A smart card is a small device -- typically in the size and shape of a credit card -- with an integrated circuit embedded in it. In the context of an identity and access management system, these cards are often used to identify and authenticate users, and may contain:
- A cryptographic certificate attesting to the identity of the owner of the card
- A private and public key pair, which belong to the owner of the card and may be used to sign documents or authenticate to services.
- Samples used to support biometric authentication -- i.e., finger print samples, face images, etc.
- Passwords for accounts that belong to the owner of the card.
Most smart cards are activated by inserting them into a card reader, which includes probes that make electrical contact with circuit elements on the surface of the card. Some smart cards are contactless - meaning that they communicate with the card reader wirelessly but in close proximity.
Integration between Hitachi ID Identity and Access Management Suite and smart card systems includes:
- Smart card-based authentication into Hitachi ID Identity and Access Management Suite
The web server hosting Hitachi ID Identity and Access Management Suite can be configured to authenticate users with smart cards. Hitachi ID Identity and Access Management Suite is then configured to trust authentication information it receives from the web server, thereby allowing users to sign into the Hitachi ID Identity and Access Management Suite application with their smart card, rather than by typing a login ID and/or password.
- Self-service smart card PIN reset
Hitachi ID Password Manager allows users to reset a forgotten PIN on their smart card:
- Users must access Hitachi ID Password Manager from their PC, as this is the only
device with a card reader.
- Organizations may choose from a variety of technologies to enable
access from the login screen. The most popular is the Hitachi ID Login Assistant
client, which adds a tile to the Windows login screen via the
Credential Provider OS infrastructure.
- Hitachi ID Password Manager supports off-site users by establishing a temporary
VPN connection using its own credentials.
- Using the Hitachi ID Password Manager web portal, users can authenticate themselves
with any combination of credentials, obviously excluding their
non-functional smart card.
- Once authenticated, Hitachi ID Password Manager uses an ActiveX control to communicate with the card reader, to unblock the smart card.
- Users must access Hitachi ID Password Manager from their PC, as this is the only device with a card reader.
- Provisioning new smart cards to users and deprovisioning existing
cards back into inventory
As mentioned earlier, Hitachi ID Identity and Access Management Suite can provision physical devices, such as smart cards, tokens or building access badges. This includes managing physical inventories of devices by serial number and location, notifying people responsible for managing those inventories that they should deliver or collect individual devices, activating new devices, deactivating returned devices, etc.