- Ergonomic Keyboard With Smart Card Reader
- Cac Card Reader For Mac
- Business Card Reader For Mac
- Dell Smart Card Reader Keyboard
- Wireless Keyboard With Card Reader
I am looking for keyboards with a built in SmartCard reader, where the Smartcard can be unlocked directly without going via the computer. The keyboards I found so far connect the SmartCard reader via an integrated USB hub which opens the door for key loggers to snatch the PIN/password. Are there any keyboards where the SmartCard can be unlocked locally that don't transmit the PIN/password to the connected computer?
ACR38K-E1 Smart Keyboard combines the functionalities of a smart card reader and a PC keyboard. ACS smart card readers utilize the latest microchip technology, bringing you high security for your confidential files in a convenient and easy way. I use it with a DoD CAC card and when I plug the USB reader in it goes steady green and then when I insert my CAC into the reader it starts blinking. I open keychain utility and I see my certificate there. At that point, you have a payment terminal, which is a small, tamper-resistant computer with its own CPU, RAM, Flash, display, keyboard and smart card reader. The important point is that, short of a full-featured payment terminal, you will not get substantial security against an hostile host computer.
To clarify for what it will be used:
The employes will get SmartCards with authentication certificates on them. The SmartCard is protected by a PIN/Password. The user will:
Ergonomic Keyboard With Smart Card Reader
- insert the card
- enter the card PIN/password (preferably locally)
- enter the password for the certificate (on the computer)
We made tests with external readers similar to the one here and the local handling of the unlock by PIN worked fine. Now we are looking for a way to remove the 'extra device' on the table.
Cac Card Reader For Mac
Eric GBusiness Card Reader For Mac
1 Answer
The problem with what you ask for is about sharing the keyboard with the OS. When a keyboard is plugged in a machine, then the operating system on that machine is made aware of every key press and key release event, and the OS maintains the knowledge of which key is pressed at any time. For your PIN entry scenario, you not only need the key presses to be sent to the smart card, but you also want the same key presses not to be sent to the operating system.
The keyboard, by itself, won't be able to guess whether you are about to type a PIN code. You could imagine a specific command sent from the computer, which tells to the keyboard: 'now, key presses should be sent to the smart card, not to me'. But you do not trust the host computer (that's the point of the discussion), so you cannot trust it for actually sending this command. Therefore, your special keyboard, if it exists at all, should have a manual switch or at least an indicator LED which the OS cannot override (e.g. the LED turns green when key presses are sent to the smart card).
You would not be at the end of your worries, though. Because when you use the smart card to perform a payment, the card 'authenticates' the payment order (with some operation that the bank will accept as valid; this could be a MACor a digital signature). You then want to be sure that what the card sees and signs is indeed the payment order you believe. Since you do not trust the host computer, you need an extra display.
When you go down the road of 'host computer is potentially hostile', you normally end up with the idea that the smart card reader should have its own keyboard and display, so that it may show you what you are about to sign, and makes sure that your PIN code goes to the card only. Ideally, the reader should run the banking application itself (to assemble the order in the right format). At that point, you have a payment terminal, which is a small, tamper-resistant computer with its own CPU, RAM, Flash, display, keyboard and smart card reader. The important point is that, short of a full-featured payment terminal, you will not get substantial security against an hostile host computer.
Dell Smart Card Reader Keyboard
The easier way is to trust the host computer, so that you may reuse the components that the host computer already offers: CPU, RAM, storage, display, keyboard...