Karsten,
On Tuesday 25 October 2005 07:37 pm, Karsten Ohme wrote: > > Could you explain the differences between client authentication which > many web browsers and web servers (Apache ...) can do and your solution? > I assume you're refering to the PKI architecture (I am not a web expert). SCWEB assumes the user has a smart card (or any security device with no RSA/elliptic curve support, but rather DES/3DES/AES .... ) connected to the PC. The authentication is made between the users card and the SAM card, and this _without_ using any certficate/signature as would be done with the PKI achitecture ==> there is no need for any certification authority, or rather, the SAM is the certification authority. > Is the web authentication only one example of many? I do use this type of authentication with many of my other applications but, as a better example, many financial applications use the SAM/card architecture (still with symmetrical algorithms): ex: MONEO (French national epurse ), VISA cash(VISA epurse), MONDEX (master card epurse), B0' (French debit/credit application (to be replaced soon by EMV), mchip-lite (Mastre card debit/credit application), VSDC-SDA (VISA debit/credit application) ....... I do agree though that EMV push for DDA (RSA support); but there's a lot of money involved and I do not think there is such a need for identification/authentication application (price of card). Regards, Philippe > > Thanks, > Karsten > > > Regards, > > > > Philippe Martin > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle -- ************************************* Philippe C. Martin SnakeCard, LLC www.snakecard.com ************************************* _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
