Examples of smart cards can be used for both remote authentication and Windows authentication, physical access and billing.
Examples of USB tokens with chip-based authentication and flash memory to store files and documents .
Figure 1: Two examples of chip-based authentication devices
Both smart cards and USB tokens have chips attached. The chip requires a 32-bit microprocessor and normally has EEPROM (Electrically Erasable Programmable Read-only Memory) about 32KB or 64KB, the RAM chip is embedded on a smart card or USB token. Today, smart cards or USB tokens can be up to 256KB of RAM for secure data storage.
Note :
When talking about storage in this article, we only talk about the storage embedded in the security chip, not the device itself.
This chip has a small operating system and memory to store certificates, which is used for authentication. The on-chip operating system varies among different manufacturers, so make sure you use CSP (Cryptographic Service Provider) in Windows, which supports the on-chip operating system. We will look at the CSP in the next section. Chip-based solutions have some advantages over other multifactor authentication solutions because they can be used to store certificates for authentication, identification and signatures. As mentioned above, everything is protected by PIN, PIN can allow users to access data stored on the chip. Since an organization often maintains and issues smart cards or USB tokens for themselves, they also define certain policies related to the solution. For example, the card may be locked or deleted after a number of incorrect PIN entries. Because you can combine these policies with PINs, the length of the PIN may be shorter and thus easier to remember without being vulnerable to security breaches. All these parameters are saved on the smart card when it is released. The chip-based solution is also able to withstand interference problems, so in addition to the correct PIN, the data (certificates and personal information) stored on the chip cannot be accessed and thus cannot be used. on something else.
Smart card or USB token?
A difference between smart card and USB token is external appearance. Both solutions address basic needs, with two-factor authentication, but each solution has its own advantages and disadvantages. Smart cards can be used for image recognition, because you can print photos and names on it. USB tokens may have flash memory for storing other documents and files. Both devices are used to control physical access in their own way. Smart cards can also have a circuit, magnetic magnets, bar codes like USB devices.
The smart card requires a card reader, while the USB token can use the existing USB port on the computer and that is the problem for this solution to compete with the smart card reader. Today, smart card readers need to use interfaces such as PC Card, ExpressCard, USB or built-in, some notebook computers and keyboards have implemented their models. Smart card readers are considered as Windows devices, completely independent of the chip operating system and they have security descriptors and PnP identifiers. Both readers and USB tokens require a Windows device driver before they can be used and you should always make sure to use the latest drivers, which comes from reasons for transparent performance. certification of two coefficients.
The initial cost may be slightly affected when you choose the chip solution to use. Smart cards and basic credit cards are similar. Many companies use smart cards for physical access at the office and pay for lunch, . That means that it has both convenient and monetary values and therefore users can protect and just bring their smart card with them all the time. It is also suitable for carrying in a wallet, which also helps it to be better protected.
Some issues to consider
When choosing a chip-based authentication solution, there are some issues and some tips that you should consider here:
1. Compatibility - Make sure that the chip operating system is compatible with the CSP you want to use. In the next part of this series, we will introduce CSP, the software that links the chip operating system and Windows, and it is also responsible for the security policy being applied to the chip.
2. Management issues - If you have to add smart cards or USB tokens to use for many people, choose the chip operating system compatible with the Card Management System (CMS) you have chosen.
3. Scalability - Ensure that the operating system chip can be used by all the required applications and the authentication needs you need. You may have future needs for adding additional certificates to this smart card or USB token, such as signing and encryption in email. Check out the DoD Common Access Card (CAC) specifications, details that have been used to store a lot of user information. Be sure to consider privacy issues when adding more information. We will consider this in the next section.
4. Usability - Make sure to select and add a chip-based solution, both for user-friendliness and manipulation. One of the biggest challenges with multifactor authentication solutions is that everyone has a tendency to forget or lose their smart card or USB device or forget the PIN if it is not used regularly.
Conclude
In the next section, we will show you how to best add smart cards or USB tokens to the Windows environment, and will also show you how to configure a CSP client and the differences between CSP configuration in Windows XP / Windows Server 2003 and Windows Vista / Windows Server 2008.
Part 2: Prepare devices for XP and Windows 2003