Netscape communicates with smart cards

Netscape (NSCP) and friends today underscored their support for using smart cards or other hardware tokens for security on corporate networks by unveiling a set of products that will work with the new Communicator 4.0 Web browser.

The Netscape initiative aims to liberate computer users from their desktop PCs, freeing them to log on corporate networks, check their email, and securely access their personal data from anywhere on company premises, from the road, or from home.

Smart cards (plastic cards similar to credit cards but with an embedded chip) or security tokens can be used to hold an individual's "digital certificate," an ID card for networks that use public key cryptography to verify the identity of a user. Most certificates are stored on PC hard drives, which makes the owners less mobile.

Netscape today said its Communicator 4.0 browser software supports a security protocol from RSA Data Security called Public Key Cryptography Standards or PKCS-11. Ten network security firms announced support for PKCS-11, and six said their products will now work with Netscape's latest browser.

"There is a broad range of products out there, and this is going to drive the ability for corporations to implement this kind of functionality across enterprises," said Shirlie March, Netscape senior security product manager.

Security tokens or smart cards are generally used with a password and are considered more secure than using a password and personal identification number (PIN).

A spokeswoman for Microsoft said the company has not committed to supporting PKCS-11, but it does support smart card authentication in its Internet Explorer 4.0 browser using Secure Sockets Layer (SSL) encryption. Microsoft's security architecture is called CryptoAPI, and it is codeveloping PC/SC, a protocol for how PCs and smart cards will work together.

But PKCS-11 has picked up considerable momentum, winning the backing of chipmaker Intel through its Common Data Security Architecture and of the Open Card Framework, the specification for NCs, according to Eric Greenberg, a former Netscape security chief who is now chief operating officer of Litronic.

"This allows corporations to issue smart cards that can do a number of things: Web access, dial-up access, and building access," said Greenberg.

"We are seeing an evolutionary process, educating people on the value and use of certificates," said Netscape's March. "As certificates become more widespread, you're going to see the requirement growing for taking certificates with you."

Smart card vendors providing products that work with Netscape's browser include:
--Chrysalis-ITS with its Luna PC card encryption token.
--Datakey for its SignaSure CIP (Cryptoki Interface Provider) smart card, hardware tokens, reader/writers, and software.
--Fischer International for its Smarty smart card reader that looks like a 3.5 inch diskette.
--Litronic for its NetSign product, a smart card system and developer kit.
--RSA parent Security Dynamics for its SecurID smart card.
--Vasco Data Security for its Internet AccessKey tokens. Vasoc and Datakey also market VACMan/CryptaPak, which includes smart cards, a reader/writer and software.

Also backing PKCS-11 but not announcing products today were smart card manufacturers Bull Worldwide Information Systems, Gemplus, and Schlumberger.