Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Windows Vista smart card logon on stand alone machine

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 03-09-2008
Michele
 

Posts: n/a
Windows Vista smart card logon on stand alone machine
Hi all.
I just want to share with you my thoughts about smart card authentication
implementation in Vista.
I know that smart card logon, also known as strong authentication or
two-factor authentication, can be performed on a machine that is connected to
a domain.
And in Vista SP1 it's been added the support for biometric factor
authentication so that, with the appropriate security tokens, strong
three-factor authentication can be performed through Kerberos on machines
connected to a domain.
Said that I really can't understand why Microsoft doesn't give a standard
option, included natively in her oss, to enable strong authentication in
stand alone machines that are not connected to a domain.
I try to explain in details what I mean.
It happens often, for security reasons, that companies have stand alone pcs
not connected to the internet and to the company domain.
From my point of view achieving a strong authentication on a stand alone
machine is not so complicated; Let's think at this scenario: I have my public
key certificate with its relative private key both stored on my personal
security token that, through its internal microprocessor, is capable of
cryptographic tasks.
If there could be a way to install the public key certificate I have on the
above security token on a stand alone machine and associate it to my user
account of that stand alone pc it could be easy to perform strong
authentication using Microsoft Smart Card Base Cryptographic Service
Provider. ( Having also the minidrivers of the token vendor installed on the
stand alone machine )
When I would insert my security token in the stand alone pc my public key
certificate would be sent to the stand alone pc that, after checking that the
public key certificate is associated to my user account on the stand alone
pc, would sent to my security token an automatically generated password
encrypted with the public key associated to the public key certificate I have
on my security token that could decrypted it with its private key and send it
to the stand alone pc.
I know that there are third parts softwares that perform authentication to
windows stand alone pc through security token but it's not the same as if it
was embedded natively in windows oss.
My reasoning is surely missing some technical or security aspect or maybe
just some convenience aspect and I really appreciate any comments and/or any
corrections.
Thank in advice to all who will read my post and answer/comment me.
Best regards
Michele

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 03-09-2008
Brian Komar \(MVP\)
 

Posts: n/a
Re: Windows Vista smart card logon on stand alone machine
Google on PKINIT
Brian

"Michele" <Michele@discussions.microsoft.com> wrote in message
news:1422ACCF-C9C0-469E-9E9C-EFB3B94F6FA9@microsoft.com...
> Hi all.
> I just want to share with you my thoughts about smart card authentication
> implementation in Vista.
> I know that smart card logon, also known as strong authentication or
> two-factor authentication, can be performed on a machine that is connected
> to
> a domain.
> And in Vista SP1 it's been added the support for biometric factor
> authentication so that, with the appropriate security tokens, strong
> three-factor authentication can be performed through Kerberos on machines
> connected to a domain.
> Said that I really can't understand why Microsoft doesn't give a standard
> option, included natively in her oss, to enable strong authentication in
> stand alone machines that are not connected to a domain.
> I try to explain in details what I mean.
> It happens often, for security reasons, that companies have stand alone
> pcs
> not connected to the internet and to the company domain.
> From my point of view achieving a strong authentication on a stand alone
> machine is not so complicated; Let's think at this scenario: I have my
> public
> key certificate with its relative private key both stored on my personal
> security token that, through its internal microprocessor, is capable of
> cryptographic tasks.
> If there could be a way to install the public key certificate I have on
> the
> above security token on a stand alone machine and associate it to my user
> account of that stand alone pc it could be easy to perform strong
> authentication using Microsoft Smart Card Base Cryptographic Service
> Provider. ( Having also the minidrivers of the token vendor installed on
> the
> stand alone machine )
> When I would insert my security token in the stand alone pc my public key
> certificate would be sent to the stand alone pc that, after checking that
> the
> public key certificate is associated to my user account on the stand alone
> pc, would sent to my security token an automatically generated password
> encrypted with the public key associated to the public key certificate I
> have
> on my security token that could decrypted it with its private key and send
> it
> to the stand alone pc.
> I know that there are third parts softwares that perform authentication to
> windows stand alone pc through security token but it's not the same as if
> it
> was embedded natively in windows oss.
> My reasoning is surely missing some technical or security aspect or maybe
> just some convenience aspect and I really appreciate any comments and/or
> any
> corrections.
> Thank in advice to all who will read my post and answer/comment me.
> Best regards
> Michele
>


Reply With Quote
  #3 (permalink)  
Old 05-08-2008
ramyashram
 

Posts: n/a
Re: Windows Vista smart card logon on stand alone machine

Dear Michel

I m facing the same problem exactly as you, and i didn't find any third
party software resolve this problem till now, have you?


--
ramyashram
------------------------------------------------------------------------
ramyashram's Profile: http://forums.techarena.in/member.php?userid=48623
View this thread: http://forums.techarena.in/showthread.php?t=928761

http://forums.techarena.in

Reply With Quote
  #4 (permalink)  
Old 05-26-2009
vletoux
 

Posts: n/a
RE: Windows Vista smart card logon on stand alone machine
http://eidauthenticate.sourceforge.net/


Post Originated from http://www.VistaForums.com Vista Support Forums
Reply With Quote
  #5 (permalink)  
Old 05-26-2009
AliceZ
 

Posts: n/a
RE: Windows Vista smart card logon on stand alone machine
What 'other' group?

If no one can tell me what other group, would you be kind enough as to
answer my question my question?

Thank you.
Reply With Quote
  #6 (permalink)  
Old 05-27-2009
Ǝиçεl
 

Posts: n/a
RE: Windows Vista smart card logon on stand alone machine
Hi Alice,

http://www.microsoft.com/communities...&lang=en&cr=US



"AliceZ" wrote:

> What 'other' group?
>
> If no one can tell me what other group, would you be kind enough as to
> answer my question my question?
>
> Thank you.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista logon with smart card TRossi microsoft.public.windows.vista.security 11 06-04-2008 07:09
Smart card logon jik microsoft.public.windows.vista.security 1 01-10-2008 19:00
Article ID: 935576 After you use a smart card certificate to establish a remote access connection, you cannot connect a Windows Vista-based computer to a shared resource in a foreign domain KBArticles English 0 10-22-2007 20:00
Off the wire: Windows Vista smart card infrastructure explained Steve Security News 0 08-17-2007 20:51
Problems with VISTA and smart card login srodgers@cableone.net microsoft.public.windows.vista.security 1 04-07-2007 02:24




All times are GMT +1. The time now is 01:09.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120