Th ese attacks are time consuming in nature and require special equipment to enact. Th ere have
also been adjustments made on the smart-card architectures and processing to thwart these types
of attacks. Th ese kinds of attacks continue to be an area of ongoing concern as token device use
becomes more widespread.
Token Management
Regardless of the type of token that is employed, there needs to be a process to manage it over its
lifetime. Th is would include the initial distribution of tokens, replacing lost or expired tokens, and
collecting tokens from employees who are leaving the enterprise. Th ese processes generally make
use of a database to manage the tokens during their life cycle. It is also important that the distribution
and replacement processes use appropriate authentication methods to verify that the correct
person is receiving the token. If these processes can be subverted then any subsequent authentications
will be compromised, as someone other than the appropriate person may be able to obtain a
token in his or her name. Th ese processes may use trusted security o?¬? cers to verify an identity or
may be tied into the methods used to issue credentials for physical access to the enterprise. As a
part of the procedure for issuing the token an alternate method of identi?¬? cation can and should be
established. One method is to set up a series of challenge-and-response questions that can be used
over the phone or through a self-service Web site to request actions like replacements or resets.
Pages:
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313