suggestions for smart card or biometric web authentication?

Discussion in 'ASP .Net' started by HK, Dec 30, 2005.

  1. HK

    HK Guest

    Anyone have suggestions for biometric or smart card or key fob or [whatever
    else] authentication of a future public facing website? For example, a
    customer could do something to authenticate themselves and the computer
    passes some data in the background of their browser session so a user can be
    authenticated better than the typical "username/password" fields? We'd use
    ASP.NET 2.0 on the server side. I see a few miscellaneous tools in a google
    search but nothing is jumping out at me. For example, one is not really
    ..NET compatible but you could work around that. Not great. We also need
    something affordable. Considering that online banking sites are exploring
    better options to prevent spyware from grabbing usernames/passwords, I was
    hoping someone in this group might have done some research into this already
    and have some concrete thoughts or suggestions.

    User Group Etiquette: Please don't be the first to reply to this post
    unless you have something truly helpful to add, else others will think I've
    already been helped and not read the post.
    HK, Dec 30, 2005
    #1
    1. Advertising

  2. HK

    Spam Catcher Guest

    "HK" <> wrote in
    news:ZHhtf.6970$:

    > Anyone have suggestions for biometric or smart card or key fob or
    > [whatever else] authentication of a future public facing website?


    Biometrics is still in its infancy - at least for the web.

    As for keyfobs, take a look at RSA Security's SecureID authentication.
    Also Entrust provides secure identity solutions.

    SecurID needs a bit of fudging to work with ASP.NET:

    http://sourceforge.net/projects/securid4dotnet/

    A cheaper solution maybe to use client-side certificates. You send a
    certificate to each user:

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q315588

    So to authentication, a user will need a password + certificate.

    But I guess a bigger question is - are you going to provide all your
    customers keyfobs or biometric readers? This stuff doesn't come cheap.
    Also, are you willing to deal with all the support issues? Perhaps you
    should consider building better logging/monitoring tools - and force
    users to reset there passwords often?

    > User Group Etiquette: Please don't be the first to reply to this post
    > unless you have something truly helpful to add, else others will think
    > I've already been helped and not read the post.


    Newsgroup (usenet)... not user group!

    Anyhow, I don't think there is such an "etiquette" rule. What one
    considers junk maybe gold for another? : ) You can always repost if you
    don't like the answers!

    --
    Stan Kee ()
    Spam Catcher, Dec 31, 2005
    #2
    1. Advertising

  3. HK

    Guest

    HK:

    You can have a look at our opensource two-factor authentication
    solution:

    http://www.wikidsystems.net (or
    https://sourceforge.net/projects/wikid-twofactor/) and our commercial
    site: http://www.wikidsystems.com.

    We currently have a COM object for windows apps, but we're also working
    on an ISAPI plugin.

    In addition, the PC clients for mac, linux and windows can do mutual
    authentication - i.e. host & user auth, which prevents MITM attacks. It
    can run on a usb device. The commercial version supports wireless
    devices - Blackberry, cell phones, Palm, WindowsMobile.
    , Jan 3, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?bm9vZGxlcw==?=

    Smart Card Authentication

    =?Utf-8?B?bm9vZGxlcw==?=, May 14, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,155
    Steve C. Orr [MVP, MCSD]
    May 14, 2004
  2. Santo Santis

    Smart Card

    Santo Santis, Oct 1, 2003, in forum: Java
    Replies:
    0
    Views:
    433
    Santo Santis
    Oct 1, 2003
  3. Replies:
    1
    Views:
    332
    Steve C. Orr [MVP, MCSD]
    Jun 22, 2006
  4. Philippe C. Martin

    SCLOGON 0.1 Smart Card event daemon for GNU/Linux

    Philippe C. Martin, Nov 5, 2005, in forum: Python
    Replies:
    0
    Views:
    299
    Philippe C. Martin
    Nov 5, 2005
  5. Atif - Alghanem

    BioMetric SDK

    Atif - Alghanem, Aug 12, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    149
    Atif - Alghanem
    Aug 12, 2003
Loading...

Share This Page