One of them is the development in favour of an easier handling of digital certificates. This is particularly true for USB tokens which now get along without a specific Smartcard reader. Although Smartcard readers have gained in popularity, they are still not found in all available devices – as opposed to USB interfaces. As the purpose of a Smartcard is first of all to deliver an additional factor (“have”) for authentication, USB tokens can do the job as well – keeping in mind, though, that they lack some of the special security features provided in Smartcard operating systems. But still, they offer a useful alternative when it comes to the point of an easy certificate-based authentication.
As to the cards themselves, things are in a state of flux. One of the variations are chips coming as –easily manufactured – Smartcard to be integrated into USB tokens. More powerful Smartcards with optimized operating systems, Smartcards with an integrated web server for internet use and, above all, the integration of different functions realized in a combination of Smartcard and Proximity Card, – the latter reacts when approaching a reader –, are gaining more and more in importance.
Another very exciting point are the approaches to more sophisticated authorization based on graded authentication. For example, the concept of combining the control of physical access to an enterprise or to defined enterprise areas with network authentication would make it possible to restrict the access to selected applications to situations when an employee is staying in a particular building. This can of course be additionally combined with Proximity Cards. For security-relevant areas, these approaches are of great importance.
Last but not least it is the software for the management of certificates, cards and tokens that shows significant improvements in quality. This is due to several factors like acquisitions of manufacturers (Microsoft/Alacris), new investors (Secude) and large governmental orders (ActivIdentity). Although the potentials, particularly for the integration into Provisioning Systems, have not been fully exploited, the solutions available at present have already reached a considerable degree of sophistication.
These trends should also inspire enterprises to reassess their own strategies. They will find a wide scope of interesting approaches to token-based and highly flexible authentication. This does not at all mean, however, that the simple Smartcard with digital certificates is obsolete, but it is not cutting-edge anymore.
Created: 28.09.07, modified: 11.10.07