Resource Center
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Smart Card

A smart card is a small device -- typically in the size and shape of a credit card -- with an integrated circuit embedded in it. In the context of an identity and access management system, these cards are often used to identify and authenticate users, and may contain:

Users normally have to enter a PIN to activate the card, so smart cards typically constitute a form of multi factor authentication.

Most smart cards are activated by inserting them into a card reader, which includes probes that make electrical contact with circuit elements on the surface of the card. Some smart cards are contactless - meaning that they communicate with the card reader wirelessly but in close proximity.

Integration between Hitachi ID Identity and Access Management Suite and smart card systems includes:

  • Smart card-based authentication into Hitachi ID Suite

    The web server hosting Hitachi ID Suite can be configured to authenticate users with their smart cards. Hitachi ID Suite is then configured to trust authentication information it receives from the web server, thereby allowing users to sign into the Hitachi ID Suite application with their smart card, rather than by typing a login ID and/or password.

  • Self-service smart card PIN reset

    Hitachi ID Password Manager allows users to reset a forgotten PIN on their smart card:

    • Users can access Password Manager with a web browser or from the login prompt.

    • Organizations may choose from a variety of technologies, including local or domain-level "secure kiosk accounts," a service that extends the Windows XP GINA screen or a Windows Vista/7/8 credential provider to empower users who cannot sign into Windows because they forgot their smart card PIN to access Password Manager.

    • Password Manager assists remote users by establishing a temporary VPN connection using its own credentials and launching an HTTPS session over that link.

    • Using the Password Manager web portal, users can authenticate themselves with anything other than their non-functional smart card. Examples include answering security questions or typing a password.

    • Once authenticated, Password Manager uses an ActiveX control to communicate with the user's smart card reader and smart card to perform a PIN reset.

  • Provisioning new smart cards to users and deprovisioning existing cards back into inventory

    As mentioned earlier, Hitachi ID Suite can provision physical devices, such as smart cards, tokens or building access badges. This includes managing physical inventories of devices by serial number and location, notifying people responsible for managing those inventories that they should deliver or collect individual devices, activating new devices, deactivating returned devices, etc.

Return to Identity Management Concepts