EID there is other middleware that is compliant

If you don't trust an open source middleware or just want to be compliant in your infrastructure from end to end there are products (middleware) that incorporate or use the EID but just as an card and use it in an secured and compliant environment.

These are commercial products but as they are used in high secure environments they have to protect the authentification and the data on the EID in a better secure way.

Some security products and installations that let you use EID also use these commercial middleware installation instead of the FEDICT software.

one example is this

If anyone has a list of commercial security compliant EID reader middleware, this may be interesting

If you have the money, you don't have to use the opensource solution from FEDICT if you want to be absolutely sure.

Comments

  • [i]If you have the money, you don't have to use the opensource solution from FEDICT if you want to be absolutely sure.[/i]

    I always wonder how long such FUD campaigns will last and what drives it? Of course I for one welcome other eID solutions since it increases diversity. This definitely has a positive impact on both probability that a system is being hacked and payoff once a system has been hacked. The probability for security weaknesses being exploited decreases once more eID solutions are available as the competition among these eID solutions will definitely have a positive impact on the code quality. As for the payoff once a system has been hacked we can also state that diversity reduces the number of systems that are vulnerable to a certain security attack on an eID solution. As security can be roughly defined by probability times payoff, diversity will have a positive impact the security property of eID solutions. But to state that commercial eID middleware solutions are more secure is somewhat far-fetched. The reason why I open sourced the new eID Applet is because I don't believe in 'Security through obscurity' and I want to invite security researches into constructing alternative viable eID solutions.

    Kind Regards,
    Frank.

The comments are closed.