The Federal government has been working on eliminating password based authentication in their networks for quite some time. As part of this, the government has mandated the use of Public Key Infrastructure as a way to enhance security through eliminating the need to use passwords as login credentials. Home Land Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors (HSPD-12) mandated the use of smartcard based strong authentication. Perhaps the best known implementations are the Personal Identification Verification (PIV) card used by Civilian Agencies and the Common Access Card (CAC) used by the US Military.
Recently Juniper Networks and Thursby introduced support for PKI smart cards on Apple iOS devices on our Pulse SSL VPN and Network Access Control Solutions. As far as I know, these solutions are the only ones that currently support US Federal smartcards on iOS devices.
NIST SP 800-53, revision 4, Information Assurance control IA-2, Identification and Authentication contains control enhancements which mandate support for smartcards on mobile devices. Enhancement #11- Remote- Access- Separate Device- states, “the information system implements multifactor authentication for remote access to privileged and non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access” and goes on to say, “the purpose of requiring a device that is separate from the information system gaining access for one of the factors during multifactor authentication is to reduce the likelihood of compromising authentication credentials stored on the system. Also control enhancement 12- Acceptance of PIV Credentials, states, “The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials.”
The Juniper Networks DC Area Juniper User Group (DCJUG) will demo the Junos Pulse partnership with Thursby’s PKard software and card reader at its November 21st meeting at Seasons 52 in Tyson’s Corner, VA. You can register for the event here.