At next week's RSA Conference in San Francisco smart card vendor Gemalto will introduce new technology designed to give online shoppers an easy way to log on to their accounts using a smart card device that plugs into any PC. Gemalto, based in Amsterdam, is already a major provider of smart cards to government and the enterprise, but the company hopes that its new system, called the Network Identity Manager, will be easy enough to use that it will appeal to consumers. The USB devices will not require any specialized software and will work with standard browsers and use the same Transport Layer Security (TLS) mechanisms already used by Web sites. Network Identity Manager will also use a "token management system" that will sort out which credentials need to be supplied to different Web sites, and will support Verisign's VIP Network Identity federation framework, according to Gemalto's Web site.
Because the user has to have the smart card device plugged into the PC before logging onto an online bank or e-commerce site, the device will thwart many common identity theft tactics including phishing or keylogging, according to Amol Deshmukh, a marketing manager with Gemalto. "It can create a much stronger link with whatever back-end you're trying to connect with," he said. Gemalto may face a tough sell, according to Avivah Litan, a Gartner analyst. While, products like the Network Identity Manager will provide protection from many types of attacks, but so far U.S. banks have not been clamoring for this kind of USB device, she said.