The software company fun communications GmbH is presenting a form of smart card-based access security for the internet at the CeBIT. fun communications has developed the authentication module known as SmartID, which facilitates registration in web applications using the GeldKarte, the MasterCard@on and additional smart cards. Whenever he is logging in, the customer authenticates himself using his smart card. The operation is exceptionally simple because the smart card is automatically recognised. By means of security protection, providers and customers using smart cards effectively safeguard themselves against imminent attacks as a result of phishing, pharming and brute force (automated guessing of passwords).
SmartID uses the chip cards customers already have now. Providers can thus save on the costs of creating and managing a hardware token infrastructure of their own. More than million 64 GeldKarten are already being used by German customers in the form of ec cards or customer cards from banks and savings banks. There are also credit cards, such as the MasterCard@on, which are increasingly being fitted with EMV chips. With SmartID, all chip cards can be used for access protection.
Smart cards such as SECCOS cards, EMV cards, signature cards and the GeldKarte provide the opportunity of creating clear allocation for the card used with a user identity via features that cannot be changed or copied. Such an unambiguous feature is cryptographically secured and read by the card with the help of SmartID and can be assigned to a particular user or a role used by a user as part of a registration process. The card is then used for authenticating (identity checks) a user on the internet as well as authorizing (authorization check) using the data stored for these cards.
With SmartID, authentication via smart card in Liberty Alliance infrastructures can be simply integrated and used as an alternative or replacement for entering usernames and passwords. The customer logs into a service with Liberty Alliance support using his username and password. If he then changes to another provider’s service, which also supports Liberty Alliance designs, then he does not have to enter any username or password there. The private sphere remains protected and the safety of personal data is guaranteed by the Liberty Alliance designs. The Liberty Alliance design facilitates protection and management of digital identities on the internet by means of a neutral and open standard.
More detailed information is available at www.fun.de and www.cebit.de