In these authentication systems, the secrets (such as keys and passwords) are stored in some part of a host (either client, server or both). This implies that the general system-supplied protection mechanisms are used to protect the secrets. An interesting aspect to consider is the mechanisms that are used to protect this information. While there is discussion from some of the authors who discuss these systems regarding the use of smartcards for secure storage, most of them do not view smartcard usage as necessary. See [NIS91a], [Koh91], and [Lin90] for more discussion on the use of smartcards.