5. Principle of Psychological Acceptability
A security mechanism should not make
accessing a resource, or taking some action
more difficult than it would be if security
mechanism were not present.
6. Smart Cards and the Web: Classical
To access Smart Card capabilities
• On the User’s computer
– Internet explorer : card specific CSP impl.
– Firefox : card specific PKCS#11 impl.
– Safari : card-specific tokend
• On the Server
– Different server/client scripts to handle
browser & crypto stack differences (Herculean!)
7. We build too many walls, and
not enough bridges
- Sir Isaac Newton
8. In other words,
Break the ubiquity of web
&
Lose the mobility of Smart Cards
&
All this complexity destroys usability
12. Building the Bridge
• Engineering considerations
– Agnostic: PC OS, browser & smart card
– Security : user consent
– Simplicity : partitioning, lightweight
– Asynchronous
• Community
– License & Distribution
• FREE
– Education (in progress)
• http://www.sconnect.com
• A Foundation for Community participation
14. SConnect OPERATING
SYSTEMS
• Connectivity plumbing that works with
classical smart cards
• Digitally signed browser extension
enabling scripts embedded in a web page BROWSERS
to access the PC/SC channel on client
machine
• A toolkit for developing
Smart card Aware Web Applications
DOWNLOAD
• Ubiquitous – all relevant OS/browser
combinations
15
• Lightweight – 15 second download and
install