Smart cards are being used increasingly as a means to
provide secure access to corporate networks. These cards provide security based
on two-factor authentication. The
first factor is something you know (the smart card’s PIN), and the second
factor is something you possess (the smartcard itself). This yields a higher
level of trust than single-factor authentication, which is a simple password.
Smart cards can be used to store PINs, digital certificates, and other
information that allows a cardholder to log into a corporate network, encrypt
files, and send secure email. However, the very usefulness of smartcards
presents the considerable administrative problem of providing smart cards to
large numbers of employees and managing the cards throughout the card life
cycle. The Enterprise Credential Manager (ECM) is a web-based
application that offers a solution to this problem by empowering individual
users to perform the administrative tasks of issuing and maintaining smart
cards with a minimum of assistance from local administrators.
The SSM enables end users to establish and manage their
smart card themselves with a minimum of help from an administrator. The
services provided by the SSM
include:
Personalizing a
new smartcard: users can assign a pin, put the
file system on the card and install digital certificates for network logon,
digital signatures and email encryption.
Unblocking a card: a card becomes blocked when an
incorrect PIN is entered more times than is allowed. (This limit is determined
by a variable in the configuration file and can be changed.)
Setting up a
temporary card: users who forget to bring their
smart card to work must obtain a temporary smart card from the help desk and
configure the card before they can log into the network.
Setting up a
replacement card: users who lose their smart card
must obtain a replacement smart card from the help desk and configure this card
before they can log into the network.
Reminding users
if their certificate needs to be renewed: Upon logging into the network, SSMAM will detect the expiration date of the
smart card log on certificate installed on the card. If the certificate is about to expire (the expiration date
of a certificate is set in the registry database), the SSMAM will bring the
user to the certificate-renewal page of the Smart Card User Support
Portal.
Smart Card User Support Portal
After a user is able to log in to the network using a smart
card, the Smart Card User Support Portal enables an established user to
perform routine administrative tasks that historically have required the
assistance of an administrator. This user-support portal is freely accessible
by any end user and enables the user to perform the following operations:
Change the Smart Card Question and Answer (Q&A)
Change the Smart Card PIN
Renew a Certificate
Reset the Smart Card Q&A (if forgotten by user)
Smart Card Admin Support Portal
The Smart Card Admin Support Portal is a website that
is accessible only by members of certain administrator groups in the
corporation. This portal enables Administrators/Help Desk personnel to perform
the following operations:
Suspend Certificates
Revoke Certificates
Resume Certificates
Manage the Card
Set User Status
Depersonalize the Card
Conclusion
There is an increasing need for security in today’s business
environment and smart cards provide an extremely secure and efficient means for
accessing corporate networks. The Enterprise Credential Manager solves
the administrative problem of issuing smart cards to a large number of employees
and managing the cards throughout the card life cycle by empowering employees
to performing administrative tasks for themselves.
