[SmartcardServices-Users] Custom Smart Card Source

Bob Colbert colbert at detk.net
Mon Jul 26 10:03:02 PDT 2010 

Tim,
I understand that the ECA program Smart Card solution is not originally
intended for corporate ID like a CAC Card, but I believe the FiXs program is
meant to provide a CAC-like card authentication with hardware assurance ECA
certificates on board.

The reason that I ask is that Good Technology (according to one of their
webinars) is releasing an updated iPhone (and Android) product that will
include S/MIME encryption in the Fall timeframe.  Their previous S/MIME
product was for Windows Mobile devices and used bluetooth card readers for
the CAC card.  Early indications (I am trying to clarify with them) is that
may only support software-only certificates (at least initially).

The ECA certs can be renewed in 1 year increments, so I thought I would just
get software certificates and put them on a Smart Card.  And just simplify
the number of cards and stuff on my person and wallet, combining this card
with a photo ID.

Ultimately, I think the FiXs program for DoD contractors is probably the
best approach long term, but getting acceptance for it at all DoD facilities
is holding things up.  In addition, there needs to be a mobile device
solution for these hardware type certificates.  It is getting more annoying
as encrypted email is becoming more pervasive to keep getting "this email
cannot be read on this device" on the iphone.

Without starting a flame war, I know Blackberries do this now, but I like
the overall Good Technology approach in that workers can use their personal
devices wherein the Good application is sandboxed and corporate-controlled.

Thanks,
Bob


On 7/26/10 12:25 PM, "Miller, Timothy J." <tmiller at mitre.org> wrote:

> At least one ECA authority issues smartcards, but ECA smartcards are not
> intended to be employee badges, and the ECA vendors don't generally support
> issuing to entire companies.  That's not what the ECA program is for.
> 
> If you're wanting to deploy a corporate PKI that's interoperable with the DoD
> and/or Federal PIV systems, you need to spend some quality time with the _PIV
> Interoperability for Non-Federal Issuers_ specification:
> 
> http://www.cio.gov/Documents/PIV_Interoperabillity_Non-Federal_Issuers_May-200
> 9.pdf
> 
> What you're really asking for is a share service provider (SSP).  An SSP is
> someone who would issue your ID cards for you, and handle cross-certification,
> ID vetting, etc.; the Federal PIV program has several operating SSPs, but they
> can only issue to Federal agencies.  I'm not aware of any non-Federal PIV-I
> shared service providers currently operating, but they are expected to arise.
> 
> -- Tim
> 
> 
>> -----Original Message-----
>> From: smartcardservices-users-bounces at lists.macosforge.org
>> [mailto:smartcardservices-users-bounces at lists.macosforge.org] On Behalf
>> Of Bob Colbert
>> Sent: Monday, July 26, 2010 10:29 AM
>> To: SmartcardServices-Users at lists.macosforge.org
>> Subject: [SmartcardServices-Users] Custom Smart Card Source
>> 
>> Does anyone know of a company that can provide custom printed Smart
>> Cards for company PhotoIDs.  In addition, I would hope that the provided
>> Smart Card would be compatible with the current state of SmartCard
>> support and with a working tokend for Snow Leopard.  I understand that
>> part of it is choosing an already supported reader.  Apparently, I have
>> discovered with my current ActivIdentity USB token that the reader
>> portion of the token is supported, however the card profile needs to be
>> updated to properly read the certificates from the USB token.
>> 
>> The Smart Card should have the capability for supporting the External
>> Certification Authority type certificates -
>> http://iase.disa.mil/pki/eca/  .  Another capability would be that the
>> Smart Card is compatible with ActivClient for Windows for key generation
>> and/or certificate import.  Unless there is another way under Snow
>> Leopard to generate key requests on the card or otherwise import
>> software certificates onto them?
>> 
>> Thanks,
>> Bob Colbert
>> 
>> 
> 

---- 
Bob Colbert
DE Technologies
118 Sleepy Hollow Drive
Suite 1
Middletown, DE 19709
302-285-0354
302-285-0357 Fax
colbert at detk.net

More information about the SmartcardServices-Users mailing list