The decision to deploy smart cards may have been based upon the desire to improve Windows and/or enterprise single sign-on (SSO) authentication. The most important choice is the smart card form factor. Smart cards come in two forms: credit card-sized (known as ISO 7816) or USB token. Despite the form factor, the smart card technology is usually identical. Both form factors share a common logical personalization process (that is, the configuration of the smart card for a specific user) and provide logical services, like authentication to Windows, enterprise SSO and Web servers. It's the form factor's physical differences that make them suitable for different uses.
The ISO 7816 form factor is the most commonly deployed smart card in the enterprise, not coincidentally because it supports identity badging, graphical personalization with both corporate and user information that enables visual identification of the user.
The ISO 7816 form factor also supports physical access via its contactless interface. By simply waving the smart card near a door reader - featuring an electromagnetic field to provide both power and a data path to the smart card - the door opens upon successful authentication.
The most common contactless building access system is based upon HID Corp.'s Prox (125 KHz) technology. The U. S. government has chosen a different contactless specification as part of its HSPD-12 initiative, but the HID Prox card will remain the most prevalent contactless specification for at least several years because of the long replacement cycle of door readers and cards. For the most part, USB token smart cards are not suitable for use with physical access systems, though at least one vendor offers a USB token smart card with HID Prox-based technology.
With all the advantages of the ISO 7816 form factor, why even consider the USB token form factor? The most notable reasons are simpler desktop configuration and potentially reduced cost. USB smart cards don't need a reader; they plug into a desktop's USB port. ISO 7816 cards require a smart card reader at the desktop.
One additional advantage of the USB smart card form factor is that it can be coupled with a traditional one-time password (OTP) device. OTPs have a liquid crystal display that highlights a unique numeric password. OTPs remain the default strong authentication mechanism within the enterprise today because, unlike smart cards, they don't require client software.
While the converged USB smart card-OTP device provides maximum application coverage, it sells for a premium over the standard USB smart card. It may be more cost-effective to restrict these devices to a user subset, such as road warriors that require access to enterprise resources from kiosks while on the road.
To summarize, the ISO 7816 and USB token smart card form factors are nearly identical from a technology perspective, and both provide logical authentication services. The ISO 7816 smart card is the better choice for physical access and/or identity badging. Conversely, the USB token format is more rugged and is a better fit in order to avoid deploying smart card readers to the desktop, or if there is a need to combine both OTP and smart card functionality.