Tokens dumb and smart

  As was mentioned in the section on user authentication, one common form of authentication is to rely on something the user possesses, such as a key or token. Tokens can be either smart or dumb, depending on whether they contain processing power. Examples of dumb tokens are standard magnetic strip cards, picture badges, or keys. While they can be quite useful for user identification, dumb tokens are fairly useless for data authentication functions.

Tokens with processing power and storage capabilities can take various form factors. These include:

smart cards
In this paper I use the term ``smart card'' to describe an ISO-standard smart card with the exact same size and shape as a standard credit card, but with an embedded microprocessor and I/O channel. France seems to be ahead of the rest of the world in developing smart card technology, and they are starting to be used for several applications. ISO standard smart cards can be inserted thousands of times into a standard reader that connects to a serial port of a personal computer. They are extremely convenient, since they can easily be carried in a wallet, and can be combined with a magentic strip or printed picture on the card to create a very secure identification device. The major disadvantage at present is that there are relatively few reader devices in the US at present, but the reader devices are extremely cheap, costing less than $100 each.
PCMCIA cards
Unlike smart cards, PCMCIA cards are much thicker, and have much more flexibility in the kind of technology that can be incorporated into the cards. A type II card (the most common) is approximately the same dimensions as a credit card, with the exception that they are about 1/8" thick. Almost all laptop computers are now being sold with at least one PCMCIA slot in it, so the technology is becoming fairly common. One disadvantage of PCMCIA cards is that the technology is not intended for as many insertions into a reader as an ISO standard smart card, since it relies upon pins rather than smooth contacts. Another disadvantage is the fact that PCMCIA cards are inconvenient for carrying in wallets.
The SmartDisk looks exactly like a standard 3.5" floppy diskette, but instead of containing a spinning magnetic medium, it uses a magnetic read/write head to communicate with a host computer. Inside the 3.5" floppy disk is space for quite a bit of sophisticated electronics, including batteries, megabytes of memory, and powerful microprocessors. Fischer now markets a card that can be used to control the booting of workstations, but they are also developing a cryptographic module. The major advantage of the SmartDisk is that virtually every desktop computer in existence has a reader already in place that can read the SmartDisk. The SmartDisk is somewhat larger than a smart card however, and must therefore be considered somewhat more inconvenient.

Kevin S. McCurley
Sat Mar 11 16:00:15 MST 1995