RE: Smart Card - Sun.

["Hay, Brennan (Contractor)" <HayB () ncr disa mil>]

If you are using something like the DoD common access card (smart card)
It will hold your certs.

With it, you can decrypt email using your private key

Authenticate using your identity cert

logon to network with smartcard

There are varying types of cards, with different amounts of storage,
containers, etc.

Here is a good link that explains some of it
http://home.hkstar.com/~alanchan/papers/smartCardSecurity/

Some smart cards require passwords also, otherwise someone could just steal
your card.  By increasing the amount of checks, they reduce chance of
compromise.

If you lose your smart card,  you tell your PKI ppl.  They revoke your certs
and issue you a new one, new certs - standard PKI.  Most smart cards are
fairly cheap < 10$ (card with chip with mag stripe, 32k chip)

Some of them have biometric identification built in, or a biometric
requirement for password reset.

-b


-----Original Message-----
From: Jens Johansson [mailto:jens.johansson () arrowhead se]
Sent: Thursday, November 07, 2002 3:04 AM
To: security-basics () security-focus com
Subject: Smart Card - Sun.


Hi.

I have a Sun Blade 100 workstation, running Solaris 9.
The Sun Blade 100 is delivered with Solaris 8, wich does not support the 
smart card reader, Solaris 9 (wich is installed) does tho...

My questions here are pretty basic.

How does the smart card authentication work ?
What information is stored on the card ?
How's the security ?
What do i achive using this authentication method ?

I mean, will i still need a password? like pgp encrypt password phrase?
What happens if i loose my smartcard?


Hope someone can fill in the blanks.


Best Regards.

Jens J.
Arrowhead AB