Usb Token Authentication - HP Compaq NC4010 Security Manual

by becoming permanently disabled after 5 incorrect PIN entries. This is a standard feature, and it
ensures that even with access to both the smart card and the system, the PIN cannot be guessed.
Unlike passwords, loss of smart cards can be detected and steps can be taken to prevent access to
the system and the network.
Smart cards provide for mobility (stronger, portable user authentication on devices). This allows users
to authenticate on multiple systems. This feature is important in environments where users are not tied
to any single client. Smart cards can also provide a limited amount of secure, mobile storage, which
can be used to securely transport user credentials and keys.
Many smart cards also contain a cryptographic chip/engine which can perform data encryption.
Such smart cards can therefore naturally integrate with Public Key Infrastructure (PKI) deployments in a
corporation, and provide functionality such email signing and data encryption. Note: In addition to
PKI support, HP ProtectTools also provides the means to more securely store user authentication
credentials like passwords and therefore does not require additional PKI infrastructure elements.
Pros
Utilizes two personal traits, possession and knowledge, to
provide a higher level of security
Strong cryptographic capabilities, enables PKI integration
Mobile user authentication
Intuitive and user friendly. Usage similar to an ATM

USB token authentication

Like smart cards, USB tokens also combine two factors, possession and knowledge, and can therefore
provide a higher level of security compared to authentication devices that use only a single factor.
USB tokens also require that the user be in possession of the USB token and know the secret PIN
unique to that USB token. USB tokens plug into any open USB port and provide an authentication
token identical to the one provided by a smart card.
With USB token authentication, unauthorized access can be prevented by keeping the USB token
separate from the system. Unlike passwords, loss of USB tokens can be detected and steps can be
taken to prevent access to the system and the network.
USB tokens provide for mobility (stronger, portable user authentication on devices). This allows users
to authenticate on multiple systems. This feature is important in environments where users are not tied
to any single client. USB tokens can also be used to securely transport a limited amount of user
credentials and keys.
Cons
Most smart card implementations are vendor unique
Lost smart cards can result in manageability costs
Require deployment of a smart card reader
General implementation requires expensive PKI
infrastructure
5