Smart Cards

[Previous] [Next]

New to the Windows 2000 authentication suite is the support of cryptographic smart cards. A smart card is a tamper-resistant, credit card-like hardware token that can be used to add additional protection to security-enabled protocols and applications. Unlike credit cards, which have magnetic strips on the back, smart cards use metallic contacts as the hardware interface and require a card reader—Plug and Play readers are recommended for use with Windows 2000. Manufacturers typically provide a software application interface, such as Crypto Service Provider, for use with Microsoft CryptoAPI, or they use a PKCS #11 module. Support for Gemplus, GemSAFE, and Schlumberger Cryptoflex smart cards is included with the Windows 2000 installation.

Smart cards provide the strongest form of user authentication in Windows 2000. Either a PIN or a password is required to access the card, which protects the user's credentials from both rogue parties and applications. In addition to storing public-key certificates and private keys, smart cards can also provide on-card functionality, such as digital signing, to ensure that a user's private key is never exposed.

Unlike software private keys, smart cards can also be moved from computer to computer with ease, providing a high portability level of a user's credentials. Included in the list of security features is the ability to block a smart card from the system after a certain number of unsuccessful logon attempts, making dictionary attacks impractical. (A dictionary attack is a password attack in which a malicious user sends hundreds or thousands of credentials by using a list of passwords based on common words or phrases.)



Microsoft Windows 2000 Server Administrator's Companion, Vol. 1
Microsoft Windows 2000 Server Administrators Companion (IT-Administrators Companion)
ISBN: 1572318198
EAN: 2147483647
Year: 2000
Pages: 366

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net