Ray Richards is founder of Mindspan Consultants and a technology journalist hailing from Ottawa, Canada

Skip site navigation and move to main content of page.

Network Resource Management: Smart Cards

The story up to now...

In recent months we have been examining the various aspects of Network Resource Management: strategies and products. We will leave this alone for awhile and take an in-depth look at security solutions with a focus on Smart Card technology and its application in the networked environment.

Security

Surely everybody is aware of the omnipresent danger inherent in deploying enterprise Information Technology systems — hackers. Whether they be inquisitive, pimple-faced, fourteen-year-olds with too many brains and too much free time, disgruntled former or current employees bent on wreaking havoc in your organization, or cagey corporate spies seeking to exploit proprietary information, they all represent a serious threat to your corporate health. How much would it cost you if someone destroyed your accounting records — your server set-up — your Web site? What would you do if the cleaning lady decided she wanted to play a game of solitaire on your machine and accidentally erased the proposal you had been working on for two weeks?

While firewalls and routers employing IP filtering maintain a hard shell around your network and represent part of the answer, they do little to address the 'soft center' of IT deployments. It is well known that the vast majority of security breaches occur from within and are in general far more destructive than attacks originating from outside your premises. This is primarily due to the fact that insiders possess a superior knowledge of the network in question and may exploit known weak links in its' security systems. Smart Cards are one of the best means of ensuring this does not happen to you.

Smart Cards

What are Smart Cards? Essentially, Smart Cards are credit card-sized (generally) tokens with an integrated circuit built into their structure which permits them to communicate with other devices. They possess memory in static or dynamic configurations; ranging from a few kilobytes to several megabytes. Smart Cards have been available in various forms since the 1970's but are only now gaining widespread acceptance. The term 'Smart Card' was coined by Roy Bright; a member of France's Intelimatique, a government marketing agency. The French have been leaders in this technology since its inception and have injected the most capital by far into the promotion and implementation of Smart Cards.

Applications

The Smart Card may be used in countless ways but is primarily viewed as a device to ensure security (physical, data, monetary) is maintained. The best way to demonstrate the versatility of this device is by way of example:

Private Joe Blo has just joined the military and has been issued a set of Smart Cards in the form of dog tags along with the rest of his gear. After surviving boot camp, Private Blo has been assigned a clerical position at CFB Borden and settles in to his new posting. On his first morning, Joe gets up and discovers that he has run out of toothpaste; so he hurries down to the stores clerk in order to procure some Crest. He swipes his dog tag through a card reader, punches in his code and marches off with his toothpaste, the cost of which has been deducted from his electronic wallet.

Private Blo finishes his morning routine and heads off to his new office building to begin his first day. At 06:00 on the nose, Joe enters the building and is greeted by his new boss who tells him that he must attend a meeting and that he will see him at his post in half an hour. Great! thinks Joe I can sneak out for a smoke! Private Blo heads back outside to the smoking area and proceeds to enjoy himself chatting up some of the female staff. Suddenly realizing that it is 06:20, Joe hurries back inside to his post. As he is working in a high security environment, he must pass several security stations where his identity is verified via a transmitter built into his dog tags which sends a digital photograph (and other pertinent information) to a receiver on the station officer's computer.

He seats himself at a computer terminal which he believes to be his own, only to realize that he cannot power it up. He checks the cabling, presses the circuit breaker button on the power bar — to no avail. Confused, he consults a co-worker who informs him that this is not his station. The proximity detector on the computer did not detect an authorized user from Joe's dog tags and therefore refused to boot. Finally, discovering his correct post, Private Blo powers up his machine and does his best to make himself look busy.

At 06:30, his boss arrives and asks him where he has been. Joe explains that he had a little trouble finding his office, but he finally managed. His boss queries Private Blo as to whether or not he thought that he would be working in the smoking area — the proximity tracking system had informed on him. The system is able to track personnel movements via the transmitter on their dog tags sending signals to receivers located throughout the facility. Joe is reprimanded and his new boss rides him hard all day.

At the end of his shift, Private Blo decides that he needs to have a few drinks to alleviate the day's high level of stress and, so, heads off to the mess. He purchases fifteen beers using his tags and, after having consumed them, staggers outside to go home. Joe jumps into a Jeep and turns the key — nothing. The smart dog tags have informed the ignition system that Joe is in no condition to drive after having purchased x quantity of alcohol in x period of time. Frustrated, Private Blo stumbles off into the woods and passes out.

The next day, he is located by a helicopter pinging Joe's dog tags and Private Blo ends up in the slammer.

Summing up

While this example illustrates a very comprehensive utilization of Smart Card technology, I feel that it just scratches the surface. Smart Card strategies may employ encryption, digital signatures using public/private key schemes and may even be coupled with retinal and fingerprint scanners; clearly representing a winning combination for today's security requirements. For more information please feel free to contact me or call Synercard, the premier designer of custom Smart Card solutions, at (819) 777-6687.

Originally published in Monitor magazine's lanStuff column, July, 1997, by technology columnist, Ray Richards.

Sidebar

Article Index