I am new to the topic of cryptography and am studying PKI and PKCS etc. I understand the basic concept of PKI and how it is used for encryption/decryption. I am confused however about how a hardware token like a USB token or a smartcard is used for secure login to your computer. Here are steps as I understand them and the part I am confused by (sorry in advance for the question length):
Scenario: Computer xyz on the network contains data that only users who belong to the group SECRET can access. Users Bob and Joe are in this group and have been issued USB tokens that they can use to provide credentials that will enable them to access these resources. The USB token employs two-factor authentication and requires a pin to be input. The token is PKCS11 compliant.
- Bob inserts the USB token into Linux machine
- A PAM-PKCS11 module recognizes this event and prompts Bob to enter his pin.
- Once Bob correctly enters his 4-digit PIN, the module checks for the validity of the certificate on Bob's token by (this varies, but what is minimum?):
- Locating the root certificate to check for a trusted CA
- Checking certificate validity dates and revocation lists
- Matching ID on token against user file (where?, missing a step) or directory (LDAP, etc.)
- If all looks good, module informs PAM of the successful result.
- This line is labeled sufficient so PAM accepts authentication and Bob is logged in and can view information restricted to users from the SECRET group.
The part I am missing is where is the information stored about whether or not Bob can access this machine and how exactly he is tied to Bob the network (or even desktop) user. I understand that other identifying data about Bob will be stored on the USB including an ID (e.g., email address). However, how is this strong security? Where is crypto being employed during the login process, if at all (or is that not the real purpose of these tokens)? If someone gets hold of the USB and knows the 4-digit pin, that appears to be all that is needed, right? Moreover, is it essentially the trust in the CA that allows is to trust that another user can't get a new USB token and use a trusted CA to get a new certificate but specify all identifying data to be the same as Bob's? I know there is some critical part I am missing .. but after reading dozens of articles, explanation of this area seems glossed over. Is it a good idea to use a hardware token as a sufficient means for authentication to login to a machine containing sensitive data? Or is the purpose of such tokens primarily to securely store key pairs that are used in other applications?Thanks for your help!