By Rachel Chalmers
Secure Computing has unveiled its e.iD smart card technology, intended to work as a bridge between existing applications that depend on two-factor authentication and the PKI-based applications of the future. Robert Wise, director product marketing, explains that the Multicard has an LCD panel and a keypad. You can very quickly enter a PIN number, he says. In that way it’s conceptually much like using an ATM. Users can then enter a system using a dynamically generated password that appears on the LCD display.
So much for two-factor authentication. For public key applications, the card supports most industry standard smart card chip modules. Developers can plug in off-the-shelf components. In a security application, you can use this for storing digital certificates and credentials, Wise explains, we believe it’s the first such product to combine these into a single device.
So the e.iD multicard can replace the sorts of secure tokens now being used for strong authentication, but unlike those tokens, it can also be used in smart card applications. In theory, this gives CIOs a clear migration path. Corporations might give these cards to employees to provide security clearance, but the employees can then also use them to digitally sign documents, for example. Another application is in system management, says Wise. A systems administrator has to be a trusted individual. Increasingly those people have to be strongly authenticated. Once they have used the multicard to authenticate themselves, however, sysadmins can also use it to encrypt or sign email, for example.
Even where users have no access to smart card readers, the LCD and one-time dynamic password can be used to gain entry to a system. And if someone steals the card, they can’t use it unless they know the PIN. Wise says Secure’s customers are already exploring the use of the multicard in various applications. We have a financial institution quite interested in this device, he says. Their officers and executives are using the smart card capability for logging many tens of billions of transactions. Then with the two-factor authentication, their remote partners are moving large amounts of money around. Aggressively priced at $80 per unit – compared with $40-$80 for tokens with far less functionality – the company hopes e.iD will help attract some of that money Secure Computing’s way.