[1253] in Kerberos
Re: Smart Cards
daemon@ATHENA.MIT.EDU (Chris Riddick)
Wed Feb 20 14:47:25 1991
From: nss1!cjr@uunet.UU.NET (Chris Riddick)
To: uunet!lorien.ocf.llnl.gov!athey@uunet.UU.NET
Cc: kerberos@cjr.uunet!athena.mit.edu
Date: Wed, 20 Feb 91 13:23:37 EST
Charles Athey asked if anyone knew of any companies which manufacture Smart Ca
Cards that either work with Public Key encryption or Kerberos. First of all,
there are many vendors of smart cards and readers. In fact, Europe is a
very big market for smart cards at this time. There are some very
sophisticated cards out there that are programmable and provide onboard
support for encryption. I am aware of several vendors who provide support
for DES. I know that some are working on public key, but I don't know
where they stand on the development or how performance is impacted.
There is an excellent conference held annually in Washington, D.C. called
SCAT/ASIT '91 (May 28-31) that addresses smart cards and security and id
technology. I would recommend attending that if possible. They are
planning a whole session on smart card related security algorithms, including
public key.
We are using smart cards for storing the user password required by
kerberos. The smart card provides protection of the password with
a Personal Identification Number (PIN) that is used to encrypt the
password on the card. To access your password, you must first respond
to a challenge from the card and enter you PIN. The password is used
to get your initial TGT from kerberos, and then it is removed from memory
to limit exposure. The specific card we are using is from a vendor
called GEMPLUS. Although many of the cards are ISO conformant with
respect to the physical format and interface, they do not use a common
command set for manipulating data on the card.
Chris Riddick
UUNET: uunet!nss1!cjr
Internet: nss1!cjr@UUNET.UU.NET
USSnail: Simpact Associates, Inc.
12007 Sunrise Valley Drive
Reston, Virginia 22091
Phone: 703-758-0190 x2156
FAX: 703-758-0941
