SConnect presentation at CTST 2008

2,769 views
2,568 views

Published on

A brief introduction of SConnect done at CTST 2008

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,769
On SlideShare
0
From Embeds
0
Number of Embeds
949
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SConnect presentation at CTST 2008

  1. 1. SConnect: Connecting smart cards to Web kapil sachdeva software technologist gemalto
  2. 2. Service Ubiquity Usability Browser is the new platform
  3. 3. Security Is the Web platform secure ?
  4. 4. Smart card = Security strong authentication; mobility; secure attributes;
  5. 5. Principle of Psychological Acceptability A security mechanism should not make accessing a resource, or taking some action more difficult than it would be if security mechanism were not present.
  6. 6. Smart Cards and the Web: Classical To access Smart Card capabilities • On the User’s computer – Internet explorer : card specific CSP impl. – Firefox : card specific PKCS#11 impl. – Safari : card-specific tokend • On the Server – Different server/client scripts to handle browser & crypto stack differences (Herculean!)
  7. 7. We build too many walls, and not enough bridges - Sir Isaac Newton
  8. 8. In other words, Break the ubiquity of web & Lose the mobility of Smart Cards & All this complexity destroys usability
  9. 9. So, what does it look like?
  10. 10. And how is it deployed?
  11. 11. Building the Bridge • Engineering considerations – Agnostic: PC OS, browser & smart card – Security : user consent – Simplicity : partitioning, lightweight – Asynchronous • Community – License & Distribution • FREE – Education (in progress) • http://www.sconnect.com • A Foundation for Community participation
  12. 12. Lets make people fall in love with Smart Cards
  13. 13. SConnect OPERATING SYSTEMS • Connectivity plumbing that works with classical smart cards • Digitally signed browser extension enabling scripts embedded in a web page BROWSERS to access the PC/SC channel on client machine • A toolkit for developing Smart card Aware Web Applications DOWNLOAD • Ubiquitous – all relevant OS/browser combinations 15 • Lightweight – 15 second download and install

×