Smartcards can be used to mitigate an advanced persistent threat (APT) due to the security of the physical card, a company claims.
Hilding Arrehed, director of ActivIdentity which sells smartcards among other products and services, claimed that as the cards are used to login to a PC an attack would require a physical copy of the card.
“If a user loses a card they can revoke it if it is lost. With the RSA attack the attacker got the seed file and the tokens were compromised, with a smartcard there is no seed data and the access keys are generated inside the card.”
ActivIdentity said that too many organisations rely on older-generation perimeter defences and have weak internal authentication, which is why the APT strategy has been so effective.
Arrehed said employ strong one-time-password tokens with algorithms based on multiple variables (seed key, time and event counter) that are more resistant to compromise, and protect token seed files with strong encryption.