Case Study: The Smart Card Case

SCENARIO

ESSENCE OF THE CASE

The following are the essence of the case:

  • Eventually it was determined that intruders had obtained a certificate that enabled them to install their own certificate authority (CA) and produce smart cards trusted by the ABC Company's computer systems.

  • Among other capabilities, the CA is the computer in the public key infrastructure (PKI) that issues certificates. In the ABC PKI, the certificates are used on smart cards, and in this particular PKI implementation, a hierarchical structure is allowed. In other words, the root—or first CA—can produce a certificate that authorizes another CA. Smart cards produced by either CA can then authorize access to computer systems.

  • The intruders were ...

Get CISSP Training Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial