Advanced Smartcard Access Control System

Overview
The National Institute of Standards and Technology (NIST) has developed an Advanced Smartcard Access Control System (ASACS) in collaboration with several commercial vendors. This system is described in "An Overview of the Advanced Smartcard Access Control System (ASACS)"[12], and several related documents [13,14,15,16,17,18,19]. A condensed version of the ASACS system overview is presented here, as an example of one approach to the development of a smartcard based authentication system. The primary goal of the ASACS project was to develop an advanced smartcard system which exploits recent advances in semiconductor and cryptographic technologies for secure login authentication. ASACS also provides secure data storage, automated key management, and digital signature capabilities. The services supported by the ASACS implementation are designed for use within networking environments, including both local area networks and wide area networks such as the Internet.

The ASACS smartcard provides cryptographic capabilities based on standard cryptographic algorithms and techniques, in combination with software running on a host computer. Many of the underlying concepts applied to the design of ASACS have been successfully demonstrated in the NIST/Datakey Token Based Access Control System (TBACS) [6] as well as the Smartcard Access Control System (SACS) [20] projects. Each of these systems provides token-based secure access to a host computer through a cryptographic handshake protocol based on the Data Encryption Standard (DES) algorithm. However, the ASACS project involves the development of a smartcard with greater capabilities through the addition of public key cryptographic functions. A new smartcard reader/writer with significantly greater capabilities has also been developed for ASACS. The ASACS reader/writer has computational capabilities, and includes a microprocessor, programmable memory, a keypad, and an LCD display. These features support the needs of mobile users who require a portable reader/writer for authentication from remote sites. To demonstrate the capabilities of ASACS, several applications have been developed, most notably a system maintenance program and several other useful demonstration programs. In addition, ASACS has been integrated with the Privacy Enhanced Mail (PEM) system.