A smart card is a small device -- typically in the size and shape of a credit card -- with an integrated circuit embedded in it. In the context of an identity and access management system, these cards are often used to identify and authenticate users, and may contain:

Users normally have to enter a PIN to activate the card, so smart cards typically constitute a form of multi factor authentication.

Most smart cards are activated by inserting them into a card reader, which includes probes that make electrical contact with circuit elements on the surface of the card. Some smart cards are contactless - meaning that they communicate with the card reader wirelessly but in close proximity.

Integration between Hitachi ID Identity and Access Management Suite and smart card systems includes:

  • Smart card-based authentication into Hitachi ID Identity and Access Management Suite

    The web server hosting Hitachi ID Identity and Access Management Suite can be configured to authenticate users with smart cards. Hitachi ID Identity and Access Management Suite is then configured to trust authentication information it receives from the web server, thereby allowing users to sign into the Hitachi ID Identity and Access Management Suite application with their smart card, rather than by typing a login ID and/or password.

  • Self-service smart card PIN reset

    Hitachi ID Password Manager allows users to reset a forgotten PIN on their smart card:

    • Users must access Hitachi ID Password Manager from their PC, as this is the only device with a card reader.

    • Organizations may choose from a variety of technologies to enable access from the login screen. The most popular is the Hitachi ID Login Assistant client, which adds a tile to the Windows login screen via the Credential Provider (CP) OS infrastructure.

    • Hitachi ID Password Manager supports off-site users by establishing a temporary VPN connection using its own credentials.

    • Using the Hitachi ID Password Manager web portal, users can authenticate themselves with any combination of credentials, obviously excluding their non-functional smart card.

    • Once authenticated, Hitachi ID Password Manager uses an ActiveX control to communicate with the card reader, to unblock the smart card.

  • Provisioning new smart cards to users and deprovisioning existing cards back into inventory

    As mentioned earlier, Hitachi ID Identity and Access Management Suite can provision physical devices, such as smart cards, tokens or building access badges. This includes managing physical inventories of devices by serial number and location, notifying people responsible for managing those inventories that they should deliver or collect individual devices, activating new devices, deactivating returned devices, etc.

Return to Identity Management Concepts