A Canadian company this week unveiled a new smart-card based authentication system capable of providing users with secure access to offices as well as their corporate networks.
The system, from Ottawa-based CryptoCard Corp., comprises several components, including the CryptoAdmin 5.32 back-end server, the CryptoCard itself and separate PCMCIA and USB smart-card readers. Together, the system is meant to serve as an all-in-one physical and network authentication solution.
The Java-based CryptoCard is FIPS 140-1 (level 2) compliant and can be used with proximity-based smart-card readers as well as those from Schlumberger and other vendors. To use the card for network access, the user would insert it into the PCMCIA or USB reader on his machine and then enter a PIN. Each PIN is used for one session only and then discarded immediately when the card is removed from the reader.
Administrators can use the CryptoLogon feature to replace or supplement the existing Windows-based authentication procedure. The software also supports VPNs from Check Point Software Technologies Ltd., Cisco Systems Inc. and Nortel Networks Inc. It can be loaded with certificates from either Microsoft Corp., Entrust Inc. or VeriSign Inc.
Because the CryptoCard can provide both physical and network access, it would clearly make an attractive target for a thief. However, company officials say theft of a card is less worrisome than someone stealing a user ID and password.
"Youd be sure to notice if someone stole your card, but you wouldnt necessarily know if someone has taken your password and user ID," said Malcolm MacTaggart, president and CEO of CryptoCard.
The new release is available now.
- Commentary: Even Smart Cards Can Make Dumb Mistakes
- More Security Coverage