 |
 |
 |
 |
 |
 |
 |
 |
|
Developing PersonaCard Applications by Todd Carper, TEC Solutions, Inc. This article was published in Volume 2 Issue 2 With the introduction of the first commercial security product based on iPower technology [the PersonaCard data security token] many companies, including TEC Solutions, are preparing to release integrated and compatible products that take advantage of the high level of security it offers for information exchange. Electronic mail is one of the first applications adopting the PersonaCard token. The card provides a level of security previously unavailable to e-mail users, who can now be assured of the sender's identity and enjoy complete message privacy over networks of all kinds. Other applications are rapidly being adapted to allow PersonaCard use, including fax machines, network routers, network management systems, and information servers. Fax machines are now being developed that will accept the PersonaCard. To secure fax transmissions using encryption technology, both the sending and receiving fax units must accommodate the card. On the sending end, you will insert your PersonaCard into the fax machine and specify the recipient. Using the card, the fax will be encrypted in such a way that only the designated recipient can read it. On the other end, the receiving fax unit must contain the recipient's PersonaCard before the fax will be decrypted and printed. When it is essential to authenticate the sender's identity, the sending fax unit will use the PersonaCard to create a unique digital signature that the receiving fax unit will use to verify the identity of the sender. Network routers and Internet firewall systems are other promising applications for the PersonaCard. A drawback of some current systems is that access is based on your network address. When you are away and you dial a local Internet-access provider, the system may dynamically change your network address-denying you access to your office systems. Using public key technology, the router or firewall system could maintain a database of approved users verified through security tokens. (For client-to-router communications, the client network software will have to be updated to allow use with a public-key security product like the PersonaCard.) Network management and maintenance products, which regularly update client workstations, are also prime candidates for PersonaCard use. Using public-key encryption technology, these systems will be able to provide client stations greater assurance that the management server is truly an authorized server. Under Way At TEC Solutions TEC Solutions primarily develops database information systems. We also integrate database systems with various Internet services, such as the World Wide Web and information servers. Recently, we have been preparing many of our technologies for integration with the PersonaCard and other security products. Our information servers typically provide an information request form and allow the customer to pay with a credit card. The availability of hardware-based security tokens is enabling us to secure these information systems, even over the Internet. Integrating PersonaCard tokens with information servers is actually quite easy. The first step is to provide license control and hardware-based authentication. To do this, we are providing each of our Windows-based clients with a PersonaCard. Before sending out the PersonaCards and updated client software, the public keys of the cards will be registered with the database server and tied to specific clients. When a client connects to the information server (using his standard name and password), a random message encrypted with the public key of the connecting user is sent from the information server to the client station. The client station must decrypt this random message using the client's private key, re-encrypt it using the information server's public key, and return it to the information server. If the returned message is identical to the one that was originally transmitted, additional requests by the client will be allowed. If the messages do not match, the client is disconnected. This approach provides hardware-based verification of the user and also enforces license control. Each user wanting to connect to the system will need a PersonaCard. In our first implementation, we only validate the presence of the PersonaCard at connection. So at the moment, it is possible for two users to share the same card and log-in information. In other parts of the system, the client software utilizes the PersonaCard to encrypt the information being transferred. These are just a few of the current applications which are incorporating the PersonaCard; the list is rapidly growing. In the future, iPower security technology should also enable the development of entirely new technologies. You can contact Todd Carper at todd@tecs.com. |
