Sharing Smart Card Authenticated Sessions Using Proxies

This paper discusses an approach to share a smart card in one machine with other machines accessible on the local network or the Internet. This allows a user at a browser to use the shared card remotely and access web applications that require smart card authentication. This also enables users to access these applications from browsers and machines that do not have the capability to use a smart card. The approach uses proxies and card reader code to provide this capability to the requesting device. Previous work with remote or shared smart card use either requires continuous access to the smart card machine or specific client software. The approach in this paper works for any device and browser that has proxy settings, creates minimal network traffic and computation on the smart card machine, and allows the client to transfer from one network to another while maintaining connectivity to a server. This paper describes the smart card sharing approach, implementation and validation of the approach using real systems, and security implications for an enterprise using smart cards.