|Virtual smart cards thwart attacks on domain credentials|
Wave Systems announced capabilities in its newest version of EMBASSY Remote Administration Server that empowers IT to roll out virtual smartcards for added protection against credential theft-without the provisioning challenges, costs, and support associated with physical smartcards.
Microsoft emphasizes the role of virtual smartcards in its recently released Windows 8 operating system as one of the key pillars of modern access control. Wave delivers such control today on Windows 7, enabling the use of both machine and user IDs using hardware-protected certificates through the Trusted Platform Module (TPM).
Virtual smartcards are similar to physical smartcards, but instead of requiring the purchase of additional hardware, they use technology that users already own. They feature the same properties, including nonexportability (ensuring information on the card cannot be extracted from the device), isolated cryptography (cryptographic operations cannot be extracted), and antihammering (to prevent brute force attacks). The primary difference lies in the fact that private keys are protected using the TPM of the PC instead of smart card media. Private keys are protected not by the isolation of physical memory, but by the physical isolation and cryptographic capabilities of the TPM.
"There are compelling reasons why organizations should give serious thought to upgrading to virtual smartcards, rather than tokens or physical smartcards, to address their modern access control requirements," says Steven Sprague, CEO, Wave Systems. "These older forms of user authentication come with significant acquisition and replacement costs, plus additional hardware such as card readers. Virtual smartcards can be enabled on any machine running Windows 7 today-without procurement expenses."
Implementing virtual smartcards means employees never have to type domain credentials into their device, effectively providing two layers of protection against credential-stealing attacks.
[This article was posted on November 13, 2012, on the website of ABA Banking Journal, www.ababj.com.]
| TechTopics Plus