Logical Access Control for the Enterprise
Commercial smart card systems provide logical access control to computers, networks, and resources. Most smart card systems contains a credit card-sized ISO7816 compliant smart card. Various forms such as key fobs or smart card-based hardware tokens are also utilized. Smart card systems can simultaneously provide logical access control and physical access control, enabling the same credential to both open a door and access a computer system.
Smart card systems come with broad support for an enterprise’s existing password or certificate-based authentication mechanisms. Most of the time this is done via middleware and cryptographic libraries such as cryptographic service providers (CSP), minidrivers and PKCS#11 libraries.
A PIN only shows that you know a secret, but biometrics can prove that you are the person you claim to be. Smart cards add a second factor of authentication to existing systems (the “something you have”). Smart cards allow machine-generated passwords and secure, convenient, portable storage for certificates and private keys. Additionally, they can be used for Windows log-on, VPNs, web authorization, public key encryption, e-mail encryption and digital signatures. Some enterprises add a biometric smart card reader to their systems to have a third factor of authentication (the “something you are”). In this case, biometric templates are securely stored on a smart card to prove the cardholder’s identity.
Enterprises benefit from enhanced security for their existing authentication methods while also taking advantage of smart card protection for PKI-enabled applications or simplifying any future migration to PKI.
If you are using commercial smart card systems, make sure that both smart card and middleware are standards-based. Only experienced companies can keep up with a constantly growing list of authentication and security solutions that must be supported. CardWerk can help you find the right system for your business or organization.
Enhanced Security for a Complete Range of Enterprise Authentication Methods
Corporations are quickly moving business processes online to increase productivity and to improve customer service. To safeguard e-business operations, they often employ multiple technologies for controlling access to enterprise networks and for securing data shared over these networks. The reliance on multiple authentication methods burdens users with several hard-to-remember PINs or passwords and creates an administrative nightmare for IT staff.
Smart cards simplify the user experience by providing a single device that supports multiple authentication products across the enterprise. The user only has to remember one PIN that unlocks the smart card to access the network through a password, dynamic password, VPN or other authentication/authorization methods. The addition of a smart card upgrades your authentication method(s) to a more robust, two-factor security system.
Important features of a smart card-based system for enterprise security include:
Smart cards: FIPS 140-1 Level 2 certified, >32K EEPROM storage space on-card, On-card key pair generation, Multiple encryption algorithm support, OS supporting multi-applications for customization, both private and public key processed on-card, On-card cryptographic co-processor.
Middleware: Enhanced digital identity management tools, including Password Management Utility, User PIN unblocking option and Enterprise certificate option. Support for a complete range of authentication methods and technologies, including password-based, dynamic passwords, VPNs, host authentication, web authorization, building access and PKI.
Smart Card Reader: PC/SC support, USB, serial, ExxpressCard and PCMCIA versions available. Some readers even provide an integrated secure keypad and display for secure PIN entry or an integrated fingerprint scanner for three-factor authentication. USB and CCID are most likely the most important industry standards for desktop smart card readers.
What does a Smart Card System for Enterprise Security Cost?
Depending on the manufacturer, a system such as described above starts at about $100 per seat. The price includes smart card, smart card reader, and middleware. Discounts start at 500 seats. CardWerk can assist your business or organization with planning, installation, and personalization. We also take care of customization work in case you want to extend the functionality of out-of-the-box commercial systems.
Free software to read your card number – PACSprobe is an easy-to-use software tool to analyze card and reader and read card data.
The utility detects the card type (prox, iCLASS, Mifare ..) and then reads data such as user ID, card number, facility code to name a few. PACSprobe supports logical and physical access control cards on desktop card readers with USB interface.