Results 1 to 3 of 3

Thread: Windows Vista smart card logon on stand alone machine

  1. #1
    Michele Guest

    Windows Vista smart card logon on stand alone machine

    Hi all.
    I just want to share with you my thoughts about smart card authentication
    implementation in Vista.
    I know that smart card logon, also known as strong authentication or
    two-factor authentication, can be performed on a machine that is connected to
    a domain.
    And in Vista SP1 it's been added the support for biometric factor
    authentication so that, with the appropriate security tokens, strong
    three-factor authentication can be performed through Kerberos on machines
    connected to a domain.
    Said that I really can't understand why Microsoft doesn't give a standard
    option, included natively in her oss, to enable strong authentication in
    stand alone machines that are not connected to a domain.
    I try to explain in details what I mean.
    It happens often, for security reasons, that companies have stand alone pcs
    not connected to the internet and to the company domain.
    From my point of view achieving a strong authentication on a stand alone
    machine is not so complicated; Let's think at this scenario: I have my public
    key certificate with its relative private key both stored on my personal
    security token that, through its internal microprocessor, is capable of
    cryptographic tasks.
    If there could be a way to install the public key certificate I have on the
    above security token on a stand alone machine and associate it to my user
    account of that stand alone pc it could be easy to perform strong
    authentication using Microsoft Smart Card Base Cryptographic Service
    Provider. ( Having also the minidrivers of the token vendor installed on the
    stand alone machine )
    When I would insert my security token in the stand alone pc my public key
    certificate would be sent to the stand alone pc that, after checking that the
    public key certificate is associated to my user account on the stand alone
    pc, would sent to my security token an automatically generated password
    encrypted with the public key associated to the public key certificate I have
    on my security token that could decrypted it with its private key and send it
    to the stand alone pc.
    I know that there are third parts softwares that perform authentication to
    windows stand alone pc through security token but it's not the same as if it
    was embedded natively in windows oss.
    My reasoning is surely missing some technical or security aspect or maybe
    just some convenience aspect and I really appreciate any comments and/or any
    corrections.
    Thank in advice to all who will read my post and answer/comment me.
    Best regards
    Michele


  2. #2
    Brian Komar \(MVP\) Guest
    Google on PKINIT

    I m facing the same problem exactly as you, and i didn't find any third party software resolve this problem till now, have you?

    What 'other' group?

    If no one can tell me what other group, would you be kind enough as to
    answer my question my question?

  3. #3
    Ǝиçεl Guest

    RE: Windows Vista smart card logon on stand alone machine


Similar Threads

  1. “The RPC server is unavailable” stand alone logon on windows 7
    By Priscilia in forum Networking & Security
    Replies: 4
    Last Post: 29-01-2011, 11:00 AM
  2. Smart card is required for interactive logon
    By In_the_desert in forum Windows Security
    Replies: 4
    Last Post: 20-08-2010, 12:04 PM
  3. How to disable Smart Card authentication in Vista
    By Fernandoa in forum Networking & Security
    Replies: 3
    Last Post: 21-07-2009, 08:34 PM
  4. Smart Card Certificate based logon with Windows XP SP2
    By Kr8zyCanuck in forum Operating Systems
    Replies: 2
    Last Post: 05-11-2008, 05:17 PM
  5. Smart Card Logon
    By Lindberg in forum Windows Security
    Replies: 5
    Last Post: 16-09-2008, 04:00 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,639,276.69957 seconds with 16 queries