Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

One time access coding for PKI smart card

Gridsure : 27 May, 2008  (Application Story)
Aventra cards to provide user authentication improvements with the use of image passwording for gaining access to card resources.
GrIDsure, the creator of a revolutionary replacement for all passwords and PINs, has announced what is arguably the first major advance in smart card security since the creation of the electronic chip.

GrIDsure has partnered with Aventra, a leading smart card and data security specialist to provide enhanced, secure user authentication. This dramatically improves security by replacing the fixed PIN with a one-time 'PIN' generated by GrIDsure technology, for every authentication. Because a new code is required by the card each time, a would be attacker gains nothing from recording or observing the number being typed in by the correct user.

Until now, regardless of the sophistication of the electronics, the programming or the encryption on the chip - there remained one fatal flaw with smart cards: that in virtually all such systems, the humble fixed PIN was the only neat, cost-effective way to tie the user to the card, stopping attackers pretending to be the correct user.

But as recent problems in the credit/debit card sector have shown, it's all too easy now for attackers to get hold of vulnerable PINs, using malware, data capture or plain old-fashioned shoulder-surfing - making it possible to impersonate the authorised user.

'Smart cards are deployed more and more for user authentication in high security situations, but the Achilles' heel until now has been the fixed and therefore vulnerable PIN code,' said GrIDsure chairman Jonathan Craymer. 'This new 'one-time PIN' card system pioneered by Aventra creates a huge leap forward in security - arguably the first real advance in the card-to-user interface since smart cards were first introduced.'

'As a cards specialist it's always seemed ridiculous to have hi-tech 'state-of-the-art' PKI encryption within the chip, yet to have to depend on something as crude as a four-digit PIN to confirm the identity or authority of the user,' said Aventra managing director, Timo Markkula. 'As soon as we saw the GrIDsure system, we knew at once it was the security 'upgrade' the smart card industry has been looking for. Authentication by PIN between the user and the smart card is vulnerable to different kinds of attacks, including password replay, key-logging and shoulder-surfing.'

Aventra has developed the MyEID PKI Card, a PKI-enabled smart card, compatible with common industry standards. In addition to a traditional PIN, the GrIDsure method can be used to authenticate the user, providing an additional layer of security. The card is bundled with GrIDsure enabled Windows compatible middleware, supporting strong authentication.

'GrIDsure is in many ways the perfect partner to enhance Aventra's industry standard smart card system, allowing us to add an additional layer of security. This pairing of systems shows our commitment to using the newest available technology in our work, which in turns offers our clients cutting edge, secure, scalable solutions,' continued Markkula.

Craymer added: 'The combined GrIDsure/Aventra solution is set to revolutionise physical and electronic access to high security environments, from computers to door-locks. This joint offering allows Aventra's customers the advantage of coupling industry-leading PKI solutions with the added security offered by GrIDsure one-time codes.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo