SafeNet, The Foundation of Information Security
 
 
Language: English English Japanese Chinese Chinese Spanish Portuguese
sample image
Windows Logon for Government
Secure your Windows 2000 network.

Windows Logon

Starting with Windows 2000, Microsoft has built-in support for smart card/token-based logon to a Windows domain using public key certificates matched to a user account in Active Directory. Both the standard SafeNet Borderless Security PK smart card and USB token middleware and the optional Borderless Security Single Sign-On middleware fully support Windows smart card logon mechanisms based on public key certificates. Borderless Security Single Sign-On also has the capability support username/password-based strong authentication utilizing smart cards and USB tokens. The certificates and passwords are stored on the smart card or USB token for secure two-factor authentication. To log on to the network, the user must insert their SafeNet smart card into the reader, or their SafeNet iKey™ token into the USB port, and enter their PIN to activate the card.

How Does It Work?

Windows recognizes insertion of an iKey into the USB port, or insertion of the SafeNet smart card into the reader, as an alternative to the standard CTRL+ALT+DEL key sequence, to initiate a logon. The user is then prompted for their user PIN, which controls access to public-private key data stored on the smart card or token. Since the PKI credentials and/or passwords are stored on the card or token, the user can roam within the network (use any other workstation), providing scope for a very flexible deployment of systems and users.

For customers requiring high assurance, SafeNet's smart cards and iKey tokens support a number of additional security features:

  • On-board key generation
  • On-board signing (private key never leaves the card or token)
  • Tamper-evident option (FIPS 140-1 and 140-2 validations)

Windows Public Key Integration:
Microsoft PKI adds Certificate Services to the network.

Microsoft Certificate Services:

This allows for deployment of one or more Certificate Authorities (CA). These may be Microsoft CAs or third Party CAs (e.g., Entrust, Cybertrust Unicert, Verisign). These CAs support issuing and revocation of digital certificates. The Certificate Service is integrated with Windows Active Directory.

The Windows integration of PKI does not replace existing Windows domain trust-authorization mechanisms. However, it does enable the managing of Public Key applications to all Windows workstations and servers connected to a Windows Active Directory network.

Arrow Contact Us
Request Information
Technical Support
General Contact
Find a Partner
 
Related Documents
Related Products
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2008 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.