Gemplus tailors smart card for PKI
- By Colleen O'Hara
- Jun 27, 1999
Smart card vendor Gemplus this week will unveil a smart card-based security solution that authenticates users who access corporate networks and perform online transactions. The solution also provides tools to manage the cards.
Extranets, intranets and virtual private networks are driving new ways of doing business, which in turn require a new security model with strong authentication capabilities, said Scott Smith, director of product management at Gemplus.
The new solution is designed to support the use of public-key infrastructures, which combine digital signatures, encryption and other technologies to secure data going across public networks.
"We see [PKI] with smart cards as providing this new authentication and nonrepudiation model," he said. Authentication is the ability to verify a user's identity, and nonrepudiation is the ability to certify that a transaction took place, which gives the transaction legal standing.
The GemSafe Enterprise suite of products has three pieces: GemSafe User, which includes the smart card, the smart card reader and software to make the card work with other applications; GemSafe Manager, which is the administrative tool that manages the cards; and the GemSafe software developer's kit, which is for users who want to develop customized applications.
Using GemSafe User, agencies can issue users smart cards that store the public-/private-key pair for encryption and a digital signature for authentication. Users have the option of generating the key pair on the card itself, externally loading the keys or using pre-loaded keys.
GemSafe Manager, which provides the administration piece of the system, is a server-based system with administration tools and client software to help manage GemSafe users in a PKI environment. GemSafe Manager makes it easy to keep track of who is issued certificates and keys and provides customer service functions, such as remote diagnosis. "This is really designed for a closed system like a military base," Smith said. "An agency would use this tool to manage personalization and issuance of cards and customer service functions of that card."
Using a smart card in conjunction with PKI adds a degree of control over the information stored on them, he said. "When the keys and digital signatures are kept on a hard drive, systems can be compromised easily," Smith said. "That can't happen with a smart card. "
In addition, for users who want to build GemSafe-based customized applications, there is the GemSafe developer kit, which comes with tools such as libraries, sample code, documentation, smart cards and readers.
"GemSafe's family of crypto-based security products will allow secure [World Wide] Web and e-mail services while capturing your digital identity on a smart card," said Bill Clark, director of federal sales operations at Gemplus.
The products will enable users to "securely and cost-effectively enter a federal building...log on to a PC and sign a document digitally [and] conduct secure Web and e-mail sessions, all from the same Gemplus multi-application smart card," Clark said.
A smart card is the ideal security token, said Michael Noll, co-director of the General Services Administration's government smart card initiatives and implementation team. If Gemplus is offering PKI on a smart card along with card management, "that's something government would be interested in," Noll said, adding that GSA has done work with Gemplus on smart card projects. "The more total solution these companies come up with," the better positioned they will be to meet users' needs, he said.
GemSafe Enterprise, which builds on the GemSafe product that was announced last year, will be available in July with the release of GemSafe User and the developer's kit. GemSafe Manager will ship at the end of the year. The list price starts at $15,000 for a 500-user system; cards and readers are priced separately.
The products will be added to the GSA schedule and will be available for purchase from the Gemplus Web site at www.gemplus.com.