Smart Cards

For many organizations, the risk that a password will be stolen or guessed is not acceptable. To supplement password security, organizations implement multifactor authentication that requires both a password and a second form of identification. Often, that second form of identification is a smart card, which contains a digital certificate that uniquely identifies the card holder and a private key for use in authentication.

Like fingerprint biometric devices, previous versions of Windows lacked a standardized framework for smart cards. In Windows 7, smart cards can use conventional drivers. This means that users can access smart cards from vendors who have published their drivers through Windows Update without requiring additional software. Users simply insert a Personal Identity Verification (PIV)–compliant smart card, and Windows 7 attempts to download a driver from Windows Update or use the PIV-compliant minidriver that is included with Windows 7.

The new smart card support options in Windows 7 include the following, all of which can be accomplished without additional software:

• Unlocking BitLocker-encrypted drives with a smart card.
• Logging on to the domain with a smart card.
• Signing XPS documents and e-mail messages.
• Using smart cards with custom applications that use CNG or Crypto API to enable the application to use certificates.


Source of Information : Windows 7 Resource Kit 2009 Microsoft Press