Skip to main content

Smart Card Authentication Coming to Chromium-based Browsers like Chrome, Edge

Chromium-based web browsers including Chrome and Edge are likely to introduce support for the Web Smart Card API, a browser API that enables web applications to communicate with smart cards, Techtsp has spotted a new development.

The proposed API is currently in development and is expected to be released natively on Chrome and Edge in the near future. The implementation is currently in progress, and a Chromium bug report related to the implementation suggests that it is nearing completion.

Although the concrete details of the implementation are still unclear and will depend on the specific web browser and operating system being used, as well as any additional security measures or protocols that are put in place to ensure the security and privacy of users' smart card data, in general, the implementation will likely involve the following steps:

  1. The web browser will provide an API that web applications can use to interact with smart cards. This API will be based on the proposed Web API for smart cards and will enable web applications to communicate with smart cards at the PC/SC level.
  2. The web browser will detect when a smart card is inserted into a compatible smart card reader, and will prompt the user to grant permission for the web application to access the smart card.
  3. Once permission is granted, the web application will be able to interact with the smart card using the PC/SC API provided by the web browser. This will enable the web application to perform functions such as authentication, digital signing, and encryption using the smart card.
  4. The web browser will ensure that all communication between the web application and the smart card is secure and encrypted, to protect the user's sensitive information.

The Web Smart Card API being developed by the Web Platform Incubator Community Group (WICG), and the API specification is available on the WICG GitHub repository.

There have been recent discussions on the Chromium Blink Dev mailing list and the pcsclite-muscle mailing list regarding the implementation of the Web Smart Card API, indicating that development is ongoing.

Once the Web Smart Card API is released for Chrome and Edge, it is expected to improve security and simplify authentication for users. Web applications will be able to interact with smart cards to perform operations such as authentication, digital signatures, and encryption.

This will provide an extra layer of security, making it more difficult for hackers to steal users' login credentials and gain access to their accounts.