Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Two Factor authentication using HSM and Smart Card

 
Gaurav Chander
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm working on a project two implement two factor authentication using a PKCS based smart card and a HSM.
Scheme which I have formulated so far is

1. get a public/private key pair generated on HSM
2. Store the public key from the above pair on the smartcard
3. Generate random bytes on smartcard, get it encrypted using the public key
4. Send the encrypted bytes and the original random bytes to HSM
5. Decrypt the encrypted bytes using the private key on the HSM and compare with the original bytes.
6. If bytes match then login else do not allow the user to login.


My restriction is that I do not want a third party application to be communicating with the HSM.

Just the dll to communicate with smart card and HSM.

Can anyone suggest some other scheme to implement two Factor on the HSM.

Thanks,
Gaurav

 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see this as "two factor authentication" since the only 'factor' involved is the HSM access password.
 
Gaurav Chander
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Smartcard will act as second factor as user will be able to authenticate to HSM only if smartcard is connected.

I agree it is not actual two factor but let's just ignore that and please suggest some scheme to make use of smartcard to authenticate on HSM
 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gaurav Chander wrote:Smartcard will act as second factor as user will be able to authenticate to HSM only if smartcard is connected.

I don't see how? How will you stop the HSM being authenticated by its out-of-the-box approach?

I agree it is not actual two factor but let's just ignore that and please suggest some scheme to make use of smartcard to authenticate on HSM

The only HSM I have worked with used a card reader to authenticate the user so I don't understand your requirement. Even if I did I don't think I have enough expertise to help because as with anything like this you should employ an expert or you risk creating an insecure system.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic