Smart Cards, 10 Years Later – Part 1

Over the last decade we have seen technology advancements grow in all sectors.  For most of us, this is an “expectation” we look forward to:  what’s the next cool gadget this year and how does it work?  For businesses however, these new technologies are often viewed as:  a new requirement that we have to now meet in order to be compliant.  This usually means the solution is mandated to address one key design phase – “security”.  Security alone doesn’t advance technology; solutions must be innovative, easy to use, manageable, and sometimes even  cool!

Starting a car today is as simple as pushing a button, as long as the proximity chip built into the key fob is with the rightful owner.  If not, the engine won’t start.  No longer do you have to wait in long security lines at airports, you can now scan your eyes at a secure kiosk and avoid the lines altogether.  Employees can now enter office buildings by pressing their smart card up against the door reader.  Not only will the door open, but their time sheets will be electronically updated showing the exact time of arrival.  The same smart card can also be used to securely log them into their encrypted laptops!

The noticeable similarity seen in the above examples is the ability to protect the user’s asset and identity.  Security has a fundamental role in addressing these concerns.  For this article, I will focus on smart cards, the changes I have seen over the years and their general acceptance today.

In 2003, our research and development team was ahead of the game focusing on implementing 2 and 3 factor authentication for our full disk encryption solution (WinMagic SecureDoc).  It was clear the direction was moving away from single factor authentication (as it wasn’t deemed strong enough to protect laptop access).  Before I continue, here’s a quick reminder on the different levels of authentication:

  • One-factor – something a user knows, e.g. username and password
  • Two-factor – first factor, plus something a user has, e.g. smart card
  • Three-factor – first and second factor, plus something a user is, e.g. fingerprint

This trend resulted in security companies around the World developing their own solutions to address 2 and 3 factor authentication, using smart cards, USB Tokens, and Biometrics.  What this really meant, was an abundance of different solutions made available to the market.  Customers could choose the solution they felt would best meet their requirements.  In the interest of our customers, WinMagic (of course) provided support for these devices based on the most popular and sought after.

To understand the difficulty behind implementing smart card support for full drive encryption, it’s important to know how these cards are intended to work.  Each smart card’s OEM develops specific middleware (or drivers) that must be installed in the OS environment.  These drivers are required in order for OS based applications to communicate with the token chip on the actual card.  Without the middleware, the smart cards will not function properly.  However, the OEM’s did not design their smart cards to function at pre-boot, which is where user authentication takes place for full disk encryption.  This is where the fun begins.

Next week, I’ll get into more of the challenges involved in enabling smart card support for full disk encryption and how the smart card trends look today.

Previous Post
Annual TCG Members Meeting: The Slow March of Progress
Next Post
Smart Cards, 10 Years Later – Part 2