A smart card is a small device -- typically in the size and shape of a credit card -- with an integrated circuit embedded in it. In the context of an identity and access management system, these cards are often used to identify and authenticate users, and may contain:
- A cryptographic certificate attesting to the identity of the owner of the card
- A private and public key pair, which belong to the owner of the card and may be used to sign documents or authenticate to services.
- Samples used to support biometric authentication -- i.e., finger print samples, face images, etc.
- Passwords for accounts that belong to the owner of the card.
Most smart cards are activated by inserting them into a card reader, which includes probes that make electrical contact with circuit elements on the surface of the card. Some smart cards are contactless - meaning that they communicate with the card reader wirelessly but in close proximity.
Integration between Hitachi ID Management Suite and smart card systems includes:
- Smart card-based authentication into Management Suite
The web server hosting Management Suite can be configured to authenticate users with their smart cards. Management Suite is then configured to trust authentication information it receives from the web server, thereby allowing users to sign into the Management Suite application with their smart card, rather than by typing a login ID and/or password.
- Self-service smart card PIN reset
Hitachi ID Password Manager allows users to reset a forgotten PIN on their smart card:
- Users can access Password Manager with a web browser or from the
- Organizations may choose from a variety of technologies,
including local or domain-level "secure kiosk accounts,"
a service that extends the Windows XP GINA screen or a
Windows Vista/7/8 credential provider to empower
users who cannot sign into Windows because they forgot their
smart card PIN to access Password Manager.
- Password Manager assists remote users by establishing a temporary
VPN connection using its own credentials and launching an HTTPS
session over that link.
- Using the Password Manager web portal, users can authenticate themselves
with anything other than their non-functional smart card.
Examples include answering security questions or typing a
- Once authenticated, Password Manager uses an ActiveX control to communicate with the user's smart card reader and smart card to perform a PIN reset.
- Users can access Password Manager with a web browser or from the login prompt.
- Provisioning new smart cards to users and deprovisioning existing
cards back into inventory
As mentioned earlier, Management Suite can provision physical devices, such as smart cards, tokens or building access badges. This includes managing physical inventories of devices by serial number and location, notifying people responsible for managing those inventories that they should deliver or collect individual devices, activating new devices, deactivating returned devices, etc.