Cryptoshop Help! Cryptoshop Contact! Cryptoshop Memo! Cryptoshop Shopping Cart! Place your order! Change to german site!
+ Products
· · · · · · · · · · · · · · · · · · · · · · ·
+ Solution
  Authentication  
  Workstation / Domain  
  Webauthentication  
  Application  
  Remote Computer  
  Single Sign On  
  Identification  
  Encryption  
  Development  
  Company Card  
  Winmagic SecureDoc  
  Entrust IdentityGuard  
  Entrust Messaging Server  
  Gemalto - DAS  
  Gemalto - Protiva SA  
· · · · · · · · · · · · · · · · · · · · · · ·
+ Service
· · · · · · · · · · · · · · · · · · · · · · ·
     
Management
· · · · · · · · · · · · · · · · · · · · · · ·
Security Officer
· · · · · · · · · · · · · · · · · · · · · · ·
System Engineer
· · · · · · · · · · · · · · · · · · · · · · ·
Purchasing
· · · · · · · · · · · · · · · · · · · · · · ·
Maintenance
· · · · · · · · · · · · · · · · · · · · · · ·
 
 

Microsoft Smart Card Logon
 
INFO & KNOWLEGDE
 
Current operating systems of Microsoft have certificate based smart card logon already integrated - but without the necessary hardware requirements (reader) it is hidden from the user. But is there a smart card reader found, you see on your Logon screen a symbol for a smart card reader showing the possibility of a secure logon. Because the smart card logon is certificate based there has to be a handful of another prerequesites fullfilled.
XP - Logon - Screen

XP - Logon - Screen



Prerequisites for Microsoft Smart Card Logon
Windows Server 2003 or Windows 2000 Server
PKI with Active Directory Integration (microsoft certificate services)
XP Professional or Windows 2000 Professional - with Microsoft GINA - msgina.dll
PC/SC compliant Smart Card Reader
Smart Card with right CSP (Cryptographic Service Provider)


Features - Configuration
With the prerequisites above stated, a smart card logon certificate issued by the pki for the user can be enrolled to the smart card. The behaviour for push and pull events can be configured by group policies.

With "smart card required for interactive logon" Account Policy the password logon can be totally deactivated - but not to remote access. With the "on smart card removal" policy the behaviour of pulling the card can be defined. Possible are "no action", "lock" or even "logoff" of the user.

The PIN-Policy for the Smart Card may be not so strict, because dictionary attacks on smart cards are almost impossible, because of internal PIN-administration.

There are multiple authentication procedures in Microsoft Windows which can be done with certificates and smart cards, like e.g. VPN, WLAN, Terminalserver up to E-Mailsignaturen. With smart cards, PKI and Active Directory there is factual a Single Sign On Solution hidden.
PRACTICE
 
On Cryptoshop.com you are able to assemble your components yourself, which are useful for covering your requirements, or to try and evaluate in your test environment. To grant your Microsoft infrastructure a little bit smart card security you only need a Smart Card , a Smart Card Reader and a Smart Card CSP .

We are recommending especially following products for this purpose.

Cryptoshop Gemalto Classic Bundle   Cryptoshop Gemalto Bundle for certificate based IT-Security - client side infrastructure, contains Gemalto Smart Card, Gemalto Reader and Gemalto Classic Client (GemSAFE Libraries).
Product-ID: 1060105002
55,00 EUR excl. VAT


Forgotten Smart Card
Of course there is the problem of forgotten smart cards. One possible solution is the issuing of temporary cards with short time running certificates, which can be made without any effort with card management systems. Another possibilty is to keep the possibility of passwort logon, but this very strong password is 'blabed' only in this special case - appliance-based Single Sign On Solutions providing the possibility for a self-service password reset, after answering some self-service questions correctly.

Intercede MyID   Intercede MyID is a card management system and leverages the existing Microsoft PKI. Big rollouts of card based company cards are no challenge anymore using Intercede MyID.
Product-ID: 4620101001


Back to previous page!Top of page!To the startpage of Cryptoshop.com!
  Cryptoshop Gemalto Classic Bundle  
 
  Special offer of the month!  
  Cryptoshop Bundles!  
 
Legal notice Terms and Condtitions Consumer notice Privacy Newsletter Copyright © 2004 CRYPTAS. All rights reserved