Smart cards are making rapid advances into computer security technology. Case in point is Smart Centric’s new logical security product–called SmartCity Logon–that bypasses the typical user name and password. With the card, you logon with ease. Without a smart card, you can’t logon at all.

“With the increasing popularity of laptops, our logon product can provide protection for these valuable, yet vulnerable devices,” explained Kieran Timmins, CEO of Dublin, Ireland-based Smart Centric. Steal a laptop today and you only have to overcome the user name and password. “But if someone takes possession of a laptop using our SmartCity Logon product, he can’t use it without the owner’s smart card,” said Mr. Timmins.

Smart Centric Technologies International Ltd.’s addition to its SmartCity line allows smart card enabled logon to Windows 2000 PCs. SmartCity Logon, a chip based product, lets cardholders logon to local or domain-controlled Windows 2000 based PCs using their SmartCity smart card. It can be used for both personal PCs and PCs used in public areas such as libraries and computer laboratories.

Still in its infancy,SmartCity Logon was first introduced in June. “A number of our customers are investigating its use,” added Mr. Timmins. “Some of the Smart Centric customers are looking at using the SmartCity Logon to control access to their computer resources. Others are looking at it for verification of identity for people who are taking part in distance education.”

The first release, a Windows version, comes in two modes. The first requires a PIN number and the second requires a fingerprint biometric.

In the PIN mode, upon insertion of the smart card into an attached PC/SC-compliant smart card reader, the cardholder is requested to enter a PIN. Once the PIN is authenticated, SmartCity Logon retrieves the userID and password and logs the cardholder on to his machine or domain.

For an added level of security, the biometric mode holds the cardholder’s fingerprint template in a protected file on the card. Upon insertion of the smart card, the cardholder is first required to enter his pin number. He then is required to present his fingerprint via a biometric reader. Once both the pin and the fingerprint are authenticated, SmartCity Logon retrieves the userID and password and logs the cardholder on to the machine.

“In the case of a PIN number, people tend to write that down,” said Mr. Timmins. “You can’t do that with a fingerprint.” Smart Centric approaches biometrics differently than other vendors, he adds. “We don’t keep the biometric data in a database. It’s held on the card only. This means we can work in off-line mode.”

“Our approach addresses some of the privacy concerns individuals have with using biometrics as the data is not being held centrally in a database,” adds Mr. Timmins. The cardholder is always in control of his or her biometric data.

SmartCity Logon is available on all SmartCity-compatible smart cards that have sufficient storage. It can be used with existing or new cards.

Smart Centric intends to expand the applications available using the biometric functions such as physical security and internet authentication. “Our next release,” said Mr. Timmins, “will allow companies to set up secure web sites. Our solution will be used to augment an existing content management server or web site to provide client-side biometric authentication using a smart card. It’s in tests at the moment, and will be available in six to eight weeks.”

Fujitsu Services (the original developer of SmartCity) sold its SmartCity business to Smart Centric in January, 2003. Mr. Timmins, formerly the director responsible for smart cards at Fujitsu, was then named CEO of Smart Centric. Key members of the Fujitsu development team also transferred to the new company.

---

Related articles:

Campus card “hack” overstated but important Gemplus selected to deliver smart identity cards for EC funded air travelers security program Card-based PKI to better secure doctor’s communications