Smart Card Logon

	Read Document Microsoft Word Version sclogonwp.doc 156 KB Word 2000 file 1 min @ 28.8 kbps Office File Viewers Download Compressed Word Document sclogonwp.exe 105 KB executable file 1 min @ 28.8 kbps Office File Viewers

Summary

The Windows® 2000 operating system introduces smart card authentication as an alternative to passwords to achieve strong network authentication. A smart card can be used to authenticate to a Windows 2000 domain in three ways. The first is interactive logon involving the Active Directory^TM service, the Kerberos version 5 protocol, and public key certificates. The second is remote logon that uses a public key certificate with the Extensible Authentication Protocol (EAP) and Transport Layer Security (TLS) to authenticate a remote user to an account stored in Active Directory. The third is client authentication where a user is authenticated using a public key certificate mapped to an account stored in Active Directory. By integrating public key technologies and smart cards with Windows 2000, Microsoft is helping customers to increase their level of security at a time when the convergence of the enterprise and Web computing models is driving companies to open up their corporate networks to stay competitive.

Smart cards are a key component of the public key infrastructure (PKI) that Microsoft has integrated with the Windows® 2000 operating system. Smart cards enhance software-only solutions such as interactive logon, client authentication, and remote logon. Smart cards provide:

• Tamper-resistant storage for protecting private keys and other forms of personal information.
• Isolation of security-critical computations involving the private key from other parts of the system that do not have a “need to know.”
• Portability of credentials and other private information between computers at work, home, or on the road.

What is a Smart Card?

The term smart card has been used to describe a class of credit card-sized devices with varying capabilities: stored-value cards, contact-less cards, and integrated circuit cards (ICC). All of these cards differ in functionality from each other and from the more familiar magnetic-stripe cards used by standard credit, debit, and ATM cards. It is the ICC that is of most interest to the personal computer, and Windows 2000, because it is able to perform more sophisticated operations such as digital signature and key exchange. A smart card is essentially a miniature computer, embedded in plastic in the form of a credit card, with limited storage and processing capability. The circuitry in a smart card derives power from a smart card reader after the card is inserted into the reader. Data communication between a smart card and an application running on a computer is performed over a half-duplex serial interface managed by the smart card reader and its associated device driver. Smart card readers are available in a variety of form-factors and can be connected to a computer using an RS-232, PCMCIA or USB interface.