From today's Internet Week, on smart cards and biometrics:
"Now that digital certificates are making headway at some businesses, when someone steals your laptop, they've also got your digital certificate. That's one of the biggest risks with digital certificate technology today. It may help secure a VPN session, but the only way to really protect your certificate from being stolen is strapping the laptop to your body-or never leaving your desktop.
"One answer, of course, is a more portable way to store digital certificates-namely, smart cards. A smart card basically holds a user's digital certificate, so he or she swipes it through a card reader attached to a PC or laptop. The main trade-off is that they require hardware-the cards themselves as well as the readers. Most businesses deploying digital certificates say these cards are the next logical step in authenticating and validating users. Chevron Canada plans to go with smart cards sometime next year.
"'We are moving certificates to smart cards instead of storing them on the hard drive and risking exposure,' says James Eaton, network specialist for Chevron Canada. 'So you take the smart card out of your PC when you go home, and you physically need access to the smart card and PC, as well as a PIN number.'
"Not far behind is biometrics, in which a fingerprint or retinal scan triggers a user's access and privileges, which would be stored elsewhere on the network-most likely in a corporate directory. 'You will see biometric thumbprint readers built into machines, so then a person uses biometrics as the password to a certificate. It wouldn't replace a certificate,' says Jim Haw, vice president of security and standards for Mackenzie Financial Corp., which uses digital certificates for its financial planners." |
