Smart card-based authentication system prototype

Page 1

Smart card-based Authentication System Prototype

Smart card-based Authentication System Prototype EAP-ID2

EAP-ID2

EAP PPP ISO7816

EAP

EAP PPP ISO7816

RADIUS Client

RADIUS Proxies

RADIUS Server

UDP/IP

UDP/IP

UDP/IP

L2/L1

L2/L1

L2/L1

© 2010 evalues

2

Smart card-based Authentication System Prototype • Independent of the terminal • Different viewpoints – –

Communication (protocols implemented inside the card) Processing (cryptographic capabilities)

• Do not need to trust the terminal (e.g. public terminals) • Terminal – –

Does not need to have a cryptographic library (portable to mobile devices) Is not required to understand several authentication methods (relay)

© 2010 evalues

3

Smart card-based Authentication System Prototype • Flexibility • We introduce EAP protocol – –

Easy to insert a new authentication method A complete protocol stack is not required

• Transparency in introduction of security updates – –

New authentication method (only in the card) No necessity of updating software in every terminal

© 2010 evalues

4

Smart card-based Authentication System Prototype • Based in standardized algorithms and network protocols • Spanish ID card (3DES, RSA)

• Interoperable – Use of standardized protocols – Introduction of proxies

• Possibility of achieving high certification levels – Solution based on certified hardware: EAL4+, EAL5+

© 2010 evalues

5

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.