Secure Computing weds password token, smart card

Secure Computing Corp. this week will introduce a card product designed to serve as a "token" for security applications, but it also can serve as a tool for other applications.

The e.ID (electronic identity) "multicard" is intended to be used to authenticate a user's identification, either by generating digital certificates or one-time passwords. But Secure Computing also provides space on the back of the card for an employee photo and a magnetic stripe or bar code data for physical access control, according to the company.

"There's a huge need for strong authentication" in the federal sector, said Cathy Cromley, director of federal marketing for Secure Computing. She anticipates a strong federal response to this opportunity to use one token for multiple applications.

The e.ID multicard is the latest offering in the company's SafeWord line of products for authentication technology. SafeWord users include the Army, the Federal Aviation Administration, the National Institute of Standards and Technology and the General Accounting Office, all of which will be targeted for migration to the new card, Cromley said. The company also will add the new product to its recently acquired General Services Administration schedule.

e.ID also will be compatible with the company's Sidewinder firewall, which is used widely throughout the Defense Department, said Robert Wise, director of product marketing.

The credit card-size token can provide authentication in several ways, Wise said. e.ID can be used as a dynamic password authentication token, in which a user enters a personal identification number (PIN) on the card's built-in keypad. The token then presents a one-time password on its liquid crystal display, which the user enters into his computer.

But the card also contains a slot for a computer chip, which can store the data needed to generate a digital certificate. The digital certificate is a bit of code that identifies a user during an electronic transaction. Digital certificates often are used as part of a public-key infrastructure, which is a system for securing transactions sent across the Internet. When used with a chip, e.ID works by being inserted into a card reader attached to the computer.

The smart card chip, with 4K to 8K of memory, actually can store more than one application, the company said, depending on the size of program.

For example, the chip could store a digital certificate and a counter file that would indicate the number of times the owner has used it so that when it reached a certain number, the certificate would no longer be valid.

Or the chip could have an encrypted list of hosts that one is permitted to log on to. One could even add an electronic purse with digital coins, if there is infrastructure in place to support it.

But the actual processing for such applications would occur on the host PC because the smart card has no computational capability.

Some 1,000 multicards will be made available to early adopters soon, with unlimited shipments starting this summer.

Future SafeWord line products will include a software "palm token" for handheld devices, Wise said. Secure Computing hopes for shipments to begin by the end of April.

-- Adams is a free-lance writer based in Alexandria, Va. She can be reached at cbadams@erols.com.