Workstation and Domain-Logon

		INFO & KNOWLEGDE

You need a credential for authenticating yourself to a data processing equipment. This credential can be 'something you know' (password), 'something you have' (card, certificate) or 'something you are' (biometrics) - or better - a combination of this possibilities. Of course these variants are offering varying security levels.

Current Windows operating systems are Winlogon and the Graphical Identification and Authentication Modul (GINA) together the Logon to a computer and a domain. Configuration can be done by group policies in Active Directory. By default there is logon by passwords and logon by smart cards supported.

Is there, at start, a smart card reader discovered, Winlogon is triggering also pull and push events of a card, aside the Strg-Alt-Del combination, and is reporting this to the GINA. At Logon the GINA requesting the PIN for the card, to input it on the keyboard.

Smart Cards require an installed Smart Card CSP on the computer, which is the middleware to the smart card. There are several smart card CSPs included, but they are only for older smart cards.

The Logon can be flexible adapted, through exchange of the MS GINA (msgina.dll) with an own changed GINA. An installation for a small amount of users can be done using the integrated features, but if there are a great many of users to manage, a card management system is highly recommended.

		PRACTICE

IMPRIVATA OneSign IMPRIVATA OneSign is a redundant eine redundant designed Enterprise Single Sign On Solution, based on appliances. The solution is seamless integrated into the directory of the organisation.

Entrust IdentityGuard Entrust IdentitiyGuard is a versatile authentication platform, which is offering different authentication methods covering most different requirements regarding security and convencience.

Microsoft Smart Card Logon Current operating systems has certificate based Smart Card Logon integrated by default - but it is hidden. Learn which characteristcs this variant has, and how you bring it into life with our bundles.

Cryptoshop Bundles Cryptoshop.com build bundles of products, which are often ordered together, their interworking is tested well, or are best of breed. This offers more convenience for ordering and cheaper purchase.

Cryptoshop Gemalto Classic Bundle Cryptoshop Gemalto Bundle for certificate based IT-Security - client side infrastructure, contains Gemalto Smart Card, Gemalto Reader and Gemalto Classic Client (GemSAFE Libraries).

Cryptoshop AET Starcos Cardman Bundle Cryptoshop AET Starcos Cardman Bundle is for certificate based IT-Security on clients, consisting of a G&D Smart Card, Omnikey Reader and A.E.T. SafeSign.

Cryptoshop AET Starcos Reiner Bundle Cryptoshop AET Starcos Reiner Bundle is for certificate based IT-Security on client, containing a G&D Smart Card, Reiner SCT Cyberjack Pinpad Reader and A.E.T. SafeSign.

Cryptoshop Safenet BSEC SSO - Gemplus Bundle contains: Smart Card: Safenet Model 330, Smart Card Reader: Gemalto GemPC USB-SL, Lizenz: BSEC SSO user licence

Cryptoshop Safenet BSEC SSO - OMNIKEY 3121 contains: Smart Card: Safenet Model 330, Smart Card Reader: OMNIKEY CardMan USB 3121, Licence: BSEC SSO user licence

Cryptoshop Safenet BSEC SSO - OMNIKEY 4040 contains: Smart Card: Safenet Model 330, Smart Card Reader: OMNIKEY Mobile PCMCIA 4040, Licence: BSEC SSO user licence

Cryptoshop Safenet BSEC PK - OMNIKEY 3121 contains: Smart Card: Safenet Model 330, Smart Card Reader: OMNIKEY CardMan USB 3121, Licence: BSEC PK licence

Cryptoshop Safenet BSEC PK - OMNIKEY 4040 contains: Smart Card: Safenet Model 330, Smart Card Reader: OMNIKEY Mobile PCMCIA 4040, Licence: BSEC PK licence

Winmagic SecureDoc Winmagic Securedoc is a Hard Disk Drive Encryption Solution, which encrypts the whole disk and authenticates the user in Pre-Boot.

Secure Doc Hard Encryption Client - Licencing WinMagic’s SecureDoc Hard Disk Enryption is protecting sensitive and confidential data on notebooks by encryption of the whole hard disk with AES 256 algorithm, avoiding all problem areas of encryption and is fullfilling all the security requirements of an organisation for mobile workers.

Secure Doc Enterprise Server - Licencing The SecureDoc Enterprise Server eases the rollout and adminstration of WinMagic SecureDoc Disk Encrpytion, as well as the recovery of passwords, smart cards or token.

Intercede MyID Intercede MyID is a card management system and leverages the existing Microsoft PKI. Big rollouts of card based company cards are no challenge anymore using Intercede MyID.
Product-ID: 4620101001

Chipdrive® Smart Card Office Simple and comfortable smart card security for home user is possible with CHIPDRIVE® Smartcard Office 2.7. No special smart card knowledge is necessary for installation and operation. This offered version supports Chipdrive Masterkey Cards as well as Bank Cards and Health Cards used in Germany and Austria.

Also recommended links

Novell Certificate Logon

		STUDY

If you want to some research about the solutions, do this also in our knowledge base. There you can find more about the basic concepts and functionality of the particular solutions, cryptographic basics and instructions for configuration and how you can successfully build these solutions into IT-Security Governance framework.