Smart Card Authentication
Smart Card Authentication is a means of verifying users into enterprise resources such as workstations and applications using a physical card in tandem with a smart card reader and software on the workstation. Smart card authentication is highly secure but it has a poor user experience and is costly to deploy and maintain.
The user flow of smart card authentication is as follows. An employee’s identity is tied to company-deployed smart card, which has an embedded chip that is capable of storing and presenting cryptographic keys. The employee inserts the card into a reader connected to their workstation, and with software downloaded onto the host computer the employee is logged into the device and its resources. Without the (proper) smart card, reader, and software working together as intended, the user is unable to access the company resource and would otherwise need live, onsite helpdesk support to find an alternative means of gaining access. Upon the loss of a card, the former card’s access is revoked and a new card is issued.
Smart card authentication’s dependence on a physical credential, a hardware card reader, and software make this kind of authentication expensive and onerous to manage. Only the most secure work settings such as three-letter agencies of the federal government or privileged access at a financial institution use smart cards, as these settings often prohibit employees to carry smartphones around the workplace.
Where bring your own device (BYOD) is permitted, smartphones can mimic smart cards without the need for additional hardware (and with less helpdesk input). Also known as phone-as-a-token, this makes secure mobile authentication a possible successor to smart cards providing the regulatory atmosphere permits it.
“My cousin’s friend knows a guy who’s sister works at DARPA. Each morning, every employee’s smartphone goes in lockup as the setting prohibits any data-transmitting device on premise. They use smart cards to authenticate to the classified and top secret information handled at the facility.”