Software developers looking to piggyback on Microsoft’s .NET framework to provide two factor authentication for their clients need look no further than France-based Axalto’s new .NET smart cards. This marks the first availability of .NET smart cards in the world, and the first customer will be Microsoft itself.
Diane Harvey, Director of Business Development for Access at Axalto’s Austin, Texas headquarters, said the company’s Cryptoflex smart card will be issued by Microsoft next year and eventually used for logical access by tens of thousands of the software giant’s employees worldwide. The same card will contain a separate proximity chip for physical access control.
“The .NET based smart card is a new technology,” she said. “It provides a convenient way for .NET developers to easily access and incorporate smart card capabilities for security and policy management. This speeds up delivery to their customers of more secure solutions.”
She said developers will not have to change the way they code to utilize the card. “They will program the card in a transparent manner using cryptographic and communication interfaces they already know. We are giving application developers the ideal tool to integrate smart cards into their secure access solution.”
Microsoft defines its .NET as a set of Microsoft software technologies for connecting information, people, systems, and devices. .NET enables software integration through the use of Web services – small building-block applications that connect to each other as well as to other, larger applications over the Internet.
“.NET is a system architecture or framework that helps people create applications,” said Ms. Harvey. “They’ll now be able to use smart cards inside that (.NET) architecture.”
Secondly, she added, developers will not have to change their application program interfaces to utilize the secure features of Axalto’s .NET smart cards. “Existing solutions will integrate into customers of the Microsoft environment and these integrated solutions with Axalto smart cards will have a lower cost of investment.”
Previously, she said, smart cards had their own way of being programmed. “Now they’ll be able to program them like any other device in the .NET framework.
“It is the first smart card that has supported the .NET Framework,” she added.
The new Microsoft ‘smart’ employee ID
The Microsoft-deployed smart card will add two-factor authentication, requiring both the card and a password (or PIN number). “It provides greater security above just a user name and password.”
Despite Microsoft’s strong password policies, the software giant had determined that additional forms of authentication were required, especially for those that needed remote access to their corporate network. To counter the threat of unauthorized users, Microsoft chose to deploy smart cards. This approach to logical access security, completed worldwide in 2002 for Microsoft’s employees, has increased the overall security of enterprise network assets and data at Microsoft.
Now, Microsoft is moving to the .NET-based cards – smart IDs that will support both physical and logical access on one smart card. A contactless feature embedded in the card will provide physical access to buildings and offices. The logical access control is provided via a microprocessor contact smart card with specialized security features, large memory for application storage, and implements Microsoft .NET.
Secure and reliable cryptographic operations, such as symmetric (DES, AES) and asymmetric (RSA) algorithms are accessible via an implementation of the standard Cryptographic Services architecture of the .NET Framework. This empowers existing solutions that use .NET cryptographic services to be easily modified to use smart cards, enhancing security and customization to .NET solutions, and allowing Microsoft’s internal IT organization to use the same programming tools they employ for other development projects.
“The .NET-based smart card represents a breakthrough in security technology by providing developers with an innovative and crucial component for building secure. NET connected systems,” said Ms. Harvey.
Even Bill Gates will use the new smart card
Microsoft’s Chairman and Chief Software Architect Bill Gates, delivering the opening keynote address at Microsoft IT Forum 04 in November in Copenhagen, highlighted Axalto’s NET-based smart card. As he explained it, this new smart card runs a small-footprint implementation of the .NET Framework, developed from the Common Language Infrastructure specification at ECMA, and allows developers to use Visual Studio .NET and their existing skills for smart-card development.
He said a major identity issue “is the weakness of the password. Unfortunately, for the type of critical information on these systems, and the regulations that ask that these systems be secure, whether it’s health data or financial data or customer access to customer records…we aren’t going to be able to simply rely on passwords. Moving to biometric identification and particularly moving to smart cards, is a wave that’s coming. One of the key elements for us is to have a smart card that really connects up in the best possible way to the Microsoft platform.”
He congratulated Axalto on its “super job” in developing the .NET smart card. In addition to using it for logical and physical access, he said that eventually Microsoft will be “requiring smart card use for any remote connections to our systems, and over time, we’ll completely replace passwords, where even the internal access will be done through this smart card.”
He added: “By having the .Net capability there, we think that it allows you to bring different logic, different information down on to the card itself, using the same development tools used for everything else. So it’s got a richness and a continuity there to the file form that only exists in that .Net environment. We’re very excited to see smart cards moving into the mainstream and connecting up to our infrastructure.”