Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Smart card proposal

from [Koh Gim Leng] Network Security [Permanent Link]
Subject: Re: Smart card proposal
Date: Fri, 28 Jan 2005 11:10:30 +0800 
On Tue, 25 Jan 2005 16:45:52 -0500, Richard M. Smith
<rms@computerbytesman.com> wrote:

Hi,

What seems more user-friendly to me is that a single USB key device needs to
be sharable between 5 credit cards, rather than having 5 separate devices.

What I still do not understand is how a Web site communicates with the USB
key device.


Web site communicates to a web browser which in term communicates to a
set of standard APIs known as PKCS#11. Every smart card token or USB
token vendor who wants to sell their token will provide you with their
PKCS#11. Being a standard, your browser will know which API to call
within the PKCS#11.

If the token is in the form smart card, then the PKCS#11 provided by
the smart card vendor will include means to call the smart card
drivers provided as well. If the token is in the form of USB, then the
PKCS#11 provided by the USB vendor will inculdes means to call the USB
drivers as well. Bottom line - whatever happens belows PKCS#1l should
be transparent to the web browser (or any PKI enabled application).

Regards
Sam Koh
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: phishing pages, Tim Hoolihan
Next by Date:  Off topic: what is sensitive information on a website?, Dave Ryan
Previous by Thread:  Re: Smart card proposal, DE Gustafson
Next by Thread:  RE: Smart card proposal, Lyal Collins
Indexes:  [Date] [Thread] [Top] [All Lists]