Friday, May 22, 2009

How to use a Smart Card?

One thing that I am seeing here in Europe is that there is a difference in how "Smart Cards" are perceived.

In the U.S., we're not too keen on them, and are mostly used for "proximity" functions, meaning we apply them to readers for physical building access. To verify Identity within applications, most organizations prefer to use muti-factor authentication with hardware tokens (e.g., RSA SecurID) Of course, passwords are still used to access physical systems as well, plus some activity in biometric authentication (fingerprint scanning) but this is still in an early adopter stage, but showing some promise with laptop manufacturers.

In Europe there is a potentially greater use for Smart Cards. They do the physical access functionality, but are also used to authenticate to enterprise hardware systems, clock in and out, provide digital signatures, VPN access and even pay for lunch in the company cafeteria.

So it would seem that there are some differneces, unless you're in the Executive Branch of government or attached to the Military. In both of those organizations, Smart Cards required for access and authentication.

Which model is right? Why do we rely on separate "badging" and "access" mechanisms in the U.S.? Is it because RSA got there first? Is it better to have these things separate to provide multi-factor and multi method (card and token) authentication?
Post a Comment