File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes C / C++ and the fly likes Two Factor authentication using HSM and Smart Card Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Languages » C / C++
Bookmark "Two Factor authentication using HSM and Smart Card" Watch "Two Factor authentication using HSM and Smart Card" New topic
Author

Two Factor authentication using HSM and Smart Card

Gaurav Chander
Greenhorn

Joined: Jan 29, 2012
Posts: 10
Hi,

I'm working on a project two implement two factor authentication using a PKCS based smart card and a HSM.
Scheme which I have formulated so far is

1. get a public/private key pair generated on HSM
2. Store the public key from the above pair on the smartcard
3. Generate random bytes on smartcard, get it encrypted using the public key
4. Send the encrypted bytes and the original random bytes to HSM
5. Decrypt the encrypted bytes using the private key on the HSM and compare with the original bytes.
6. If bytes match then login else do not allow the user to login.


My restriction is that I do not want a third party application to be communicating with the HSM.

Just the dll to communicate with smart card and HSM.

Can anyone suggest some other scheme to implement two Factor on the HSM.

Thanks,
Gaurav

Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 960
    
  10

I don't see this as "two factor authentication" since the only 'factor' involved is the HSM access password.
Gaurav Chander
Greenhorn

Joined: Jan 29, 2012
Posts: 10
Smartcard will act as second factor as user will be able to authenticate to HSM only if smartcard is connected.

I agree it is not actual two factor but let's just ignore that and please suggest some scheme to make use of smartcard to authenticate on HSM
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 960
    
  10

Gaurav Chander wrote:Smartcard will act as second factor as user will be able to authenticate to HSM only if smartcard is connected.

I don't see how? How will you stop the HSM being authenticated by its out-of-the-box approach?

I agree it is not actual two factor but let's just ignore that and please suggest some scheme to make use of smartcard to authenticate on HSM

The only HSM I have worked with used a card reader to authenticate the user so I don't understand your requirement. Even if I did I don't think I have enough expertise to help because as with anything like this you should employ an expert or you risk creating an insecure system.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Two Factor authentication using HSM and Smart Card
 
Similar Threads
How encrpyt all files on web server so decryptable by all users' keys?
Is cast5 128 supported by default sun JCE provider?
problem in XOR of private key using public key....
JCE
Encrypting and Decrypting Strings.