[SmartcardServices-Users] Custom Smart Card Source
Miller, Timothy J.
tmiller at mitre.org
Mon Jul 26 12:01:38 PDT 2010
>I understand that the ECA program Smart Card solution is not originally
>intended for corporate ID like a CAC Card, but I believe the FiXs
>program is meant to provide a CAC-like card authentication with hardware assurance
>ECA certificates on board.
Not quite. FiX (an acronym no longer used, AFAICT) is intended to show non-Federal partners how to produce cards that are technically compatible with the PIV platform, and provide a path to meet all FIPS 201 identity assurance requirements.
>The reason that I ask is that Good Technology (according to one of their
>webinars) is releasing an updated iPhone (and Android) product that will
>include S/MIME encryption in the Fall timeframe. Their previous S/MIME
>product was for Windows Mobile devices and used bluetooth card readers
>for the CAC card. Early indications (I am trying to clarify with them) is
>that may only support software-only certificates (at least initially).
Everything I've heard is pretty much the same: smartcard support is intended for the product, but the only info I can glean on status indicates they won't initially make that goal. It's been awhile since I've had Good in for a chat, though.
>The ECA certs can be renewed in 1 year increments, so I thought I would
>just get software certificates and put them on a Smart Card. And just
>simplify the number of cards and stuff on my person and wallet, combining this
>card with a photo ID.
This won't help you with Good's software suite if it ships without smartcard support.
>Ultimately, I think the FiXs program for DoD contractors is probably the
>best approach long term, but getting acceptance for it at all DoD
>facilities is holding things up.
Requirements for interoperation with non-Federal PKIs was clarified via DoD CIO memo last year, and is being incorporated into the DoDI 8520.02 reissuance currently being circulated.
> In addition, there needs to be a mobile device
>solution for these hardware type certificates. It is getting more
>annoying as encrypted email is becoming more pervasive to keep getting "this
>email cannot be read on this device" on the iphone.
This is a separate problem from PKI interop.
-- Tim
More information about the SmartcardServices-Users
mailing list