Windows 7 and Smart Cards

Posted by on December 14, 2011 in Windows 7 Features | 0 Comment

by Patrick Nelson

Windows 7 Smart Card, Windows 7 Smart Cards, Smart Cards Windows 7, Smart Cards Windows 7Microsoft continues its support of smart cards in Windows 7. Smart cards–the little plastic cards containing a chip–can hold details of a card holder’s identity, and that coupled with a Personal Identification Number (PIN) is more secure than a password–the intruder needs both the physical card and knowledge of the PIN to gain access.

Logging on to a Windows 7 computer with a smart card is relatively simple for the end-user.

The computer needs to have a smart card reader attached or installed. The user inserts their smart card and presses Ctrl, Alt, Delete to bring up a logon screen.

They then select “Switch User” and click on the smart card icon. They then enter their PIN.

Smart cards can also be used to unlock an encrypted drive in Windows 7 using Microsoft’s BitLocker Drive Encryption. Bitlocker is available in Windows 7 Ultimate.

Bitlocker is upgraded in Windows 7 to include Bitlocker To Go. It should be noted that the Bitlocker To Go Reader, which is used to unlock Windows XP or Vista drives, can’t be used with a smart card.

Smart cards for un-encrypting BitLocker drives require a compatible certificate on the card. BitLocker will choose the certificate unless there are multiple compatible certificates on the card, in which case the user chooses the certificate.

Smart card settings in BitLocker are defined by Group Policy. Group Policy settings validate smart card certificate usage rule compliance on all drives–including operating system drives, and configure the use of smart cards on fixed data and removable drives.

One minor security issue to take into account when using a smart card and BitLocker is that the public key and thumbprint of the encryption certificate is stored unencrypted in the smart card’s certificate-based protector metadata on the drive.

This information could be used to identify the certification authority that issued the certificate.

Smart cards are a part of Microsoft’s public-key infrastructure that Microsoft has been integrating in Windows and now Windows 7.The smart card SDK has been integrated as part of Windows Base Services.

The SDK is available at the Microsoft Developers Network (MSDN.)

Microsoft has a planning guide for implementing smart cards. It was published in 2007 but many of the concepts in the document will apply today. Click here to see it.

Smart cards can be redirected in Windows 7. Redirecting a smart card makes it available for use in a remote desktop session.

Tip: Click here to run a free scan for Windows related errors

Windows 8 NewsletterSubscribe to our Windows Newsletter. You'll receive the most comprehensive news and updates about Microsoft's Windows 8 sent to your email inbox. In addition, I'll send you my eBook "The Case for Windows 8 - Volume 1". Sign up here

Here are some more posts you might like:

Tags: