of standards that govern the use of these devices. It seems pretty clear that if I was working in an all Sun, or Microsoft environment implementing a network wide Smart Card solution would be simple, but there doesn't seem to be a lot of heterogeneous Smart Card support out there. I was wondering what kind of experience slashdot readers have had with Smart Cards in mixed environments? What cards and card readers seem to work the best? How have remote users dealt with the use of Smart Cards?"

3 of 11 comments (clear)

  1. What a great idea! by tunah · · Score: 3, Funny
    Seen in the war room:

    Exec 1: We've been having problems with unauthorised access.

    Exec 2: Yes, the employees are using the word 'password' or their login names as their passwords.

    Exec 1: And the employees that *do* use secure passwords can never remember them.

    Exec 2: Yes, employees are stupid. They need Smart Cards to make them Smart!

    Exec 1: And I need a new car!

    --
    Free Java games for your phone: Tontie, Sokoban
  2. Careful... by Crazyscot · · Score: 4, Informative

    Are you proposing to use a smartcard alone to authenticate a login? Make sure you understand the security properties of what you're trying to achieve.

    A card is something you have, not hugely secure (easy to lend/steal, though easy lendability might be an advantage in some situations) unless combined with something you know (eg. passphrase) or something you are (insert the usual biometrics worries here.)

    If you want to build such a system yourself, GemPlus cards are very popular, also check out the smart cards division of Schlumberger. You can get RS232-connected card readers (sorry, the make escapes me); I'm not in touch in this field, but I'd be surprised if there weren't USB-connected and keyboard-embedded readers too.

    1. Re:Careful... by larien · · Score: 4, Insightful
      Yup, there are USB and keyboard devices. Where I work, we use smart cards in Win2K and Compaq keyboards with inbuilt card readers. Even the laptops have a card reader builtin. For older hardware being reused, there are external USB or serial readers available, but you really want to use the USB versions as they are apparently much faster than the serial or keyboard devices.

      Oh, and we have to have a PIN (it says PIN, but it's really a password) to log in as well, to prevent card theft being an easy back door into the system.