chip@seeker.MYSTIC.COM (David "Chip" Reynolds) (04/24/91)
In article <72985@brunix.UUCP> cs132041@cs.brown.edu (Jeremy Gaffney) writes: > >What prevents this card from being stolen in the same fashion as a password book? >If the user simply gives back what the card tells him/her, what prevents the card >from being used by J. Q. Cracker who stole the card? Perhaps a pre-memorized function >(albeit simple, by necessity) could be applied by the user, but at this point, the >procedure is too complicated for any but the by necessity most secure system. Just >far too complicated... > >-jg (cs132041@brownvm.brown.edu) > > Our cards also provide the ability to enter a P.I.N. (Personal Identification Number), and you can use that to shorten your Challange as well. For example: If I use a four digit PIN, and a three digit Challange, I'm not sacrificing any security. If I enter in an incorrect pin, the card doesn't tell me so, it just provides me with an incorrect response. The number of incorrect responses that are accepted before "Attacker Lockout" is activated can be set by the administrator, as well as the method by which it is reset (time or cleared by the sys-admin) Full audit trails are kept, in an encrypted database. There is also a "duress pin." This is a function allowing a user that is being foreced to use his/her PIN to type in a PIN that is incorrect, but also activates the attacker lockout, and notifies the sys-admin immediatly. For those that asked for more information: I'm currently in the process of typing-up some of our spec-sheets. Please be patient a little longer. Or, I can fax them to you, mail me your fax number. Thank you, -*- DCKR -*- David Reynolds Blessed Be! chip@seeker.UUCP decwrl!prememos!chip@seeker.MYSTIC.com root@diana.UUCP David Reynolds Programmer, Product Manager UnixSafe/GatewaySafe Enigma Logic Inc. 2151 Salvio St. Suite 301 Concord Ca. 94520 (415) 827-5797