Hardware Support

Smart Card technology is fully integrated into Windows 2000 Professional, and is an important component of the operating systems public-key infrastructure security feature. It allows Windows 2000 Professional to authenticate users using the private and public key information stored on a card, and enables single sign-on to the enterprise.

A smart card is a small electronic device, approximately the size of a credit card, that contains an embedded integrated circuit. Smart cards are used to securely store public and private keys, passwords, and other personal information such as medical records.

Smart cards provide:

• Tamper-resistant storage for protecting private keys and other forms of personal information.

• Isolation of security-critical computations involving authentication, digital signatures, and key exchange from other parts of the system that do not have a need to know

• Portability of credentials and other private information between computers at work, home, or on the road

The Smart Card subsystem on Windows 2000 Professional supports industry standard Personal Computer/Smart Card (PC/SC) recommendations, and provides drivers for commercially available Plug and Play smart card readers. Windows 2000 Professional does not support non PC/SC-compliant or non–Plug and Play smart card readers. Some manufacturers might provide drivers for non–Plug and Play smart card readers that work with Windows 2000 Professional; however, it is recommended that you purchase only Plug and Play PC/SC-compliant smart card readers.

Windows 2000 Professional automatically detects Plug and Play-compliant smart card readers and installs them using the Hardware Wizard. Once the reader is installed, you only need to configure a dial-up network connection to use a pre-configured smart card. In the Security tab of the connection Properties box, select Use smart card in the Validate my identity as follows list.

Note

Non-Plug and Play smart card readers are not recommended on the Windows 2000 platform. If you use a non-Plug and Play reader, you must obtain installation instructions including associated device driver software directly from the manufacturer of the smart card reader. Microsoft does not support nor recommend using non-Plug and Play smart card readers.

For information about Windows 2000-compatible smart card readers see the Windows Hardware Compatibility List link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .

To log on with a smartcard in Windows 2000 Professional, you need a Smart Card Cryptographic Provider (SCCP). As an option, Smart Card Service Providers (SCSPs), are provided by the smart card supplier or issuer. These service providers pertain to non-cryptographic and cryptographic services.

For more information about Smart Card technology, see Security in this book. For smart card installation procedures, see Windows 2000 Professional Help.

Note

To develop a device driver or service provider, see the Windows 2000 SDK. For more information, see SDK information in the MSDN Library link on the Web Resources pages at https://windows.microsoft.com/windows2000/reskit/webresources .

Smart card readers typically come with set up instructions about how to connect cables, if there are any. If your reader has instructions, follow them. If you do not have instructions, then use the following general procedure.

To install a smart card reader

1. Shut down your computer.

2. Attach your reader to an available serial port or insert the PC Card reader into an available PCMCIA Type II slot.

3. If your serial reader has a supplementary PS/2 cable/connector, attach your keyboard or mouse connector to it and plug it into your computers keyboard or mouse port. Many new smart card readers take power from the keyboard or mouse port because power is not always provided by RS-232 ports and a separate power supply can be expensive and cumbersome.

4. Start up your computer and log on.

If your smart card reader is Plug and Play-compliant, the Hardware Wizard detects it and installs the correct device driver.

To install a smart card reader driver, follow the Hardware Wizard's directions for installing device driver software. This requires that you either use the Windows 2000 Professional CD or media from the smart card reader manufacturer which contains the appropriate device driver.