Smart Card Multi-factor Authentication: Back to the Basics

September 4, 2017 0 Comments in smart cards by Patricia Douglas

This post describes smart cards and their basic function. The post also points out the different ways businesses use smart cards -- and the types of businesses that choose to employ such devices. Without doubt, protecting and securing your data is paramount in today's world of ever-evolving and sophisticated cyber crimes. Smart cards and smart card multi-factor authentication can serve as a substantial tool in your toolbox as you develop security measures that restrict access to your data. So, read on as we start with the basics.

What Security Means to Today's Business World. Security for the purposes of our discussion means protecting something the business values so that no one can steal it, lose it or change it. We are most often concerned with data security which can take many forms in today's digital world. Data security ranges from sensitive consumer financial information to a business' trade secrets, from information gleaned from smart machine sensors on a factory floor to the automatic pilot/driving system in a plane or car.

Describe Multi-factor Authentication. Multi-factor authentication means that a user's access to computer files and/or data occurs only after the user presents several different pieces of identification to prove he is one of those authorized to use the system. In general, multi-factor authentication requires the user to provide at least two pieces of identification -- in the form of something he knows or something he has, combined with something that proves who he is -- in order to gain access to the network.

In the banking world, for most of us the ubiquitous debit card exemplifies multi-factor authentication. A person can only withdraw money from his or her bank account via a cash machine if he has his card (something he possesses) and he gives the machine his personal identification number (something he knows). This is an example of two-factor authentication -- which is the minimum fields of multi-factor authentication.

If the person trying to use the system does not have one or the other pieces of information, the system will lock him out.

Single-factor authentication is no longer the security standard. The more hoops and layers that a hacker has to navigate, the harder it is for him to break the system. A multi-factor authentication, according to the PCI Security Standard Council's February 2017 Information Supplement, Guidance on Multi-Factor Authentication, provides "a higher degree of assurance of the identity of the individual attempting to access a resource, such as physical location, computing device, network or a database. MFA creates a multi-layered mechanism that an unauthorized user would have to defeat in order to gain access."

So, to emphasize the point, multi-factor authentication makes access to networks and systems more secure.

Describe the Smart Card. A smart card, also known as a chip card or an integrated circuits card, is the size of a credit card, made of plastic, with integrated circuits embedded inside that form a microprocessor.

Smart cards, integral to a multi-factor authentication system, serve as the gate-keeper for gaining access to computer networks, programs, files, and data. The smart card appears to a user as a single piece of plastic but inside it may have as many as 12 components, including software and microchips.

Smart cards have either a contact or contact-less format. Contact cards have electrical contacts embedded in the magnetic strip and users insert them in a card reader. In the contact-less format, the smart card transfers data via radio waves to card reader devices.

The authentication process stores "secrets" inside the microprocessor chip and transfers the secret information to the card reader to access the system. Smart cards provide protection against a range of security threats from careless treatment of passwords to hi-tech hacker events.

Some smart cards incorporate biometric technology to restrict access (think fingerprints and retina scans).

What Businesses Use Smart Cards. Smart cards are everywhere in today's business sectors. Smart cards protect laboratory equipment, drugs, health care equipment, as well as digital content. Smart cards in the electronic health information sector also must comply with Health Insurance Portability and Accountability Act of 1996 (HIPPA).

Hospitals and rehabilitation centers use smart cards today to:

  • identify patients,
  • authenticate visitors,
  • verify eligibility for insurance coverage,
  • deliver information from one system to another,
  • deliver safer medical care (think dialysis machines, laser eye surgery)

Enterprise level businesses turn to smart card employee badges that use Public Key Infrastructure (PKI) to enhance security for employees deployed around the world. Hotels use smart card technology to restrict access to staff-only rooms.

Virtual Private Networks depend on smart cards as do business-to-business networks. Smart cards authorize individuals through predetermined privileges and access rights. Smart cards are even used in secure email and online commerce activity.

Ready to learn the basics of PIV derived credentials?