Go Back   TechArena Community > Technical Support > Computer Help > Windows Vista > Vista Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links

Windows Vista smart card logon on stand alone machine

Vista Help

Thread Tools Search this Thread
Old 09-03-2008
Posts: n/a
Windows Vista smart card logon on stand alone machine

Hi all.
I just want to share with you my thoughts about smart card authentication
implementation in Vista.
I know that smart card logon, also known as strong authentication or
two-factor authentication, can be performed on a machine that is connected to
a domain.
And in Vista SP1 it's been added the support for biometric factor
authentication so that, with the appropriate security tokens, strong
three-factor authentication can be performed through Kerberos on machines
connected to a domain.
Said that I really can't understand why Microsoft doesn't give a standard
option, included natively in her oss, to enable strong authentication in
stand alone machines that are not connected to a domain.
I try to explain in details what I mean.
It happens often, for security reasons, that companies have stand alone pcs
not connected to the internet and to the company domain.
From my point of view achieving a strong authentication on a stand alone
machine is not so complicated; Let's think at this scenario: I have my public
key certificate with its relative private key both stored on my personal
security token that, through its internal microprocessor, is capable of
cryptographic tasks.
If there could be a way to install the public key certificate I have on the
above security token on a stand alone machine and associate it to my user
account of that stand alone pc it could be easy to perform strong
authentication using Microsoft Smart Card Base Cryptographic Service
Provider. ( Having also the minidrivers of the token vendor installed on the
stand alone machine )
When I would insert my security token in the stand alone pc my public key
certificate would be sent to the stand alone pc that, after checking that the
public key certificate is associated to my user account on the stand alone
pc, would sent to my security token an automatically generated password
encrypted with the public key associated to the public key certificate I have
on my security token that could decrypted it with its private key and send it
to the stand alone pc.
I know that there are third parts softwares that perform authentication to
windows stand alone pc through security token but it's not the same as if it
was embedded natively in windows oss.
My reasoning is surely missing some technical or security aspect or maybe
just some convenience aspect and I really appreciate any comments and/or any
Thank in advice to all who will read my post and answer/comment me.
Best regards

Reply With Quote
Old 09-03-2008
Brian Komar \(MVP\)
Posts: n/a
Google on PKINIT

I m facing the same problem exactly as you, and i didn't find any third party software resolve this problem till now, have you?

What 'other' group?

If no one can tell me what other group, would you be kind enough as to
answer my question my question?
Reply With Quote
Old 27-05-2009
Posts: n/a
RE: Windows Vista smart card logon on stand alone machine

Hi Alice,

Reply With Quote

  TechArena Community > Technical Support > Computer Help > Windows Vista > Vista Help
Tags: , , ,

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads for: "Windows Vista smart card logon on stand alone machine"
Thread Thread Starter Forum Replies Last Post
?The RPC server is unavailable? stand alone logon on windows 7 Priscilia Networking & Security 4 29-01-2011 11:00 AM
Smart card is required for interactive logon In_the_desert Windows Security 4 20-08-2010 12:04 PM
How to disable Smart Card authentication in Vista Fernandoa Networking & Security 3 21-07-2009 08:34 PM
Smart Card Certificate based logon with Windows XP SP2 Kr8zyCanuck Operating Systems 2 05-11-2008 05:17 PM
Smart Card Logon Lindberg Windows Security 5 16-09-2008 04:00 PM

All times are GMT +5.5. The time now is 06:43 PM.