Reinventing Smart Cards for the Modern Agile, Connected Enterprise

Well, good morning. Good afternoon. Good evening, ladies and gentlemen, depending on where in the world you are at the moment. Welcome to another call webinar. The topic for today is reinventing smart cards for the modern agile connected enterprise. My name is Alexei Balaganski I'm the lead Analyst at call and joining today is Michael, who is the product manager at indeed identity. Before we begin just a few words about company call. We are an Analyst company.

We are based in VIBA in Germany, but we have a, quite a global reach or across United States, UK Germany, Singapore, Australia, and even further. So we are focusing on enterprise it research advisory, decision support, networking, and specifically in areas such as identity, text management, GRC, cyber security cloud, and so on. We are providing research services, advisory services, and we are doing quite a lot of events ranging from free webinars like this one or on the real world, physical conferences to which I am led to welcome you.

The next one will be in Paris, France in just several weeks from now. The consumer identity summit continued with new conference in Franco, Germany, focusing on digital finance world and finally our headline event over a year, the European identity cloud conference in Munich, which will be held usual time. Now in may people find more information on our website before we begin just a few housekeeping rules you on mute centrally. So you don't have to worry about it. We are recording this webinar and we will be publishing the recording of the webcast on our website, the latest tomorrow.

And we will definitely let everyone know. We will send you an email with a link. We are going to have a Q and a session at the end, but please do not hesitate to ask your questions during the presentation. You can hear the questions tool in the goal to webinar control panel, just type your questions in there, and we will read them aloud and we'll answer them at the end. The agenda for today is pretty standard.

First, I am going to kind of lay out the foundation of the topic for today. Explain what's what are we going to talk about? What smart cards actually are and how are we going to make them easier to use and how to reduce the cost and how do we adapt them to the modern enterprise? In the second part, Michael will be talking about a practical approach to that topic. He'll present the company's solution, which is a software based smart card implementation.

And as I mentioned at the end, there will be questions that answer section and as usual, I would like to start with my favorite picture of any webinars. This is how our world is working nowadays. Everything is connected.

Oh, The way our society works has changed profoundly. And of course, the way our corporate networks work has changed as well. Organizations are now communicating, not just with the employees and not just within some, our hardened network perimeter. They have to communicate with various types of people out there on the internet, business partners, customers, and other identities.

They have to control and manage and communicate with various types of devices, such as mobile phones and smart watches and things, those smart internet of things, devices, and basically everything has changed in the last 10 years. And yet smart cards like passwords just refused to go anywhere still widely used. Why basically on this slide, I have tried to summarize brief history and to review of possible application for smart cards. I will not even allowed. I just want to notice that smart cards are definitely nothing new. The technology is extremely mature.

It's actually over 40 years old now it's, it's heavily standardized and it's kind of infiltrated all possible areas of our society, not just in, within the enterprise, but our everyday lives as well. Be it bank card, an electronic bus ticket or your healthcare card or SIM card in your mobile phone. It's all based on smart card. So they're really ubiquitous are they are used everywhere, but most importantly, a single smart card can be used for multiple purposes. And also it of course doubles as a photo ID.

See, for example, those typical CT, the common access cards or PS or personal identity verifications specifications like their adopted, not just in the USA, but around the world. And of course last, but at least the smart card doubled a possession factor for two factor of indication because the smart card is something which you have in your pocket Today. Har we are going to talk not just about any possible smart card application, but specifically about the most relevant one for our research and probably the most common within your company.

The public key infrastructure, the PKI infrastructure just reminder is based on public key cryptography. It revolves around trusted authority, which issues and manages due certificates, establishing a chain of trust within your company. Those certificates contain encryption keys and other data to establish owner identity and asymmetric and methods. Using those keys ensure that you can use strong cryptography for communications and eliminate risk of sharing passwords PKIs are essential for confidentiality and integrity of your business processes.

They power such fundamental services like encryption of your data in store, in storage, on the move, or even at use, it provides strong authentication for validated user identities or devices or applications, although smart things, you name it. And of course it provides non-repudiation service or to prove that your data has not been tempera with. And it actually came from you, you know, this form of a digital signature.

Again, the PKI is also in the standard. It has been standardized nearly 30 years ago. It's widely adopted within enterprises. And of course on the global scale, you know, those HTTPS secured websites and it's probably the only widely adopted and only viable alternative to passwords.

Of course, a PKI infrastructure does not really need smart card, but it smart cards are the single most popular means for distributing and securing and managing those digital certificates. So this is why we are talking about them today. Smart cards are obviously known for multiple advantages.

Again, as I mentioned, it's a mature and standardized technology existing for over 40 years standard form factor, broader range of available hardware, readers, printers, whatever it's supported on nearly every platform. Basically they are everywhere. Smart cards provide high cryptographic security, thanks to the onboard microcontroller, which implements cryptographic functionality and provides protected storage. It offers great flexibility as opposed to many other hardware authentication devices because single cart can be used for multiple applications, digital and physical.

They're extremely convenient because they're small, lightweight and robust, and you can carry a lot of them on your wallet. A lot of interesting user experiences have been built around them. Single sign on user mobility. The so-called secure walkaway, which are very popular. For example, in healthcare industry where a single user has to constantly move around different devices, maintaining a single session. And of course it double sets a personal ID because they're inject very on your lapel.

The photo ID on the other hand, smart cards are known to, to have these advantages, namely, they are easily lost or stolen or broken. Yes, they are robust, but they're still too small and lightweight to just forget somewhere or to lose it along with your wallet, they are pretty expensive, then definitely not as expensive or hardware OTP token, and so other solutions out there, but you have to consider the cost of card readers card printers, and other devices that have to be involved in infrastructure as well.

However, the most expensive part is logistics. Those cards have to be prepared, issued printed initialized, somewhere in a central management location. They have to be security delivered to their intended users, which is long and complicated and costly, especially in the large company. Of course, another often quoted problem is that smart cards are no longer supported by modern devices. You just cannot plug a smart card or even just plug smart card reader into an iPhone or just any tablet or quite a few of those compact modern laptops. So those were kind of the hardware challenges.

And of course you have keep in mind that the organizational challenges as well, the smart card is a pretty standalone device. As soon as it's has been issued, you have a little centralized control over it.

You, you cannot really know who is using the cart, whether it has been compromised stolen, or whether you just given a way to helpful colleague will be misusing it pose as you still are. Keeping those challenges in mind after actually any viable alternatives, which are compatible affordable, scalable, and just as convenient as traditional smart cards.

Well, there have been quite a lot of those devices on the market. Just a few of them are shown on the slide.

Of course, there are just new next generation smart cards, which are either contactless or built into alternative form practice, popular UBI. Key device is a good example. There are companies which are manufacturing, smart cards and micro SD format, stuff like that. And of course there is a huge market around smart card, adapters, Bluetooth, wifi NFC, you name it. There is a very nice product displayed in the right bottom corner on the slide. I've seen it just recently on the, the SK Newberg looks very cool.

Probably look good on your CEO ski chain, along with a Porsche key, but it costs over 150 Euro. So it's probably not a viable alternative to a smart card. There are of course, other types of hardware, OTP, Don, or password tokens, whereas other solutions, they are great. They have their own usage scenarios, but the biggest problem is that they are not compatible with smart cards. They have their own API, they have their own protocols and stuff like that.

There is a wide choice of mobile mobile based device tokens, whether it it's a purely software implemented one time password generator like Google syndicator, or whether it's a specialized, how and app using the onboard trusted virtual module chip again, it's great. It has their own huge, but probably for a lot of reasons, organizational compliance and technological, they will never fully replace traditional smart cards. Biometrics. Absolutely great. There is a lot of on the market from some complicated Iris fingerprint voice kind of so on to completely software-based behavior analysis tools.

Like for example, those who detect your key stroke patterns and try to identify whether it's really you or not. Again, they're great, but they're completely incompatible with PKI infrastructure. So definitely do not cover the whole range of functionality of a smart card. And finally, we are coming to the topic of today's webinar, the virtual smart cards, those solutions are purely software based. They do not require any hardware. They can actually be very different.

There are quite a few existing implementations on the market, which range a lot when it comes to cryptographic security or convenience or compatibility. So what are the benefits and challenges of those virtual smart cards? The obvious benefit of course is that they are very cheap. There are no cost in office hardware at all. There is absolutely no logistics because not only you have no physical things to deliver, or you actually do not need to deliver anything at all. It doesn't even involve sending a file or an email.

Cause all, all those virtual cards are centrally on the server. They are at least in theory, completely compatible with infrastructures. So you do not have to change your existing systems. You don't have to modify your legacy applications and so on. They provide again in theory, unlimited scalability. So if you actually a big fan of smart cards, and the only thing which you were looking for is given a smart card to every worker in your company, even though externals and part-time workers. Now you can do it because again, single virtual smart card costs almost nothing.

And of course, because they are centrally managed, they provide great visibility, the whole centralized administration, simplified administration, definitely, and a reliable audit trail for all those operations. As with the challenges, they are also pretty obvious, but probably there is actually one single challenge, which virtual smart cards cannot overcome. No matter how hard you try, this is actual lack of the second factor. You no longer have a physical thing you own, so you can no longer rely on it as a second factor for multifactor authentication.

You can no longer use it for photo ID or this assumption which virtual card inherently lacking the rest could be overcome with additional effort from vendor. For example, the con the direct consequence of the like of the second factor that a software only smart car deployment is probably not an option for almost any usage scenario. So they have to be deployed somehow in parallel with existing physical, smart cards. And it's up to the vendor to ensure that this parallel deployment is possible. And of course it obviously great potential unique selling opportunities.

By for example, providing a unified card management for physical and virtual smart cards within a single console, along with unified audit and unified reporting, unified visibility could be a very compelling factor. Of course, a lot has to be done about maintaining crypto strengths with the virtual cart.

You know, you have those specialized onboard chips. You no longer have protected storage for keeping those private keys secure. So you have, I mean, the vendor has to implement additional measures to keep those keys security. Somehow somewhere really depends on the particular implementation. The vendor has to maintain compatibility unless a virtual current card implementation is not hundred percent transparently compatible with the existing APIs and protocols for physical, smart cards. Nobody will actually be able to use them, or this will be extremely inconvenient and complicated.

And of course, one has to take a platform support into account because if you are implementing a smart card in software, you have to do it for each popular platform. No, this are the benefits and the challenges of virtual smart cards in general. And here I'm coming to the last slide of my presentation, where I try to summarize all those benefits and challenges of whereas smart cards alternative I have named if you could see, or nothing really beats virtual smart cards provided the vendor, implements them, right?

Whenever you see two colors or which mean that kind of the quality barriers depending on the vendor. So a watch for smart card is always very cheap. It always eliminates logistical problems. The functionality can suffer if implemented incorrectly, but could be completely mimicking the hard work of smart card if done right and so on. And this is where I would like to hand over to Michael. And he's going to talk about, and hopefully show us the actual implementation of such a virtual smartcard platform they have developed.

So, Michael, it's up to you now. Thank you, actually.

So yes, I will describe our software implementation of smart card technology, and it feels a little bit about agenda. So in my part, I will describe the following points.

First, a couple of effects about our company, who we are and what we do. Then I will provide a couple of ideas why we chose smart card and should be used. And then I will describe how our software works and how we are planning to improve it. In the final part, I will show a short live demo enterprise. So indeed identity is an independence of the vendor. We have several security enterprise solutions as visual smart, smart card management system and strong authentication and enterprise single and software.

We implemented more than 50 projects and various sectors like government industry and telecom companies in total about a hundred thousand employees from different companies are using our software. We have offices Inia and in Russia Inia we have sales department and our development departments are allocated in Russia. So what is smartcard and why is it interesting and promising technology at, in identity? We define virtual Smartcar as software based implementation of smartcard.

In particular cases, it can use a hardware device for cryptographic operations, but the main idea is to deliver virtual smart cart to user and manage via client server software. So virtual smart is actually network work smart, which is managed from server software based implementation doesn't require any personal hardware device for user. It allows to save money on use video token card, and the carers as our smart is a network solution. It can be easily managed from admin side. For example, admin can remotely rework smart and will be immediately disconnected from user species.

On the other hand network, we chose smartcard can be quickly deployed in organization. It team just need to install client software on user, for example, using configuration management tools and when administrator enroll a new smartcard for user, it appears on user PC on software, and it's ready to use the right way such scenarios, give it a flexible tool to deploy and manage public infrastructure. So indeed, a key enterprise allow to implement features this software network based which smart key utilize client server architecture.

So all cryptographic operations are performed on a key server by request from client and the private keys are also stored only on the server database and they never leave. The server client software always receives just the result of requested operation for management and user service. We use our measurement software. It provides a work based tools for administrator and users, which I will show it in my demo. So enterprise supports all operations that hardware Mar can perform. It is integrated with Microsoft, keep the API in standard way with mini technology.

So you can use air key in any software you use use hardware smart, such as windows log dis encryption tools, email sign, etcetera. Here is based architecture and components of our solution. Indeed enterprise itself consists of parts. This is a server west marks are stored and all cryptographic operations are performed and web API, which is used to manage smart card and to perform request from Eric client and the PC agent, which is installed on user PC. This agent provides a smart card interface to the operation system and applications.

It communicates with Eric server and for encryption and signature quest software. I use it with enterprise in the bundle is indeed cart management system cart management provides all necessary features for complete usage of the virtual smartcard technology.

This, there are web management consult for administrators, so service for users, event login and policies, which define certificate and smartcard workflows and get enterprise and get card management do not include user director. So it use director service already deployed in organization, such as Microsoft directive, directory, oil, depth catalog, and the last components, high integration models, which provides some additional scenarios and benefits to the solution. The main integration here is a connection to certification authority for certificate issues and rework.

Also, it may be integrated with single solution for registering smart in SSO for strong authentication. Also, the system can be integrated any sort by application, which needs information about user smart and certificate. For example, it could be identity and management systems. They indeed key enterprise technology includes the following layers on the, we have a PKI enabled application, which we use a smart card for business use case. For example, my application and the message signature use encryption software, all windows are log on to perform a P P operation such application.

I use a Microsoft cryptographic service provider with CSP. CSP provides unified interface for application regardless of step of smart car used. So this layers do not include components. Our technology starts to work on mini driver level. So mini driver implements all functions needed for CSP to operate with certain smart cards. It is a low level interface, which translates CSP request into the comments for smart cards and is included in cloud software in storage user and on the lowest level of the technology. We have indeed a server.

The server receives a request from mini diver and returns result to it to perform cryptographic operations. The server extract prior key from our database perform the operations returns result to the agent and remove all user data from memory. So when user, for example, is sign a message in outlook outlook performs the separation with CSP, which translates the request to the main driver. And then email message is sign on the server.

After that the result processed in re order from the server to the mini driver to CSP, and finally to the outlook here, some notable use cases that key allows to implement it could be used as replacement hardware. Smartcard for example, when user forget break or use device, in this case, AKI can remotely deliver a new smartcard to user workplace and replace the device for limited period of time or permanently. Get a enterprise smart can be issued by administrator or user.

If organization means three control over smart enrollment, the system can be configured to allow only admin site enrollment and as Eric Key, fully support and can be used in any P scenarios such as health education, data encryption message and documents signature and on. So we see the following advantages, which our visual smart card provides to enterprise first. There is no additional hardware need for complete PKA usage. So company can save money on hardware and time logistics. A key smart card is delivered to user workplace remotely right after the request.

So it provides ability for fast deployment and operative withdrawal of smart cards, and smartcard allows stronger control over usage so it can be stolen or pass it to somebody. It can be used only on set of PCs, defined by administrator. And at the end of my presentation, I would like to announce some of our plans for indeed key enterprise product. So first of all, we are going to improve our education process on virtual smart card. We are working on alternative variant for playing team as variants include onetime passwords and mobile application with push notification in the second variant.

For example, when user reveal receive a push during windows log and, and he, I will be asked to approve the operation on her smartphone. Another security aspect we want to improve is a storage of private keys on server side. So we are going to implement integration with our hardware security model for store users priorities in it. So now I would like to show short live demo of our software. So I need to switch to our D environment and we can continue. So here is our global environment that consists of two virtual machines, server and client.

The machine have installed server certification authority and active directory services. Also, the server is used as administrator work workplace. The client have a key agent and also client. Now we are the sir, where is opened first. We need to find a user who needs smart card in the search box. We are entering a part of the name of the user best search. So we have found our user and VM opened his profile. This is my user account.

Michael, here we can see basic information from directory, such as name, email is phone and Porwal my user doesn't have any smart. So science car section IST to issue Eric smart, we should click issue a key link and the system ask us to define smart card label. And then we must select a certificate to issue here. We have the options smartcard and security mail certificate. It allows user to, to windows and send email messages. So we press issue during issue process.

The system are creates virtual smart GU public and private queue send certificate request to the CA and save a certificate to the smart card. So now the smart card is created and certificate is issued, but user user can't use it yet. We need to balance the smart card to users PC. Now I'm switching to client PC So we can see there is no connected smart card in the system. So we have to buy smart card to this PC return to on inside. So to allow it, we have to add user to list of allow.

So I add the computer by the Denise's name, client demo, and now everything is radio and the user can going to the PC. So let's switch to user PC and we can see the smart card is connected. So I need just to enter king code and after interview, I'll go to windows. So I get access to my desktop. Then I will configure outlook for email. So I launching outlook, I'll go to file options, trust center, trust center, settings, and email security. Then I should select a certificate for signing. Okay. So after that I can send the science message.

So let's test it and creating a new message, message, and in options, I should select science message and I send it to myself. So the system ask pin code to perform a cryptographic operations.

So I, again, enter pin code from my smart. So I receive this message. I can see the message is silent and the signature is valid. So at this point, my idea is finished it. And I think we can ask for some questions with Alexei.

So Alexei, could you take this control Of the, yeah. Well, thanks a lot, Michael, but please let's stay at your screen for a few moments. So we could actually see your screen when we have questions regarding the demo.

So again, for the audience, please submit your questions now so that we have enough to cover. And the first question is actually related to the demo.

Somehow, can you assign a smart card to several PCs to connect to several PCs at the same time? Yes, it can this administrator, or just should add several, can we just to the list of allowed pieces, he can do it here by new computers to the list, Or, okay. An additional question from myself. Is there some kind of automation for what if a user wants to use a smart card from a UPC, which is not yet to sign to, does he have to call admin on the phone and ask to do it, or is there some additional functionality for that?

Some self-service maybe Now the administrator should the PC for users, but now we are paying to implement a request from user site when users will be able to ask additional PC for smart cap. Okay. So if I understand correctly, your virtual smart card is actually completely virtual.

I mean, there is, there isn't even a digital certificate to move from the server to the client machine. It's all remaining on the server all the time, right?

Yes, you are. Right. All pilot queues and operations are performed only on the sales side. So how much does such a virtual nothing actually cost? So how is your licensing works?

How is, how does it work? A is license peer user. So company needs to purchase amount of license to the quantity of users who need key technology amount of each smart cars are not size. So a company may issue as many smart cars as it wants. They just need to purchase license for users. So basically one can start small, for example, just with a test implementation for group, then maybe extended to the department and go grow whenever it's needed. Right. It's just about purchasing additional licenses.

Yes, yes. It can will perform it anytime. And okay. Another question from myself again. So if I understood correctly, your card management solution, actually managers, not just air keys, but physical, smart cards as well. So you're Right, is the card management universal tool. So which car types do you support? Now? We support a safe net. You talk in smart cards, Jamal smart cars, and several smart card developed in Russia, such as or Karta, but the news market can be easily supported any time. So architecture solution is developed with this idea.

So it's not a problem to support a new can. Okay. So we have another question from the audience or more a comment than the question, but I will kind of try to ask as a question anyway. So if you understand correctly, this virtual cut would only work if the PC is online on the network. So what happens if it's somehow disconnected?

Yes, you're right for now, the PC PC should be online. We didn't implement it, some cash functionality. So now the user should be online. On the other hand, if the PC is disconnected, you cannot actually do much with it, right? You cannot send emails, you cannot access your applications. So probably the only reasonable use case for that possibility would be logo would be nice to be able to log into the computer while it's still offline. So this is probably something you have to think about. Okay. Our next question. So for which platforms is your tool available? Now?

We are, we support windows suppression system. So all windows forms, server, and client, we now, we, we don't support micros or UX. Do you see no demand for that? Or what exactly is the problem? Are there any technical limitations?

Yes, we, we didn't receive any request or for this platform support it, but I think maybe should inigate questions should contact more with our customers and I think it's possible, but in the future. Okay. What about mobile platforms? You mentioned that you are going to support a mobile phone, additional authentication device, for which platforms are you going to make it available? We start with apple iOS and then we are going to implement application for Android. So now we are trying to suppose this two maining platforms. Okay. Next question.

So how is the connection between the a key server and the users PC secured? So how do you ensure that all those cryptographic operations are safe across the whole channel? AKI server is implemented as SP application and we use HTTP as a protocol for communication. So we are using sale encryption to protect data transfers from user PC to server.

And, And again, just to reiterate that the actual encryption keys never actually go back and forth between the server and the client, right. It's only the, Yes, the client received only result of the request. Or so just to get another reminder, please keep your questions coming. Or can you maybe show or something or at least tell us. So how does the parallel management of physical and virtual cards working? Do you actually have ever seen in one interface, do you have some kind of maybe unified reporting to see all the operations with both types of cards?

Yes, actually AK is just another type of smart card software support. So unfortunately I, I don't have now hardware smart card, the DMO, but still we can also issue hardware smart to user, and the systems works with it as in a common way. So it's just another type of smart. So we can see a car depository to see and hardware smart, use it in the organization. So the same sell us that we don't have a software for a hardware smart. We can use event of the system to through operations. So we have operations, we switch of smart and for less market in the same log.

Also, the system can be configured to send this events via email to administrator or users in case they need to make some actions regardless, this, this event. Okay, next question. Can we actually, can you tell us something about the self-service the user initiated operations? How do they work? The user web based source service? So switch to users PC and in the source service users can perform operations, which were allowed by administrator. So now I'm going to so service page.

So, so service looks almost like this profile administrator consult. So here we have some information from this directory. So it's my contacting info and I can see smart card issued to me. So in this case, I have smart card air team and I can perform several actions, administrator allow to me so I can update card content. For example, if when administrator adds some new certificates to the policy and I need to, you share additional certificates, I can change Porwal smart card for, and I can see the list of allow computers when I can use my smart card.

Also, I can switch content and look at my certification on the smart card. Okay. And by the way, speaking on list of loud computers is probably where you could add an additional button.

Like, Hey, I am calling you from a new computer. Please add it to the list of loud ones. Yes. Everything.

Actually, everything is ready to improve the, just we need to do it. Okay.

Okay, great. Okay. We have another question from the audience or how client machines are authenticated by the server. Now the server checks the handy records for the computer, so it should be known computer for the server.

And again, the use this need to input his pin code to be authenticated on smart card. So without a pin code, you just can perform any operation and can get information about his smart card. Okay. And so how piggybacking on that question?

So, or what, if you have a huge network with, I don't know, hundreds of S of, of machines, how do you deploy the solution on all those machines? So the server supports cluster mode. So organization, I can install several instances of the server environment.

So for example, once they repair some office, so in this case, a request will be distributed over this cluster, But still, so I think you mentioned in the presentation earlier that you, you would rely on the standard configuration management solutions to actually deploy the software on the machines, but does, how does the software know where to find the server? Do you have some hard code configuration or do you have dynamic discovery? So how does it, how does it know where to connect? We are group policy now to distribute the name of server where clients should be connected to.

Okay, understood. So another reminder, please ask you questions. We still have a few minutes left, so we could probably ask quite a few questions. Let's okay. Let's give people a couple of minutes and can I please have control back to my computer?

So while we are waiting for another questions to come, I would just like to point out that we have some related research available on our website call com slash reports, which includes post or theoretical coverage of the topic such as enterprise key certificate management, strong authentication, and the organizational approach to the preferable digital information. And of course, we just recently published the review of the actual product we are talking about. Now they did a key enterprise, so it's all well on our website, you are welcome to have a look. Okay.

We have a next question handout possible. Could you please maybe clarify what you mean by handout? Just in case you were talking about some kind of additional documentation or you will definitely find out besides the actual recording of the webinar, you will find out both my and Michael slides on our website, right after the webinar is finished. I will upload them immediately. And of course you are welcome to go to indeed minus id.com and find much more information there. And of course you can always contact myself or Michael or email.

I think we will have our addresses included into the correspond presentations. Well, we actually have about five minutes left and okay. We actually have another question and it's a technical one. What interface is used by air key to communicate with physical smart cards? Is it PCSC 11 MSC, API, mini driver or anything else? We have two interfaces. So to the form operations in C in application, we use Microsoft CSP. We implemented mini diver. So we support Microsoft Q to API and CSP. And also we have 50 CS, 11 variant for application, which needs this interface.

But I think our, we are talking about different things now, right? I mean, our, the question was about physical smart card. So if you want, for example, to support a particular smart cloud, which protocol you would then have to implement to include it into the server.

Oh, so in this case, I mean, the questions about card management software, not about, so in this case, we just need some SDK from data of smart card. So we can support single any protocol which provides, which is provided with hardware smart card, or this could be CSP or PS.

So, So is it something you would do for just a single customer or do you have a roadmap based on general interest in demand? So support in some certain hardware markets, it's not you big deal deal, so we can do it, I think in a couple of four weeks.

So we, we actually, we don't a lot of such features, but again, by records we can support some certain smart cards for customers. It's not actually a problem. Okay. Well then maybe I will, since there are no for the questions from audience, maybe I will ask the final one again from myself. Do you actually see any potential applications of this technology beyond enterprise, maybe for the cloud, maybe for some consumer services or products? Is there any useful virtual, smart cards out there?

Yes, we think it could be used in cloud based scenarios, but in a little bit in different way. So in this case, we don't don't need a agent on user. We have to communicate via some API with target system server, for example, some CRM or some document management system.

So, and we have to implement a server site integration in precise scenarios and use a smartphone for users out education when users will approve keep operations in the cloud with his, your smartphone. But I think it also possible nice scenarios. So do you already have something like that implemented or is it a pure theory at the moment? Now we have technology on which we can build such solutions. So maybe we don't have complete out of the box solution, but we have a set of technology which can be used to performances.

Okay, great. Well, thanks a lot, Michael. It was an interesting presentation under interesting demo, which we don't have very often. We are almost reaching the top of the hour. So since there are no further questions, I can only say thanks a lot to our audience as well for taking part in this webinar.

I hope we will see you again in one of our next webinars, or maybe even at one of our conferences, please visit our website, call.com for more information and for requesting access to our research area and please visit indeed identity website for more information on their, of their product and have a nice evening, have a nice day. Thanks a lot. And goodbye. Thank you. Goodbye.