Host-Based System Security
A host-based system treats a card as a simple data carrier. Because of this, straight memory cards can be used very cost-effectively for many systems. All protection of the data is done from the host computer. The card data may be encrypted but the transmission to the host can be vulnerable to attack. A common method of increasing the security is to write in the clear (not encrypted) a key that usually contains a date and/or time along with a secret reference to a set of keys on the host. Each time the card is re-written the host can write a reference to the keys. This way each transmission is different. But parts of the keys are in the clear for hackers to analyze. This security can be increased by the use of smart memory cards that employ a password mechanism to prevent unauthorized reading of the data. Unfortunately the passwords can be sniffed in the clear. Access is then possible to the main memory. These methodologies are often used when a network can batch up the data regularly and compare values and card usage and generate a problem card list.
Card-Based System Security
These systems are typically microprocessor card-based. A card or token-based system treats a card as an active computing device. The interaction between the host and the card can be a series of steps to determine if the card is authorized to be used in the system. The process also checks if the user can be identified, authenticated and if the card will present the appropriate credentials to conduct a transaction. The card itself can also demand the same from the host before proceeding with a transaction. The access to specific information in the card is controlled by A). The card’s internal Operating System and B). The preset permissions set by the card issuer regarding the file’s condition. The card can be in a standard CR80 form factor or be in a USB dongle or it could be a GSM SIM Card.
