What do we want from a security token?
Form Factor
Smart Card
- Requires external reader
- External reader can have a PIN pad
- Service life of readers and cards is specified
- Devices such as door locks can use smart cards
- Readers typically connect via USB
USB Token
- Does not require external reader
- USB connector not necessarily designed for constant connection/disconnection
- Many new PCs have USB ports on the front, many monitors include USB hub
- USB extension cables provide an inexpensive replacable component
- Some tokens now have integrated flash drive
- Some tokens have biomentric readers.
- Per-unit cost higher than a card (not counting the reader). Consider the cost of replacing a lost or damaged token though. The marginal cost of replacint a card is cheaper.
Smart card (token) requirements
|
|
OS |
Windows, Mac, and Linux |
APIs Libraries |
PKCS#11, for Windows, Mac (PPC, Intel), and LinuxMS Capi CSP for Windows , and Optional MAC(Intel, PPC) CDSA |
SDK |
yes |
Memory size |
>= 32 k |
Encryption Alg |
DES, DES3, AES |
Certificate storage type |
X509 |
RSA Key length |
>= 1024 |
Onboard key gen |
YES |
Public Key Alg |
RSA |
Key Storage |
Min 2 RSA key pairs |
FIPS |
Min 140-1 level 2 |
Processor |
>= 8 bit |
ISO 7816 |
Part 1-4 |
HASH Alg |
SHA1, MD5 |
Memory data retention |
>= 10 years |
Memory cell rewrites |
>=100000 |
Tamper Evident Case |
yes |
Random Key gen |
Hardware |
Form factor |
CARD, and USB token |
Number of insertions |
>= 100000 |
Platforms
Linux
Mac
MS Windows
Standards
Applications
- WebMail
- GnuPG
- PAM
External Requirements
PKI/Storage Requirements
How many keys of what length? CA chain, etc.
Other Features
Hardware
- biometric reader
- data storage
Software
- password storage