[SmartcardServices-Users] Custom Smart Card Source

Shawn A. Geddis geddis at mac.com
Mon Jul 26 14:43:01 PDT 2010


On Jul 26, 2010, at 11:28 AM, Bob Colbert wrote:
> Does anyone know of a company that can provide custom printed Smart Cards for company PhotoIDs.  In addition, I would hope that the provided Smart Card would be compatible with the current state of SmartCard support and with a working tokend for Snow Leopard.  I understand that part of it is choosing an already supported reader.  Apparently, I have discovered with my current ActivIdentity USB token that the reader portion of the token is supported, however the card profile needs to be updated to properly read the certificates from the USB token.
> 
> The Smart Card should have the capability for supporting the External Certification Authority type certificates - http://iase.disa.mil/pki/eca/  .  Another capability would be that the Smart Card is compatible with ActivClient for Windows for key generation and/or certificate import.  Unless there is another way under Snow Leopard to generate key requests on the card or otherwise import software certificates onto them? 
> 
> Thanks,
> Bob Colbert

Bob,

I think has already given you excellent guidance and feedback, but I wanted to note a few things in your message for the benefit of all.

> I would hope that the provided Smart Card would be compatible with the current state of SmartCard support and with a working tokend for Snow Leopard.

That is not very specific.  Are you asking for specific profile support with support in the shipping version of the OS or from various sources ?  Many Smart Card vendors have a Tokend for 10.6 and will of course make it available when needed.  

>  I understand that part of it is choosing an already supported reader. 

Yes, but there are nearly 130 readers supported with the CCID Class Driver in Mac OS X 10.6 and with an update to the CCID Driver, many more to come.  As you noted, the reader is part of the equation and the profile on the card (typically implemented as a Java Applet) is the other major component.


> The Smart Card should have the capability for supporting the External Certification Authority type certificates - http://iase.disa.mil/pki/eca/


The X.509 Identities are not the issue as we know, it is access / support for the profile / applet.

> Another capability would be that the Smart Card is compatible with ActivClient for Windows for key generation and/or certificate import. 

You are making reference to wanting the cards to be compatible with your ActivClient for Windows which means that you are issuing cards from ActvIdentity.  You should simply talk to you rep and learn what profile is loaded on the cards you are using on windows.  What you are referencing is really a Card Management system which can provision and manage the cards. You would just follow with acquiring a Tokend from ActivIdentity if that is what you wanted.

My personal suggestion is that you consider a PIV compliant card issuance, since both Apple (Mac OS X) and Microsoft (Windows 7) have built-in support for PIV.  There are a couple variances of PIV, but going down this path ensures that you have something standards-based supported on both platforms.  Just  a suggestion and not a requirement.


-Shawn
__________________________________________________
Shawn Geddis				  			   geddis at mac.com
Security Consulting Engineer				   geddis at apple.com

MacOSForge Project Lead:                           Smart Card Services                                                                 
	Web:	http://smartcardservices.macosforge.org/
	Lists:	http://lists.macosforge.org/mailman/listinfo
__________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100726/fedcb9df/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100726/fedcb9df/attachment-0001.bin>


More information about the SmartcardServices-Users mailing list