rms@gubba.SPDCC.COM (Rich Sands) (04/19/88)
I'm doing a research project for a course at Boston University (School
Of Management) on security products for dial-up computer lines. I'm
especially interested in hand-held devices that act as unforgeable
tokens for authentication and key generation/distribution. I have lots
of technical information on the algorithms, hardware, etc., and I
understand the inherent limits on this type of device.
I need to find out what experiences people have had actually trying to
use these things, whether computer users adapt well to them, and some of
the decision criteria used in choosing one system over another. If you
have any experience with handheld 'smart' tokens, I'd appreciate your
response to the following:
1) A general description of your organization, ie. bank, insurance
company, medical products manufacturer, government agency, etc. One or
two words will suffice.
2) A general description of the application for the security token, ie.
electronic funds transfer, authorization of product design changes,
protecting university registrar's database, etc. Again, a short
descriptive phrase will be fine.
3) Brand, model, price if known, whether or not it also does end-
to-end encryption, and if so, whether it uses DES or some other
encryption algorithm.
4) Any reactions positive or negative to the general concept of smart
tokens, and to the particular type you use or know about. I'm
especially interested in convenience, denial of service problems,
adequacy of features, and user acceptance.
5) Decision criteria that were important in selecting a system, ie.
particular features, price, service, warrantee, etc.
I don't want to take up too much of anyone's time; short answers are
just fine. If the volume and content of responses warrant, I'll post a
brief summary to the net. Thanks very much for your cooperation,
Richard Sands
--
-- rms
UUCP: {ihnp4,harvard,husc6,linus,ima,bbn,m2c}!spdcc!gubba!rms
Internet: rms@gubba.spdcc.com Compuserve: 71360,1067 BIX: richsands