The replacement of traditional password security mechanisms by more secure token-based networks is driving a corporate market for smart card technologies, including readers and cards themselves, but also for the applications and tools enabling them to be integrated with the rest of an IT infrastructure.
French smart card supplier Gemplus SA recently hived off a Gemplus Software group to address the requirement for programs that can coordinate, monitor and manage smart card systems deployed across corporate networks. It wants to own the smart card lifecycle, including cards, readers and applications, as well as the development and management of all these components.
To serve this requirement, the company has rolled up GemSafe User and Manager applications plus a software development kit into a suite it calls GemSafe Enterprise. It will ultimately allow multiple applications to run on one card, the company says, and enable users to access a network from any attached client with a reader.
Version 2.0 of the User package enables smart cards to be added to PKI (public key infrastructure) applications including web, email and document authorizing tools. Manager provides administration of the smart card and associated applications over their lifecycle.
The company claims an open systems approach enables developers to integrate the Gemplus smart card technology into any PKI solution and into other firewall, VPNs and eventually third-party smart card solutions, although in the first instance it will only support Gemplus devices.
Digital certificates, cryptographic key and other information is stored on a PIN-protected card, which Gemplus claims is safer than storing it on a computer which could be vulnerable to unauthorized access. They eliminate the need for multiple passwords.
GemSafe User 2.0 and the SDK are available next month; Manager 1.0 will beta next quarter and ship by year-end. GemSafe Enterprise prices go from $15,000 for 500 Windows NT 4 seats. Cards and readers are priced separately. By building out services for corporate-wide PKI/smart card integration, management and development, Gemsafe hopes to keep out in front of competitors such as Litronic, A8, CeloCom, Spyris and Datakey.
Gemplus is currently targeting the Fortune 500 companies which are already moving from password to token-level security on Public Key Infrastructure networks, and expects this to spill over into the consumer market.
Gemplus believes it won’t be long before most PCs ship with a smart card reader. Microsoft’s estimate that all new PCs will ship with them next year is somewhat aggressive in its view, but then Microsoft has committed to supporting smart cards in Windows 2000. If you are doing token-based security, the reader is a negligible cost, the company argues. And the opportunity appears to be arriving quickly. New Forrester research suggests that while 98% of companies use passwords for authentication today, in two years’ time, 56% expect to be using digital certificates. Gemplus expects the welter of smart card technologies – memory cards which store telephone minutes, PIN cards, Java cards, Motorola Smart Jupiter and others – to converge quickly once readers are in place.
