Export (0) Print
Expand All

Windows Smart Card Technical Reference

Published: May 8, 2014

Updated: May 8, 2014

Applies To: Windows 7, Windows 8, Windows 8.1, Windows RT, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista



The Smart Card Technical Reference describes the Windows smart card infrastructure for physical smart cards and how smart card–related components work in Windows. This document also contains information about tools that information technology (IT) developers and administrators can use to troubleshoot, debug, and deploy smart card–based strong authentication in the enterprise.

This document explains how the Windows smart card infrastructure works. To understand this information, you should have basic knowledge of public key infrastructure (PKI) and smart card concepts. This document is intended for:

  • Enterprise IT developers, managers, and staff who are planning to deploy or are using smart cards in their organization.

  • Smart card vendors who write smart card minidrivers or credential providers.

Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account.

Smart cards provide:

  • Tamper-resistant storage for protecting private keys and other forms of personal information.

  • Isolation of security-critical computations that involve authentication, digital signatures, and key exchange from other parts of the computer. These computations are performed on the smart card.

  • Portability of credentials and other private information between computers at work, home, or on the road.

Smart cards can be used to sign in to domain accounts only, not local accounts. When you use a password to sign in interactively to a domain account, Windows uses the Kerberos version 5 (v5) protocol for authentication. If you use a smart card, the operating system uses Kerberos v5 authentication with X.509 v3 certificates.

Virtual smart cards   Virtual smart cards were introduced in Windows Server 2012 and Windows 8 to alleviate the need for a physical smart card, the smart card reader, and the associated administration of that hardware. For information about virtual smart card technology, see Virtual Smart Card Overview.

This reference contains the following topics, which apply to versions of the Windows operating system that are designated in the Applies To list at the beginning of each topic.

To digitally save or print pages from this library, click Export (in the upper-right corner of the page), and then follow the instructions.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft