Smart Cards combined with TVG’s O/S offer the highest degree of security for the transfer of information over networks in general and particularly over the Internet. This full security system comes about only with the use of TVG’s cards and readers’ technology.

Compared to other ways of authentication and secured Internet access, Smart Cards offer a better, safer solution.

A close evaluation of possible solutions will reveal the true winner: Smart Cards.

 

Here are few ways commonly used to ensure a secure login to sensitive data. Although they are believed to be secured enough, they have too many flows that prevent them from being a truly protected way to handle sensitive information access.

Passwords

Today the most popular way of establishing ones identity is the use of a password. The password is being sent to the remote server, authenticated on the server and user access is permitted or denied.

Passwords are very hard to relied upon for the following reasons:

v    When sent over the Internet without any encryption they are highly susceptible to interception.

v    Having to remember different passwords to different services a lot of people use the same password for many applications. Once the password is hacked the hacker gains access not only to one service, but also to the entire line of services this password was supposed to protect.

v    Passwords represent a logical barrier, not a physical one. What one person can invent – another person can crack!

v    Because of the need to remember many different passwords to different services many people write down their list of passwords on a piece of paper. This all too common phenomenon of the “password list” near a computer workstation can be very dangerous to the organization resources. If this list falls into the wrong hands the entire security system of the organization is in jeopardy. Moreover, if a Smart Card is stolen the person missing the card will probably be aware of that fact and appropriate measures can be taken. This is not the case when a password has been hacked/cracked/stolen. No one can know when a password is ‘missing’ until problems arise.

v    With more than 30% of all help desk calls involving resetting passwords for users, password files are expensive to support and maintain.

v     Passwords are usually stored on the hard disk. However, even encrypted passwords can be cracked within hours. Password dictionaries are not rare commodity and together with a cracking program passwords can be cracked in a very short time. Trojan horse viruses can capture the password while it is being keyed and send it away to unwanted hands.

The vulnerability of passwords makes Smart Cards a real must. Smart Cards are not a luxury – under today’s risks they are a necessity.

Microsoft’s WIN2000 is “Smart Card Ready”, supporting secured login to networks and applications using Smart Card.

Digital Certificates and Digital Signatures

Digital Certificates were created to overcome the general anonymity afforded by unsecured, opened networks like the Internet by providing a reliable and trustworthy proof of identity the same way as passports and driver’s licenses do. Used in conjunction with modern web browsers, e-mail software and other applications, digital certificates (and the public and private key technology they are based on) offer the potential for ensuring secure electronic commerce and transactions over these networks.

However, digital certificates cannot be considered the ultimate step in security. With a digital certificate, anyone with access to the private key is assumed to have the rightful ownership of the certificate. Thus, while digital certificates can associate an identity with a public key, the digital certificate alone cannot confirm the identity of the individual presenting the certificate. Like a passport without a photograph attached, a digital certificate stored in the usual manner on a PC hard drive is susceptible to interception and fraudulent use. If other people know or have access to the private key, it is possible for them to assume that identity and engage in fraudulent use of the certificate. Most digital certificates today, and more importantly their associated private keys, are simply encrypted with a password and stored on the owner’s PC hard disk drive, where it may be vulnerable to attack either directly or through the network. Consequently, the private key is vulnerable to many of the same password-related problems mentioned earlier, and several programs are available to either divert PC files or attack password mechanisms. Before digital certificates can be widely accepted as proof of identity, a way must be found to protect them.

                                                  

The standard methods used today are not safe and we are experiencing greater acts of fraud then ever before. The March 1998 Computer Security Institute/FBI computer Crimes Survey, found that 47 percent of the 563 organizations surveyed were attacked via the Internet, and the FBI believes as many as 95 percent of the attacks go undetected. Corporate America spent about $6 billion in 1997 on network security, and financial losses were estimated at $10 billion. As good as public key cryptography is at securing messages, it alone cannot attest to who is actually presenting any particular private key.

Therefore, it is no wonder that the US president, Bill Clinton, used a Smart Card in order to sign the “Digital Signature Act of 1999”!

 

Smart Cards Make the Difference!

Using a Smart Card, the size of a credit card, with it’s own embedded microchip processor and TVG’s O/S, it acts like a miniature PC, offering advanced services with a high degree of data security. Smart Cards offer superior protection for the private key because they require not only a password but also a physical possession of the card itself in order to gain use of the private key. This kind of two-factor authentication (password + Smart Card) offers significantly stronger security than passwords, and ensures that only the rightful, intended owner is using the digital certificate.

With a Smart Card, the private key never leaves the card and is completely inaccessible from outside the card. All cryptographic functions requiring use of the private key for secured internet browsing and secured e-mail delivery – digital signatures and decryption of the session keys – take place on the Smart Card by the onboard microprocessor, and only the results are passed back to the host PC.

The Smart Card itself is easy to use, portable, unique and cannot be cloned.

We have designed the TVG O/S to be the most secure, simple and affordable solution for organizations wishing to use Smart Cards in their public key infrastructures for greatly improved security. Designed for quick, easy, plug-and-play installation and set up, TVG offers a complete solution that includes Smart Cards, Smart Cards Readers and security software for integrating with software suites.

                                                                                                                    

The TVG O/S works seamlessly with Microsoft Internet Explorer, Outlook 98 and Outlook Express via Microsoft’s Crypto API, as well as Netscape Navigator and Messenger. When using these applications, TVG’s O/S provides SSL v3 client authentication to requesting web servers and secured S/MIME e-mail exchange via the user’s digital certificate and private key stored on the Smart Card.

 

 




Copyright © 2000 T.V.G. Technologies LTD. All rights Reserved.