Introduction

As discussed in previous chapters, one of the most important elements of a security plan is the ability to ensure that a communication really comes from the user or computer that purports to have sent it. This validation of identity is called authentication, and developing a foolproof authentication scheme is one of the biggest challenges faced in the corporate networking environment. As part of the effort to solve this problem, many products and technologies have been developed that enhance the security of communications by digitally signing and encrypting them. One of the most popular of these technologies is public/private key technology, which requires each user to have a private key that only that user possesses and for which only that user knows the password, along with a mathematically related public key that is distributed freely to everyone. Working in conjunction with public/private key technology are smart cards. A smart card is a device that is similar in appearance to a credit card, and offers a secure place to physically store and access keys. Further, a smart card provides an added security advantage a user must have physical possession of the card in order to gain access.

Some of the popular uses of smart cards include:

• Electronic entry to physically restricted areas

• Secure logons

• User authentication

• Secure e-mail

In the future, we can anticipate that the use of smart cards will be expanded to include consolidation of personal information, bank accounts, medical history, and more on a single portable interface...