[SmartcardServices-Users] Custom Smart Card Source

Miller, Timothy J. tmiller at mitre.org
Mon Jul 26 12:01:38 PDT 2010 

>I understand that the ECA program Smart Card solution is not originally
>intended for corporate ID like a CAC Card, but I believe the FiXs
>program is meant to provide a CAC-like card authentication with hardware assurance
>ECA certificates on board.

Not quite.  FiX (an acronym no longer used, AFAICT) is intended to show non-Federal partners how to produce cards that are technically compatible with the PIV platform, and provide a path to meet all FIPS 201 identity assurance requirements.

>The reason that I ask is that Good Technology (according to one of their
>webinars) is releasing an updated iPhone (and Android) product that will
>include S/MIME encryption in the Fall timeframe.  Their previous S/MIME
>product was for Windows Mobile devices and used bluetooth card readers
>for the CAC card.  Early indications (I am trying to clarify with them) is
>that may only support software-only certificates (at least initially).

Everything I've heard is pretty much the same: smartcard support is intended for the product, but the only info I can glean on status indicates they won't initially make that goal.   It's been awhile since I've had Good in for a chat, though.

>The ECA certs can be renewed in 1 year increments, so I thought I would
>just get software certificates and put them on a Smart Card.  And just
>simplify the number of cards and stuff on my person and wallet, combining this
>card with a photo ID.

This won't help you with Good's software suite if it ships without smartcard support.

>Ultimately, I think the FiXs program for DoD contractors is probably the
>best approach long term, but getting acceptance for it at all DoD
>facilities is holding things up.

Requirements for interoperation with non-Federal PKIs was clarified via DoD CIO memo last year, and is being incorporated into the DoDI 8520.02 reissuance currently being circulated.

>                                               In addition, there needs to be a mobile device
>solution for these hardware type certificates.  It is getting more
>annoying as encrypted email is becoming more pervasive to keep getting "this
>email cannot be read on this device" on the iphone.

This is a separate problem from PKI interop.

-- Tim

More information about the SmartcardServices-Users mailing list