There are two current card technologies that you should consider: Number generators (calculators) and smartcards. The number generator needs no additional hardware to work with a computer. It is therefore easy to implement. The technology provides a high level of security and is used for applications like cash transfers over the Internet. The lack of storage capacity, however, is a considerable drawback. It is not possible to obtain information like the username from the card. Smartcard technology needs a card reader installed in each computer. Card readers are available for desktop use, 3�� internal slots, or PCMCIA readers. The quality of the smartcard itself can vary, but some manufactures do supply cards of extremely high quality. The cards have a large storage capacity, their own operating and file systems, and a wide range of authentication methods. For example, a smart card can be installed so that it is the key required for access to the network. Without a smartcard and PIN code, a user is not allowed onto the network. One type of smart card reader, called B1, is manufactured by Siemens Nixdorf and SCM. Deutsche Telekom has developed a very powerful operating system for the smartcard itself. The system is called TCOS and has ITSEC E3 certification. One thing you should consider in connection with card readers is whether data is passed between the computer and the card in encrypted form. Many card readers are connected to the serial port, and if the data transport is not encrypted, a hacker has plenty of scope to crack the system in a short time. Some organizations use so-called �Trust Center�. The purpose is to send the card's �certificate� to the �Trust Centers� to allow for near instantaneous revocation of their smart cards. The party reading the card sends its certificate to the �Trust Center�, which checks that the card is still valid for use in the organization.
|
|
|
|
|
|
|
|