Why SmartBridge?
Welcome to the SmartBridge technical documentation site, below you’ll learn about smart card based security and how SmartBridge utilizes smart card authentication in a method compatible with modern software products.
History of Smart Card Based Authentication
Smart card-based security and authentication have been utilized since the 1990s. With the adoption of Common Access Cards (CAC) and Personal Identity Verification (PIV) cards by the DoD and civilian Federal Government, smart card authentication has become an integral part of accessing secure Government systems. In the private sector, smart card authentication is common for financial services and healthcare firms requiring increased security to protect sensitive health and financial information for their customers. However, while incredibly secure, traditional smart card authentication (i.e. inserting a card into a reader and typing the PIN) is inflexible and becoming increasingly incompatible with emerging technologies and is not inherently available on hardwares such as smartphones, tablets, and VR equipment.
Benefits of SmartBridge
Many modern software products are not enabled “out of the box” with smart card authentication due to a lack of need or the inability of hardware to read a smart card. This creates inefficiencies within Government agencies and commercial entities that require the increased security and access management that smart cards provide. SmartBridge helps customers utilizing smart card based authentication secure systems utilizing OAuth/OIDC authentication frameworks with the strong, binding security features of smart cards. This eliminates a major hurdle our customers face to acquire best-of-breed software products that are not inherently compatible with smart card authentication. For our customers who must comply to specific information security regulations, SmartBridge is a quick, effective method for placing any information system utilizing the industry-standard OAuth/OIDC authentication frameworks behind a CAC/PIV/smart card boundary. This allows data to remain secure while leveraging the best software products available, integrate your information system with SmartBridge and enjoy increased productivity and performance without sacrificing security!
In addition to the core functionality of SmartBridge: linking smart card based authentication to OAuth/OIDC authentication frameworks, the product also aids in extending smart card security to environments and hardware that are not smart card enabled. These include smart phones, tablets, VR accessories, and users operating in “disconnected environments”. SmartBridge works to extend credentials stored on smart cards through a process called “derived identity”, creating a digital version of a CAC/PIV/smart card’s credentials for a specified period of time. “Derived identity” is compatible with certain smartphones, tablets, and VR accessories.
Use Case: CAC Security for Extended Reality (XR) Training for MOTAR
SmartBridge provides CAC authentication and extension for MOTAR, the Air Force’s XR training platform. With dozens of training experiences for USAF pilots, aircrew, and ground personnel, the need for CAC security is paramount to keep user, device, and application data secure. Before implementing SmartBridge, MOTAR utilized a username/password authentication within an OAuth framework. This limited the amount of content that could be hosted in MOTAR as security requirements dictated the need for CAC (smart card based) authentication. By leveraging SmartBridge technologies, CAC enabling MOTAR has allowed the platform to host training experiences that must be accessed in heightened security environments. Utilizing CAC based “derived identity” also enhances training experiences through the use of tethered and untethered XR headsets and other accessories.
How SmartBridge Works
SmartBridge functions similarly to a plug-in or attachment to the software you want to secure. This gives the product flexibility to aid in securing a wide variety of systems. SmartBridge hooks onto a system’s original authentication framework, putting it behind a smart card authentication “barrier”, limiting access to users determined by the customer. This is done through SmartBridge comparing the certificate on a smart card against a CA (certificate authority) chain and CRL (certificate revocation list), which is standard in PKI (public key infrastructure) management. Customers can manage which CAs SmartBridge should trust and manage CRLs through an Administrator UI Dashboard (currently in development).
Current Accreditation Status
SmartBridge is currently in process of attaining an initial ATO (authorization to operate) as part of the MOTAR platform. The AO (authorizing official/office) for this initial ATO is AETC (Air Education and Training Command). The SmartBridge development team has emphasized compliance with STIGs/NIST standards during feature development to ensure a streamlined process to obtain an initial ATO. Currently we project gaining an ATO in the late 2021 – early 2022 timeframe.
Deployment Options
Netrist has identified multiple deployment options to help serve a wide array of environments for potential customers in both the Federal and Commercial markets. Listed below are the deployment options for SmartBridge.
Deployment Package
For customers utilizing Kubernetes clusters, SmartBridge is available for deployment via Helm Charts. This deployment method eliminates as much manual input as possible for seamless installs and reducing human errors that lead to broken deployments. Customers that use the Rancher tool for cluster visualization, the full SmartBridge stack can be deployed through the Rancher “App Store”. The deployment time through this approach can be as short as 10 seconds, and alerts customers when new versions of SmartBridge are released so the stack can be seamlessly and quickly upgraded.
Software as a Service (SaaS)
SmartBridge can also be utilized in a Software as a Service, vendor managed model. This deployment option is for those customers that are not connecting SmartBridge to a Kubernetes-based system. Integrating SmartBridge as a SaaS authentication solution takes less than 20 work hours. Please contact us for hosting and support prices!