Article posted: Jul 10, 2017
By William Houry, Vice President of Sales
No matter the industry or its level of security, at least some employees at every enterprise today require access to their corporate networks via mobile devices. Most rely on physical smart cards for user authentication and access, yet there's another low-cost and even simpler solution: Just-in-Time (JIT) virtual smart cards (VSCs) (find more information about smart cards here: https://versasec.com/smart-cards.php).
Virtual smart cards are simply a virtual version of a physical card, making use of standard interfaces of the operating system and applications, and offering the same cryptographic capabilities of their physical counterparts. VSCs connect to physical devices using the Trusted Platform Module (TPM) technology, and they cannot be moved between devices.
For mobile users, VSCs are the right solution because they can be used on modern PCs, tablets and mobile phones. Typical scenarios where VSCs are highly desirable include bring-your-own-device scenarios, individual PC set-ups (such as a home office) and temporary or one-time uses.
Adding in JIT capabilities means that a VSC can be made available when required.
This all sounds great, but there can be stumbling blocks. While many enterprises and SMBs use card management systems (CMS) to manage their physical smart cards, most card management systems lack the advanced management features to meet the requirements for securely implementing VSCs. But with TPM technology, enterprises can create VSCs on their mobile devices, and remove the need for physical smart cards. Be aware, however, that TPM introduces challenges around how to manage devices vis-à-vis to the creation, issuance and management of VSCs securely.
What's needed are solutions that can emulate and manage virtual smart cards using the TPM. While the software interfaces with both operating systems and application programs as would a physical card, it also refers processing of cryptographic commands and cryptographic key storage to the host computer's TPM. The benefit of this approach is that organizations deploying the VSC technology need not purchase smart cards or smart card readers, resulting in reduced overall solution costs without compromising security.
There also are challenges associated with managing thousands of devices, such as integrating mobile and physical smart card management solutions, and taking advantage of centralized management of the VSCs.
Contact us at https://versasec.com/contact.php so we can discuss with you the types of applications where VSCs make sense today, and the advantages of VCS, including the ability to seamlessly implement smart cards based on two-factor strong authentication for all sizes, the low monetary investment, and the ease of use and maintenance.