People who use smart cards intensively inadvertently notice a trend. As the number of services accessed with the smart card increases, latent usability issues become really apparent.
Castella solves these issues without compromising security. It streamlines the usage experience with the help of a security agent application that runs in the background on a PC.
Smart Card Single Sign-On
Castella's primary focus is to create a smart card single sign-on experience. So instead of entering your PIN code in every application, you just enter your PIN once when signing on to Castella.
A single sign-on session stays in effect until the smart card is removed or the desktop is locked. The difference ? Security enabled applications can be used as normal. However, they will not be asking for a PIN code anymore.
Public Key Security Agent
Castella is a security agent that hooks into all the important cryptographic application interfaces. The design of Castella has been oriented towards cryptographic hardware tokens (smart cards) from the start.
Cryptographic Interfaces
Castella supports the following cryptographic interfaces:
- RSA PKCS#11 (Cryptoki)
- Microsoft Crypto API
- ssh-agent
Remote Access
Castella integrates seamlessly with Remote Terminal Servers. Within a remote session you also don't need to enter your PIN code.
Tight integration with remote access clients allows Castella to enforce policies in remote sessions. This takes smart card single sign-on across the network.
Supported clients are:
- Citrix MetaFrame Access Client
- Microsoft Remote Desktop Connection
- xpt CrossConnect
More Information
For more information take a look at the following documents:
Castella Design Rationale
A justification of design choices for Card Holder Authentication Caching (a.k.a. smart card single sign-on policy).
HTML|PDF (32 KB)
Castella Installation Guide
A short stepwise installation guide for setting up Castella on your computer.
HTML|PDF (178 KB)
