Smart Cards Provide Strong Authentication and Enhanced User Convenience for Logical Access Security, According to New Smart Card Alliance Report
Princeton Junction, NJ, October 12, 2004–Smart card technology can provide organizations with strong authentication and enhanced user convenience for logical access security, according to a new report from the Smart Card Alliance released today.
“Organizations of all sizes and in all industries are anxious to improve the way they identify users to their networked systems,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “We created this white paper to show how organizations can use smart cards in combination with one or more authentication technologies to achieve significantly strengthened security.”
The report, “Logical Access Security: The Role of Smart Cards in Strong Authentication,” provides a comprehensive review of current issues surrounding secure information systems access, alternate approaches for authentication and key business considerations for investing in and implementing new technology for strong authentication. It describes the benefits of using smart cards for logical access and highlights the significant level of smart-card-related support and functionality provided by both Microsoft Windows and Linux operating systems. The report also includes profiles of several organizations currently using smart ID cards for information systems access including Boeing, Microsoft, Rabobank, Shell, Sun Microsystems, U.S. Department of Defense and U.S. Department of State.
Using single-factor authentication, such as a password, for information systems access is a significant security risk. A single password can be easily compromised, and storing password data on corporate networks introduces additional vulnerability to attackers who gain network access or insider fraud.
Strong authentication, the report explains, requires the use of two or three factors. Smart cards work with other authentication techniques by storing some combination of password files, public key infrastructure certificates, one-time password seed files or biometric image templates on a single card. Organizations then combine more than one factor to improve the security and privacy of the overall authentication process. For example, authentication might require something you have, the smart card; something you know, a personal identification number or password; and something you are, a unique physical characteristic or biometric identifier.
“This enhanced security is not the only reason why smart cards are becoming the preferred method for logical access. This white paper shows how smart cards create enhanced user convenience through their ease of use, broad application coverage, ease of integration with the IT infrastructure and multipurpose functionality,” concluded Vanderhoof.
The Smart Card Alliance has a very active Secure ID Task Force, and individuals from 22 member organizations were involved in the development of the white paper. Lead contributors included representatives from Axalto, CardLogix, Datakey, Gemplus, Honeywell Access Systems (OmniTek), IBM, Identix, Litronic, a SAFLINK Company, Lockheed Martin, MartSoft Corporation, Northrop Grumman Corporation, SCM Microsystems, Smart Commerce, Inc., Sun Microsystems, VeriSign and XTec, Incorporated.
The report, written for executives and managers, is available from the Smart Card Alliance online store at http://www.securetechalliance.org. All Smart Card Alliance reports are available to members and government employees at no charge.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information please visit http://www.securetechalliance.org.