• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Two Factor authentication using HSM and Smart Card

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm working on a project two implement two factor authentication using a PKCS based smart card and a HSM.
Scheme which I have formulated so far is

1. get a public/private key pair generated on HSM
2. Store the public key from the above pair on the smartcard
3. Generate random bytes on smartcard, get it encrypted using the public key
4. Send the encrypted bytes and the original random bytes to HSM
5. Decrypt the encrypted bytes using the private key on the HSM and compare with the original bytes.
6. If bytes match then login else do not allow the user to login.


My restriction is that I do not want a third party application to be communicating with the HSM.

Just the dll to communicate with smart card and HSM.

Can anyone suggest some other scheme to implement two Factor on the HSM.

Thanks,
Gaurav

 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't see this as "two factor authentication" since the only 'factor' involved is the HSM access password.
 
Gaurav Chander
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Smartcard will act as second factor as user will be able to authenticate to HSM only if smartcard is connected.

I agree it is not actual two factor but let's just ignore that and please suggest some scheme to make use of smartcard to authenticate on HSM
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Gaurav Chander wrote:Smartcard will act as second factor as user will be able to authenticate to HSM only if smartcard is connected.


I don't see how? How will you stop the HSM being authenticated by its out-of-the-box approach?


I agree it is not actual two factor but let's just ignore that and please suggest some scheme to make use of smartcard to authenticate on HSM


The only HSM I have worked with used a card reader to authenticate the user so I don't understand your requirement. Even if I did I don't think I have enough expertise to help because as with anything like this you should employ an expert or you risk creating an insecure system.
 
You showed up just in time for the waffles! And this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic