Yubikey smart card mode without additional equipment

The idea of the first smart card was patented by the French inventor Roland Moreno back in 1974. Today, we already use this technology every day and cannot imagine how we can do without it: SIM cards, electronic travel tickets and passports, keys to hotel rooms, employee passes of closed enterprises, and bank payment cards work in smart card mode.

In business, smart cards are indispensable assistants, especially if you need to protect the IT infrastructure from hacking and phishing. But reading such cards usually requires additional equipment that can read the information. And the service life of plastic smart cards is mostly 2-3 years, which means that information security costs are increasing. What to do now?

There is a rather sophisticated solution to this issue: some series of YubiKey security keys (US development) can not only open access to personal or corporate accounts, but also work in smart card mode. In addition, they will last at least three times longer thanks to their shock resistance, water resistance and no removable/retractable parts.

Let’s consider the features of smart cards and the effectiveness of replacing them with YubiKey security keys.

What are smart cards?

Smart cards are small devices with an embedded microcircuit, sometimes a microprocessor, and an operating system that allow them to generate keys, store identifying information about the owner, and perform cryptographic calculations.

They most often look like plastic cards and work only in connection with reading equipment – a terminal that transmits data to a computer.

Smart card and reader

But, as we mentioned above, there are exceptions. Some manufacturers produce hardware devices that are similar in function and properties to smart cards, and they already include a card reader function. These are tokens or security keys with a USB interface, such as the YubiKey. The latter are considered one of the best in terms of price-quality ratio.

Smart cards are used to establish the authenticity of the identity of their owners (identification and authentication), as they are reliably protected from unauthorized access thanks to embedded software. The data contained on them cannot be copied, and the devices themselves cannot be reprogrammed. It is not for nothing that smart cards are used by various financial and government structures, restaurant/hotel businesses, scientific/educational centers and large IT companies.

The main functions of a smart card:

  • storage of identification data of the owner (for example, ID);
  • authentication based on the “challenge-response” principle (a method in which the secret or password is not transmitted over the communication channel);
  • storage and verification of PIN codes for two-factor/multi-factor authentication;
  • generation and storage of digital signature, keys, or certificates.

An example of solving these problems is the SIM cards of mobile operators – with their help, it is possible to prove that the subscriber who connected to the network by a certain number is really a client of the operator and services are available to him within the framework of his tariff.

Note. YubiKey’s security keys have all the listed functions. In addition, their use does not require additional equipment, such as readers or card readers, since the keys can be directly connected to computers.

Types of smart cards

Smart cards differ in functionality:

  • memory cards (as cards for micropayments in transport);
  • smart cards (like biometric passports, SIM cards).

Also, smart cards differ in the way they interact with other devices:

  • contact, with the ISO 7816 standard (the basic standard for all smart cards, which is most often used in bank cards);
  • contact, with a USB connector (these include not only ISO 7816 cards with built-in USB, but also tokens, security keys);
  • contactless (such cards have radio frequency readers/transmitters or so-called RFID tags — RFID identifiers).
image10
image15
YubiKey NFC

Note. YubiKey keys belong to intelligent types of equipment and can be connected via USB or contactless, transmitting data via NFC.

Smart card mode in YubiKey

YubiKey’s security keys support the following protocols:

  • PIV (personal identity verification) smart card — confirmation of identity;
  • smart card CCID (integrated circuit card interface device) is an interface device with an integrated circuit that allows connection via USB and does not require readers.

This allows you to use the following functions:

  • key management;
  • signature of documents;
  • encryption of mail messages;
  • connection of two-factor authentication (ownership factor — card, knowledge factor — PIN code);
  • enable passwordless authentication.

Also, some series of YubiKey keys support NFC technology, which allows you to connect to devices contactless. In particular, these are the following series:

  • YubiKey 5 NFC;
  • YubiKey 5C NFC;
  • Security Key NFC;
  • Security Key C NFC;
  • YubiKey 5 NFC FIPS;
  • YubiKey 5C NFC FIPS.

Below are their photos and links, where you can familiarize yourself with the characteristics of the devices in more detail.

Note. The YubiKey FIPS series keys are similar in appearance to the YubiKey 5 series keys, but with enhanced protection – designed specifically for government officials and enterprise employees, these keys are provided only by individual order.

YubiKey series with smart card mode

Smart card mode is supported in YubiKey series:

  • YubiKey 5;
  • YubiKey 5 FIPS.

Each of them has 6 types of keys that differ in form factors.

YubiKey 5

The keys of this series support not only smart card mode, but also FIDO2, U2F, OTP, OpenPGP 3 protocols. The keys are also crush-resistant and waterproof, meeting the degree of protection IP68.

This YubiKey series features the following products:

  • YubiKey 5 NFC is a hardware key with a USB-A connector and NFC wireless technology;
  • YubiKey 5C NFC is a hardware key with a USB-C connector and NFC wireless technology;
  • YubiKey 5C is a hardware key with a USB-C connector;
  • YubiKey 5Ci is a hardware key with a USB-C and Lightning connector;
  • YubiKey 5 Nano is a miniature device with a body that protrudes minimally from the PC and a USB-A connector;
  • YubiKey 5C Nano is a miniature device with a minimally protruding body and a USB-C connector.

YubiKey 5 keys can be purchased by both business and average users who are concerned about network security, online payments, have savings on cryptocurrency exchanges or are a freelancer/remote employee.

YubiKey 5 FIPS

As we mentioned above, the keys of this series are a separate development that is ideal for employees of large businesses, banking, or government agencies. They are the ones that support the PIV (identity verification) smart card mode, and also have the ability to:

  • key management;
  • connection of one-/two-/multi-factor authentication (support of FIDO, FIDO2, FIDO U2F protocols);
  • generation of OTP passwords taking into account the time factor or counter;
  • save up to 32 accounts.

In addition, YubiKey FIPS keys can be numbered to enable tracking of employee locations across the enterprise or active employee sessions on personal computers by ID. In the event that an employee resigns, it is possible to reprogram the keys for reassignment to another person.

The YubiKey FIPS series includes the following products:

  • YubiKey 5 NFC FIPS – security key with USB-A interface and NFC wireless communication technology;
  • YubiKey 5C NFC FIPS – security key with USB-C interface and NFC wireless communication technology;
  • YubiKey 5C FIPS – security key with USB-C interface;
  • YubiKey 5Ci FIPS – key with USB-C and Lightning interface;
  • YubiKey 5 Nano FIPS is a miniature device with a minimally projecting body and USB-A interface;
  • YubiKey 5C Nano FIPS is a miniature device with a minimally projecting body and USB-C interface.

Note. Please note that YubiKey FIPS series keys are provided only by individual order.

Where to get YubiKeys with smart card function

YubiKey’s security keys are produced in the USA together with Sweden. We, The Kernel, are the official distributor of Yubico in Ukraine and offer our customers original products.

You can order products from us in bulk by contacting the manager by phone +38 (044) 35 31 999, or in retail — on the official website our online store.

Need help with product selection or advice on specific safety preferences? Contact us. We have been working in the field of information security for more than 30 years, therefore, in addition to ordering YubiKey products, we can offer recommendations for solving any issues related to the protection of your IT infrastructure.

New challenges and threats of modern cyberspace in the era of ChatGPT: how is the criminal’s portrait changing?

OpenAI introduced GPT chat version 3 in late 2022, based on large language models. He knew how to hold a conversation like a real person, communicate in many languages, pass exams, write software code and even blog. Already after 2 months, the number of his supporters...

Cybersecurity outsourcing – is it really dangerous and expensive?

Cybersecurity is a constant race against the clock: hackers find vulnerable chains and try to gain access to confidential information, while security experts build security systems that attackers try to break into after a while. And this happens all the time....

What businesses need to know about information security – an overview of technical tools

Unauthorised access to personal information, financial accounts or trade secrets can cause a lot of damage. This can lead to large losses due to the loss of reputation and financial assets, violation of user privacy, etc. Therefore, every person, organisation, business or financial institution must take care of data protection.

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryption

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryptionBrute force attacks are one of the most common hacking methods. It is considered one of the simplest, because in fact, in order to start an attack, an attacker only needs...

How to choose a quality USB token or security key

What is a USB token and how to use itThe concept of a USB token Since protecting accounts with a login and password has long been outdated, back in the early 2000s, many manufacturers began to offer USB tokens as an alternative solution. These are hardware keys for...

Two-factor authentication

Two-factor authentication Two-factor authentication In the modern world of computer tech, when it comes to information and personal data protection the use of passwords only is no longer reliable. It’s no secret, that even complex combinations of words, digits and...

Yubikey smart card mode without additional equipment

The idea of the first smart card was patented by the French inventor Roland Moreno back in 1974. Today, we already use this technology every day and cannot imagine how we can do without it: SIM cards, electronic travel tickets and passports, keys to hotel rooms, employee passes of closed enterprises, and bank payment cards work in smart card mode.

As a security key Yubikey protects against phishing attacks

As a security key Yubikey protects against phishing attacksPhishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and...

How to protect your password from theft

The password is the first degree or first factor of protection against account hacking. It's very important to take care of its security, because if hackers steal your password, your personal data, documents, important correspondence and much more will be at risk. In...

What is multifactor authentication?

What is multifactor authentication? What is multifactor authentication and when is it appropriate to use it Account protection with the help of one factor – a complex password – ceased to be reliable about two decades ago. Therefore, network users are recommended to...

How to protect your account from hacking – the most relevant security measures

How to protect your account from hacking – the most relevant security measures How to protect your account from hacking – the most relevant security measures Fraud and theft of data on the network is a fairly common problem for both ordinary users and corporations....