582    Chapter 10 • Public Key Infrastructure


                the physical access security on machines carrying sensitive certificates;
                even the use of radio identifiers so as to lock a workstation when its user
                is away from it for more than a few seconds.

                 It is generally accepted that software storage is not a reliable means of storing
             high-security private keys.To overcome the issues of software storage, Hardware
             Storage Modules (HSMs) were created. HSMs, such as Smart Cards, Personal
             Computer Memory Card International Association (PCMCIA) cards, and other
             hardware devices, store private keys and handle all encryption and decryption of
             messages so that the key does not have to be transmitted to the computer. (Using
             magnetic media is really the equivalent of software key storage with an offline file
             store, and should not be thought of as hardware storage of keys.) Keeping the keys
             off of the computer prevents information about the keys from being discovered in
             computer memory.
                 Smart Cards are the most flexible method of storing personal private keys using
             the hardware storage method. Since Smart Cards are normally about the size of a
             credit card, they are easily stored and can resist a high level of physical stress. Smart
             Cards are also not very expensive. Unlike a credit card that has a magnetic strip,
             Smart Cards store information using microprocessors, memory, and contact pads for
             passing information (see Figure 10.10).

             Figure 10.10 A DSS Smart Card
































          www.syngress.com