The security of an organization's assets involves protecting and safeguarding its physical and intellectual property from theft, vandalism, unauthorized access, and disasters. Securing physical properties addresses the mandatory physical access control requirements for buildings, equipment, material inventory, and so forth. This defines the physical access control for a location in an organization or its infrastructure. Physical access control restricts unauthorized personnel from gaining entry and potentially causing theft, damage, disruption of an organization. Securing intellectual property involves protecting business information, processes, data, and communications. This security defines the logical access control to computer and network infrastructures based on a person's identity information. Examples include authentication credentials and associated privileges set by the organization. Logical access control protects an organization from unauthorized access, intrusions, and electronic crimes that result in loss of sensitive information, disclosure of confidential data, policy breaches, data manipulation, identity theft, impersonation, regulatory violations, and so forth. It is very commonhistorically, in most organizationsto find that physical and logical access control policies are addressed with two different approaches and managed as two different organizational silos. The physical access control of an organization is managed by the security department, which manages and monitors all physical entry and exit of personnel. The logical access control of an organization is managed by the IT department, which defines the policies and rules for accessing an information system. In reality, there are many critical issues unaddressed that impede an organization's efficiency in terms of impersonation and identity frauds, discrete security procedures, use of multiple credential tokens, disconnected enrollment/termination policies, and increased total cost of ownership. The convergence and integration of physical and logical access control mechanisms brings remarkable benefits to an organization with a unified credential token solution. The integration aggregates an organization's physical and logical control mandates by offering the following:
Adopting smart cards and biometric technologies helps deliver a trustworthy identification solution that addresses both logical and physical access control requirements. With a combination of smart card and biometrics-based identification, a smart card holder can present the card as proof of identification, insert the card into card readers, and then provide a PIN in order to obtain access to secure locations and systems. With biometrics, even stronger authentication is possible. This means that an identity can be proved by providing a biometric sample that is matched against the value stored on the card of a biometric sample presented at enrollment. The Role of Smart Cards in Access ControlSmart cards provide a portable credential platform for proving an identity with a tamper-resistant token and for establishing a trustworthy interaction with a restricted resource. From an organization's security perspective, it provides a highly secure alternative for verifying proof of possession over traditional methods such as verifying driver's licenses, passports, visas, and so forth. The identity credentials stored in a smart card make use of cryptographic mechanisms. This assures the card holder that nobody would be able to forge or manipulate the credentials stored in a smart card, with the exception of the card-issuing authority. Smart cards are highly resistant to network-based attacks because they use local card readers, which do not interface directly with network resources. Storing biometric templates of an identity in a smart card requires the person's biometric samples to match what's on the card. This method assures a high degree of verification and multifactor authentication before allowing access to a restricted resource. In general, smart card technologies are widely used to support strong authentication, on-card verification (such as PKI and biometrics), physical access control (such as access to buildings and restricted areas), personal data storage and management (such as storing confidential personal and medical information), and credit cards (storing credit/debit/payment information). To understand the basics of smart cards and their associated concepts, refer to the section entitled "Secure Personal Identification" in Chapter 1, "Security by Default." The Role of Biometrics in Access ControlBiometric technologies provide a way to acquire and represent a person's unique physical traits or characteristics in order to verify an identity and offer a high-degree of assurance that a person is actually who he or she claims to be. Biometric samples are difficult to fabricate, which makes them much harder to share or steal than other authentication mechanisms such as passwords, tokens, certificates, or smart cards, which all have potential vulnerabilities due to credentials shared, forgotten, stolen, or used without the consent of the owner. Combining biometrics-based personal verification with two or more other authentication mechanisms is often considered a robust security approach for use where heightened security requirements are mandatory. This process, also referred to as multifactor authentication, is gaining overwhelming acceptance in the IT industry for its ability to provide trustworthy and accurate personal verification and authentication solutions. To understand the fundamental concepts of using biometric technologies, refer to the section entitled "Secure Personal Identification" in Chapter 1, "Security by Default." |