Smart Card Security

Mar 3, 2009 Smart Card

Smart card security

Smart cards provide computing and business systems the enormous benefit of portable and secure storage of data and value. At the same time, the integration of smart cards into your system introduces its own security management issues, as people access card data far and wide in a variety of applications.

The following is a basic discussion of system security and smart cards, designed to familiarize you with the terminology and concepts you need in order to start your security planning.
What Is Security?

Security is basically the protection of something valuable to ensure that it is not stolen, lost, or altered. The term “data security” governs an extremely wide range of applications and touches everyone’s daily life. Concerns over data security are at an all-time high, due to the rapid advancement of technology into virtually every transaction, from parking meters to national defense.

Data is created, updated, exchanged and stored via networks. A network is any computing system where users are highly interactive and interdependent and by definition, not all in the same physical place. In any network, diversity abounds, certainly in terms of types of data, but also types of users. For that reason, a system of security is essential to maintain computing and network functions, keep sensitive data secret, or simply maintain worker safety. Any one company might provide an example of these multiple security concerns: Take, for instance, a pharmaceutical manufacturer:

Type Of Data

Security Concern

Type Of Access

Drug Formula

Basis of business income. Competitor spying

Highly selective list of executives

Accounting, Regulatory

Required by law

Relevant executives and departments

Personnel Files

Employee privacy

Relevant executives and departments

Employee ID

Non-employee access. Inaccurate payroll, benefits assignment

Relevant executives and departments

Facilities

Access authorization

Individuals per function and clearance such as customers, visitors, or vendors

Building safety, emergency response

All employees

Outside emergency response
What Is Information Security?

Information security is the application of measures to ensure the safety and privacy of data by managing it’s storage and distribution. Information security has both technical and social implications. The first simply deals with the ‘how’ and ‘how much’ question of applying secure measures at a reasonable cost. The second grapples with issues of individual freedom, public concerns, legal standards and how the need for privacy intersects them. This discussion covers a range of options open to business managers, system planners and programmers that will contribute to your ultimate security strategy. The eventual choice rests with the system designer and issuer.
The Elements Of Data Security

In implementing a security system, all data networks deal with the following main elements:

1. Hardware, including servers, redundant mass storage devices, communication channels and lines, hardware tokens (smart cards) and remotely located devices (e.g., thin clients or Internet appliances) serving as interfaces between users and computers
2. Software, including operating systems, database management systems, communication and security application programs
3. Data, including databases containing customer – related information.
4. Personnel, to act as originators and/or users of the data; professional personnel, clerical staff, administrative personnel, and computer staff

The Mechanisms Of Data Security

Working with the above elements, an effective data security system works with the following key mechanisms to answer:

1. Has My Data Arrived Intact? (Data Integrity) This mechanism ensures that data was not lost or corrupted when it was sent to you
2. Is The Data Correct And Does It Come From The Right Person? (Authentication) This proves user or system identities
3. Can I Confirm Receipt Of The Data And Sender Identity Back To The Sender? (Non-Repudiation)
4. Can I Keep This Data Private? (Confidentiality) – Ensures only senders and receivers access the data. This is typically done by employing one or more encryption techniques to secure your data
5. Can I Safely Share This Data If I Choose? (Authorization and Delegation) You can set and manage access privileges for additional users and groups
6. Can I Verify The That The System Is Working? (Auditing and Logging) Provides a constant monitor and troubleshooting of security system function
7. Can I Actively Manage The System? (Management) Allows administration of your security system

E-mail Comment Del.icio.us Digg Reddit Technorati Furl
This entry was posted on Tuesday, March 3rd, 2009 at 5:35 am and is filed under Smart Card. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.