identity management & windows smart card … management & windows smart card infrastructure...
TRANSCRIPT
![Page 1: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/1.jpg)
Identity Management & Windows Identity Management & Windows Smart Card InfrastructureSmart Card Infrastructure
Shivaram H. MysoreShivaram H. MysoreSenior Program ManagerSenior Program ManagerMicrosoft CorporationMicrosoft Corporationhttp://blogs.msdn.com/shivaramhttp://blogs.msdn.com/shivaram/ /
![Page 2: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/2.jpg)
Overall Presentation Goal
To educate you about Windows Smart Card Framework for strong authentication and compliance needs
![Page 3: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/3.jpg)
Learning Objectives
As a result of this presentation you will be able to:– Understand Windows Smart Card Framework
and its value proposition– Products associated to deploy and manage
Smart Cards and related applications
![Page 4: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/4.jpg)
Did You Know . . .?
“It is estimated that through 2009 worldwide, Smart-card shipments will grow at an annual clip of 22% for financial services and 40% for identity and security applications for government”
Source: Frost & Sullivan
![Page 5: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/5.jpg)
Presentation Agenda
• Introduction• Windows Smart Card Vision• Windows Smart Card Framework (WSF)• Resources• Summary
![Page 6: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/6.jpg)
Introduction
• Mantra for today’s e-governments and e-businesses– Strong Authentication– Personalization– Privacy– Security
![Page 7: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/7.jpg)
Windows Smart Card Vision
Windows digital identity is trustworthy, simple, and universal
CompliantSimplifiedExperience
CostEffective Interoperable
![Page 8: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/8.jpg)
Windows Smart Card Framework (WSF)
• A comprehensive set of Microsoft technologies designed to simplify use, manage and deploy Smart Cards
• Very simply: “Enable Smart Cards for strong authentication on every desktop”
• Availability: Windows 2000 onwards
Windows Smart Card FrameworkWindows Smart Card Framework
User Experience
User Experience ManagementManagement InfrastructureInfrastructure QualityQuality DeploymentDeploymentBrandingBranding
![Page 9: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/9.jpg)
Why Smart Cards?• Align with national and citizen eID projects• Provide framework for ubiquitous strong
authentication across consumers and enterprises
• Basis for the “Identity Metasystem”• Enable long term solutions against identity
theft
Windows Smart Card FrameworkWindows Smart Card Framework
User Experience
User Experience ManagementManagement InfrastructureInfrastructure QualityQuality DeploymentDeploymentBrandingBranding
![Page 10: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/10.jpg)
What about OTP and Biometrics?
– Biometrics and OTP have inherent long term security challenges
– Neither provide strong cryptographic keys for authentication, digital signatures or encryption
– Windows Vista credential provider model simplifies development and extensibility
– Smart Cards are Microsoft’s strategic direction for strong authentication
![Page 11: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/11.jpg)
Customer Requirements
• Simplify end user experience
• Reduce TCO
• Improve Authentication Platform
• Provide Quality Benchmark
• Provide more value for IHVs
• Enable lower cost of deployments for consumers
User Experience
User Experience
ManagementManagement
InfrastructureInfrastructure
QualityQuality
DeploymentDeployment
BrandingBranding
![Page 12: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/12.jpg)
WSF: Vista User Experience
User Experience
Management
Infrastructure
Quality
Deployment
Branding
• Better Integration of Smart Cards with Applications– Common Logon UX– Integrated Credential UI
• In-box Smart Card Scenarios– Multiple Certificates based
Smart Card logon– Integrated PIN Change & Unblock– Root Certificates on Card– Performance Improvements
![Page 13: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/13.jpg)
WSF: Vista User Experience
User Experience
Management
Infrastructure
Quality
Deployment
Branding
![Page 14: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/14.jpg)
WSF: Management
User Experience
Management
Infrastructure
Quality
Deployment
Branding
• Flexible and Scalable Card Management Solution
• Integrated and Comprehensive Solution:
Active Directory + Certificate Authority (CA) + Certificate Lifecycle Manager (CLM)
• Configurable workflow and policies• Card applet management• CLM Beta2 available; RTM CY’07 Q1
![Page 15: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/15.jpg)
WSF: Management - CLMFunctional overview
• Single administration point for digital certificates and smart cards
• Configurable policy-based workflows for common tasks– Enroll/renew/update– Recover/card replacement– Revoke– Retire/disable smart card– Issue temporary/duplicate smart card– Personalize smart card
• Detailed auditing and reporting• Support for both centralized and self-service scenarios• Integration with existing infrastructure investments
– Windows Active Directory; Windows Certificate Services
![Page 16: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/16.jpg)
WSF: Management - CLMArchitectural overview
MicrosoftCertificateLifecycle Manager
Microsoft CAs
Physical Architecture
SQLAD
E-mail CLM Policy Module
CLM Exit Module
Internet Explorer
CLM Browser Control
CLM AD Integration
CLM Web App
Internet Information Server
Component Architecture
Microsoft Certificate Authority
Smart Card MiddlewareEnd User
![Page 17: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/17.jpg)
WSF: Infrastructure
User Experience
Management
Infrastructure
Quality
Deployment
Branding
• Simplified Base CSP/Card Module architecture
• Reduced development time compared to CSPs with Card Modules
• Simplified Credential Provider architecture
• Smart Card scenarios continue to work without modification
![Page 18: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/18.jpg)
WSF: Quality
User Experience
Management
Infrastructure
Quality
Deployment
Branding
• Smart Card Certification Centre– Certification program for Smart Card
Middleware– Card Module Certification Kit
• Windows Hardware Quality Labs (WHQL)– PC/SC based Card Reader Driver
Certification– Card Reader Driver Certification kit
available via WDK
• Card Modules and Reader Drivers available via “Windows Update”
![Page 19: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/19.jpg)
WSF: Branding
User Experience
Management
Infrastructure
Quality
Deployment
Branding
• Designed for Windows Logo• Managed by WHQL• Widely recognized and trusted
by consumers for consistent user experience and reliability
• A pre-requisite to get on “Windows Update”
![Page 20: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/20.jpg)
WSF: Deployment
User Experience
Management
Infrastructure
Quality
Deployment
Branding
• Plug-n-Play functionality for Card Modules and Reader Drives via Windows Update
• Seamless User Experience• Simplified deployment vehicle
for IHVs and ISVs• Auto Enrollment of Certificates
for Smart Cards in CA• Card Applet provisioning via
CLM
![Page 21: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/21.jpg)
Additional Resources
• Certificate Life Cycle Manager http://www.microsoft.com/clm
• MSDN documentation – Base CSP, Card Modules, Crypto, WinSCard and Credential Provider API –http://msdn.microsoft.com ; Sample Code: SDK
• Certificate Authority http://www.microsoft.com/PKI
• For questions on Credential Provider, contact –[email protected]
![Page 22: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/22.jpg)
Summary
• Windows Smart Card Framework –platform infrastructure improvements
• Products – Certificate Life Cycle Manager (CLM) and Certificate Authority (CA) for deployment and management of Smart Cards, Certificates and related applications
![Page 23: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/23.jpg)
If You Only Remember One Thing . . .
Mobile / Smartphone(S/MIME, VPN)
Certificate Server
Digital Certificate(s)
Certificate Lifecycle Manager
Basis of Strong Enterprise Identity
Enterprise(Roaming, Wireless, Bitlocker, EFS, S/MIME, NAP)
Home(VPN) Storage
Microsoft has a complete end-to-end solution for Governments and Businesses needing strong authentication with Smart Cards
![Page 24: Identity Management & Windows Smart Card … Management & Windows Smart Card Infrastructure Shivaram H. Mysore Senior Program Manager Microsoft Corporation](https://reader031.vdocuments.us/reader031/viewer/2022022504/5ab8280e7f8b9a28468c8302/html5/thumbnails/24.jpg)
Shivaram H. MysoreShivaram H. MysoreSenior Program ManagerSenior Program ManagerMicrosoft CorporationMicrosoft Corporationhttp://blogs.msdn.com/shivaramhttp://blogs.msdn.com/shivaram/ /
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.