Skip to main content

Using Smart Cards for Authentication

Smart card logon is a two-step authentication mechanism that uses a hardware device, known as smart card, to store a user's public key credentials, and a Personal Identification Number (PIN) as the secret key to authenticate the user to the smart card. The smart card includes a built-in microprocessor, operating system, and memory for storing personal information securely. A smart card offers tamper resistant storage for the user's private key, which can only be accessed by entering a secret Personal Identification Number (PIN), and cryptographic support for operations such as digital signatures and key exchange.

The PIN is only used to authenticate the user to the smart card and it is never sent over the network, as is the case of shared secret logon information obtained from the user's password is transmitted over the network. Once authenticated, the user's public key is retrieved from the card by the Windows Security Subsystem and verified to make sure it is valid and that a trusted party issued it.

Next: Smart Card Logon