From the user perspective, the presence of a certi?¬?cate may or
may not impact the experience. The most visible case is certainly
the one in which the certi?¬?cate (and its private key) lives
on a smartcard. In that case, the user is assigned a physical
piece of gear. Typically, the smartcard has to be inserted into a
reader for performing certain operations, such as logging in to
the system or performing a remote access. The network software
or the operating system try to use the private key on the smartcard
for demonstrating to the service requested that the user has
access to it, hence proving his identity. A further protection is
guaranteed by locking the private key behind a PIN code. At
every usage of the smartcard the user will be asked to type in an
unlocking code, blind credentials that prevent scenarios in
which a thief tries to use someone else??™s card. This is a good
62 The Problem
example of a two-factor authentication technique. An employee
must use something he has (the smartcard) andsomething he
knows (the PIN) together for gaining access.
Using a smartcard is incomparably more secure than simple
username and passwords. However, it is also way less agile.
Pages:
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123