IdentiPHI Enterprise Security Solutions   Login
Smartcard Authentication

Using a smart card for Windows authentication:

The most common use of a smart card is to replace the standard Windows username and password with a smart card and PIN. Microsoft natively supports the use of digital certificates stored on a smart card as a secure method for domain authentication. This greatly enhances the security of managing weak passwords and provides a mechanism to automatically lock or log out a workstation when the user is finished with the session.


Windows clients present the option of entering pressing CAD and entering a password, or inserting a smart card. Once a smart card is inserted, the user is only required to supply a PIN. The username is carried by the certificate on the smart card, so the login process is simplified.


The user’s PIN is protected by the card itself. Subsequent attempts with the incorrect PIN will lock the card, therefore making this method of authentication non-susceptible to brute force attacks. Depending upon policy, locked cards may be presented to security officer to be unlocked, or the user must satisfy a challenge/response mechanism.



Smart Card PKI login and physical access
A single badge for every employee and contractor that can be used for either physical or logical access, or most importantly, both.

Every card requires middleware to interface with the PC operating system and certificate authority, a card reader, and a CMS (Card Management System) that must all interoperate.
 
Another major advantage of using smart cards as opposed to cards containing only magnetic strip, is the ability to write and manage account data on the card.

Click to Read Full Abstract

Smart Card removal

When the user removes the smart card from the reader, the workstation may be locked, or the user may be logged completely off of the system. This provides a secure method to ensure that the user does not walk away from the PC while it is still logged in. When this technology is used in conjunction with good security policies, users are trained (or sanctioned) against leaving the card in a reader when they leave the workstation.

PKI login to Windows

  • Microsoft – Included with Microsoft Windows Server 2003
  • 3rd Party PKI (Entrust, RSA, Baltimore, Verisign)

Non-PKI login to Windows

By leveraging the smart card support offered by SAFsolution Workstation Edition. Organizations may deploy smart cards without the need for a full PKI. SAFsolution securely stores the users’ credentials on a smart card and protects them with a PIN. A user may authenticate by the same mechanisms as described earlier, however no additional infrastructure changes are required. This method is ideal for smaller organizations and for proof of concept and user acceptability tests.


RESOURCES
Crescendo Smart Card Brochure


 
Home |Privacy Policy | Security Policy | Copyright © IdentiPHI Inc. 2007; All Rights Reserved