Network Security: Detailed info on Re: dual certificate/smartcard web session management

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: dual certificate/smartcard web session management

from [Alexander Kalinovsky] Network Security

[Permanent Link]

Subject:	Re: dual certificate/smartcard web session management
Date:	Sat, 18 Sep 2004 08:45:31 -0400

As far as I know, this is not possible. Client side digital certificate authentication is performed via SSL handshake. To force the user to present another smartcard you would have to terminate the SSL session and force authentication again. This may work in sequence, but not at the same time.

Best Regards,
Alex

Frank Dobb wrote:

Hello,

I am designing a authentication/session managment
system for a financial web application. Browsers will
be upto date versions of IE, Netscape.

Each client post will have a dual smartcard reader and
two different smartcards will have to be present for
the entire web session.

I am looking for ideas, references, white papers or any other pointers how this has achieved in the past.

Thanks in advance, Frank


            
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
dual certificate/smartcard web session management, Frank Dobb Re: dual certificate/smartcard web session management, Alexander Kalinovsky <= Re: dual certificate/smartcard web session management, Rogan Dawes RE: dual certificate/smartcard web session management, Scovetta, Michael V

Previous by Date:	Re: Hacme Bank, Jérôme
Next by Date:	RE: SOAP inspection / tampering tools?, Bob Auger
Previous by Thread:	dual certificate/smartcard web session management, Frank Dobb
Next by Thread:	Re: dual certificate/smartcard web session management, Rogan Dawes
Indexes:	[Date] [Thread] [Top] [All Lists]