Smart cards provide computing and business systems the enormous benefit of portable and secure storage of data and value. At the same time, the integration of smart cards into your system introduces its own security management issues, as people access card data far and wide in a variety of applications.
The following is a basic discussion of system security and smart cards, designed to familiarize you with the terminology and concepts you need in order to start your security planning.
What Is Security?
Smart cards provide computing and business systems the enormous benefit of portable and secure storage of data and value. At the same time, the integration of smart cards into your system introduces its own security management issues, as people access card data far and wide in a variety of applications.
The following is a basic discussion of system security and smart cards, designed to familiarize you with the terminology and concepts you need in order to start your security planning.
Security is basically the protection of something valuable to ensure that it is not stolen, lost, or altered. The term “data security” governs an extremely wide range of applications and touches everyone’s daily life. Concerns over data security are at an all-time high, due to the rapid advancement of technology into virtually every transaction, from parking meters to national defense.
Data is created, updated, exchanged and stored via networks. A network is any computing system where users are highly interactive and interdependent and by definition, not all in the same physical place. In any network, diversity abounds, certainly in terms of types of data, but also types of users. For that reason, a system of security is essential to maintain computing and network functions, keep sensitive data secret, or simply maintain worker safety. Any one company might provide an example of these multiple security concerns: Take, for instance, a pharmaceutical manufacturer:
| Type of Data | Security Concern | Type of Access |
|---|---|---|
| Drug Formula | Basis of business income. Competitor spying | Highly selective list of executives |
| Accounting, Regulatory | Required by law | Relevant executives and departments |
| Personnel Files | Employee privacy | Relevant executives and departments |
| Employee ID | Non-employee access. Inaccurate payroll, benefits assignment | Relevant executives and departments |
| Facilities | Access authorization | Individuals per function and clearance such as customers, visitors, or vendors |
| Building safety, emergency response | All employees | Outside emergency response |
What Is Information Security?
Information security is the application of measures to ensure the safety and privacy of data by managing its storage and distribution. Information security has both technical and social implications. The first simply deals with the ‘how’ and ‘how much’ question of applying secure measures at a reasonable cost. The second grapples with issues of individual freedom, public concerns, legal standards and how the need for privacy intersects them. This discussion covers a range of options open to business managers, system planners and programmers that will contribute to your ultimate security strategy. The eventual choice rests with the system designer and issuer.
The Elements of Data Security
In implementing a security system, all data networks deal with the following main elements:
- Hardware, including servers, HSM’s (hardware security modules), redundant mass storage devices, communication channels and lines, hardware tokens (smart cards) and remotely located devices (e.g., thin clients or Internet appliances) serving as interfaces between users and computers
- Software, including operating systems, database management systems, card management systems (CMS), communication and security application programs.
- Data, including databases containing customer – related information.
- Personnel, to act as originators and/or users of the data; professional personnel, clerical staff, administrative personnel, and computer staff.
The Mechanisms of Data Security
Working with the above elements, an effective data security system works with the following key mechanisms to answer:
- Has My Data Arrived Intact? (Data Integrity) This mechanism ensures that data was not lost or corrupted when it was sent to you
- Is The Data Correct And Does It Come From The Right Person? (Authentication) This proves user or system identities
- Can I Confirm Receipt Of The Data And Sender Identity Back To The Sender? (Non-Repudiation)
- Can I Keep This Data Private? (Confidentiality) – Ensures only senders and receivers access the data. This is typically done by employing one or more encryption techniques to secure your data
- Can I Safely Share This Data If I Choose? (Authorization and Delegation) You can set and manage access privileges for additional users and groups
- Can I Verify The That The System Is Working? (Auditing and Logging) Provides a constant monitor and troubleshooting of security system function
- Can I Actively Manage The System? (Management) Allows administration of your security system