Smart Cards Smart cards are credit-card-sized IDs, badges, or security passes that have a magnetic strip, bar code, or integrated circuit chip embedded in them. They can contain information about the authorized bearer that can be used for identification andor authentication purposes. Some smart cards are even capable of processing information or can be used to store reasonable amounts of data in a memory chip. A smart card can be referred to by several phrases or terms: An identity token containing integrated circuits ICs A processor IC card An IC card with an ISO 7816 interface Smart cards are often viewed as a complete security solution, but they should not be consid- ered a complete solution. As with any single security mechanism, such a solution has weakness and vulnerabilities. Smart cards can be subjected to physical attacks, logical attacks, Trojan horse attacks, and social engineering attacks. Memory cards are machine-readable ID cards with a magnetic strip. Like a credit card, debit card, or ATM card, memory cards are capable of retaining a small amount of data but are unable to process data like a smart card. Memory cards often function as a type of two-factor control in that they usually require that the user have physical possession of the card Type 2 factor as well as know the PIN code for the card Type 1 factor. However, memory cards are easy to copy or duplicate and are considered insufficient for authentication purposes in a secure environment. Dumb cards are human-readable card IDs that usually have a photo and written information about the authorized bearer. Dumb cards are for use in environments in which automated con- trols are infeasible or unavailable but security guards are practical. Proximity Readers In addition to smart and dumb cards, proximity readers can be used to control physical access. A proximity reader can be a passive device, a field-powered device, or a transponder. The prox- imity device is worn or held by the authorized bearer. When they pass a proximity reader, the reader is able to determine who the bearer is and whether they have authorized access. A passive device reflects or otherwise alters the electromagnetic field generated by the reader. This alter- ation is detected by the reader. The passive device has no active electronics; it is just a small mag- net with specific properties like the antitheft devices commonly found on DVDs. A field- powered device has electronics that are activated when it enters the electromagnetic field gen- erated by the reader. Such devices actually generate electricity from the EM field to power them- selves like card readers that only require that the access card be waved within inches of the reader to unlock doors. A transponder device is self-powered and transmits a signal received by the reader. This can occur consistently or only at the press of a button like a toll road pass or a garage door opener. In addition to smartdumb cards and proximity readers, physical access can be managed with biometric access control devices. See Chapter 1, “Accountability and Access Control,” for a description of biometric devices.