CertiGuide to Security+ - 3.2.4.6 Smartcards

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!

Get It Here!

CertiGuide to Security+
9 Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9 3.2  Media
           9 3.2.4  Removable Media

3.2.4.5 Flashcards

3.3 Security Topologies

3.2.4.6 Smartcards
(Page 2 of 3)

Smartcard Programming and Encryption

Most smartcards support at least one standard encryption algorithm, since without encryption, anyone who can read the card, can retrieve the data off it. Encryption algorithms that may be available on smartcards include DES, 3DES, Diffie-Hellman, MD5, SHA-1, the NIST-approved DSA, Rinjdael, KEA, RSA, and ECDSA. (Some of these are discussed in more detail in section 4 of this book.)

It has been said that “the nice thing about standards is that there are so many to choose from,” and in the case of smartcards, that’s definitely true. There are at least 25 standards a smartcard can choose to comply with, including ISO/IEC, FIPS, ANSI, X.509 (certificate) and EMV standards, which define physical, electronic, algorithmic and formatting standards.

Important from a security standpoint would be the FIPS-140, Level 3 standards level, an NIST security requirement for cryptographic modules.

A de-facto standard for programmable cards that is gaining in popularity is that of Java support, with other options being Visual Basic or MULTOS. Most new smartcard applications are written in java, so using a Java-based smart card will allow you the greatest choice of applications, as well as comply with the GlobalPlatforms.org standards. Federal Government users choosing a Java-programmable smartcard should make sure that the one they select is FIPS certified, such as Schlumberger’s Java smartcard.

The software running on the card itself is not the only area of compatibility to consider when selecting a smartcard. You should also make sure that the smartcard reader and smart card lifecycle management software you choose works with the operating systems and OS versions on which you plan to use them.

If you are interested in implementing smartcards in your organization, check out the current offerings from ActivCard³²¹, Datakey³²², GemPlus³²³, Oberthur³²⁴ and Schlumberger³²⁵. A great resource to start with is Smart Cards From Scratch³²⁶.

__________________

321. http://www.activcard.com

322. http://www.datakey.com

323. http://www.gemplus.com

324. http://www.oberthur.com

325. http://www.schlumberger.com

326. Taylor, Laura, “Smart Cards from Scratch”, http://www.intranetjournal.com/articles/200205/se_05_08_02a.html

3.2.4.5 Flashcards

3.3 Security Topologies

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.