The present invention relates generally to provision of security services to Internet applications and more particularly to provision of security services to Internet applications from a smart card without requiring a smart card infrastructure.
Smart cards are devices that may be used to provide high levels of security for information stored thereon. As such, smart cards are ideally suited for storing sensitive information needed in many applications. A simple illustrative example is online banking. Typically, access to bank accounts over the Internet requires a user to enter an account number and a password. It is entirely possible to store both of these pieces of information on a smart card. However, that begs the question of how to use the account number and password stored on the smart card when logging in to a bank web site.
Current smart card solutions require both specialized hardware in the form of card readers, device drivers and middleware applications. This infrastructure has to be installed on the host computer and configured by a user with administrative rights before the solution can be used by restricted user-mode accounts. This more than any other single factor has hindered mass deployment of smart cards for desktop applications.
While there are specialized smart cards that use standard peripheral connectors thus avoiding the requirement of special card readers, e.g., the eGate smart card from Axalto, Inc, hitherto these cards lack the capability to connect to the Internet and act as Internet hosts without installation of drivers and middleware on the host computers to which they are to be connected. That installation would require the account doing the installation to have administrative rights.
There are also smart cards that provide network capabilities, e.g., the Axalto Network Card, described in co-assigned co-pending patent application Ser. No. 10/848,738, by HongQian Karen Lu, et al, entitled “Secure networking using a resource-constrained device,” filed on 19 May 2004, the entire disclosure of which is incorporated herein by reference. While such smart cards may act as network nodes and peers with other computers connected to a network, these cards require a certain amount of software installation and/or configuration on computers or other devices that interface the cards to the network. However, even with the support of a network connectivity stack on the smart card, the current PC infrastructure cannot support smart cards in restricted user accounts.
From the foregoing it will be apparent that there is still a need for an improved method to provide security services such as those available from smart cards without imposing the burden of installation of hardware and software on the host computer there by overcoming foresaid problem of limiting acceptance of such security devices due to imposition of special hardware and software on the host computer.