Page 198 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 198
Information Security and Privacy
Notes you ask and what marketing material you are reading. Used to authenticate users to domains,
systems, and networks, smart cards offer two-factor authentication — something a user has, and
something a user knows. The card is what the user has, and the personal identification number
is what the person knows.
A smart card can process, as well as store, data through its microprocessor; therefore, the smart
card itself (as opposed to the reader/writer device), can control access to the information stored
on the card. This can be especially useful for applications such as user authentication in which
security of the information must be maintained. The smart card can actually perform the password
or PIN comparisons inside the card.
As an authentication method, the smart card is something the user possesses. With recent
advances, a password or PIN (something a user knows) can be added for additional security and
a fingerprint or photo (something the user is) for even further security. As contrasted with
memory cards, an important and useful feature of a smart card is that it can be manufactured to
ensure the security of its own memory, thus reducing the risk of lost or stolen cards.
The smart card can replace conventional password security with something better, a PIN, which
is verified by the card versus the computer system, which may not have as sophisticated a means
for user identification and authentication.
The card can be programmed to limit the number of login attempts as well as ask biographic
questions, or make a biometric check to ensure that only the smart card’s owner can use it. In
addition, non-repeating challenges can be used to foil a scenario in which an attacker tries to
login using a password or PIN he observed from a previous login. In addition, the complexity
of smart card manufacturing makes forgery of the card’s contents virtually impossible.
Use of smart devices means the added expense of the card itself, as well as the special reader
devices. Careful decisions as to what systems warrant the use of a smart card must be made. The
cost of manufacturing smart cards is higher than that of memory cards but the disparity will get
less and less as more and more manufacturers switch to this technology. On the other hand, it
should be remembered that smart cards, as opposed to memory only cards, can effectively
communicate with relatively ‘dumb’, inexpensive reader devices.
Notes The proper management and administration of smart cards will be a more difficult
task than with typical password administration. It is extremely important that
responsibilities and procedures for smart card administration be carefully implemented.
Smart card issuance can be easily achieved in a distributed fashion, which is well suited to
a large organizational environment.
!
Caution Just as with password systems, care should be taken to implement consistent
procedures across all involved systems.
Task Explain the process of smart card as an authentication method.
192 LOVELY PROFESSIONAL UNIVERSITY
