Putting together all of this, we can implement Windows smart card logon with an Android phone: ![]() New applications can be written in Javacard and installed, as long as card manager keys are known. ![]() The eSE is a fully programmable environment.When the NFC controller is put into “card emulation mode” and tapped against a contactless reader attached to a PC, the phone looks just like a traditional smart card to the PC operating system.Many recent Android devices have an NFC controller and embedded secure element (eSE) which is comparable to the hardware inside ordinary smart cards.Smart card logon for Kerberos with PKINIT is already built into Windows. ![]() Here we consider a different approach where the phone is used as primary credential, replacing a standard smart card in conjunction with a short user PIN. Restricting our attention to PCs running Windows on one side and Android devices on the other, it turns out the bulk of the machinery required for implementing this is already present. Quick recap of these raw ingredients from previous posts: In addition these ad hoc schemes are not compatible with how authentication works for typical operating systems– for example in an enterprise environment, that means Kerberos. There are different ways to interpret the notion of “logging into your computer PC using a phone.” While it is increasingly common to see phones provide second-factor for login to websites (by sending SMS challenges or using installed apps to generate one-time passcodes) users still have.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |