A WHITE PAPER FROM MICROSOFT, INC.
In the past few years, telecommuting, the Internet and electronic commerce
have evolved from alternative means of doing business to become increasingly
mainstream consumer activities. Several years ago, a web address on
a business card was comparable to a secret handshake gaining you admittance
to an exclusive club. Now, advances in software functionality and hardware
speed, along with the power of word of mouth, have made the Internet
and all its offshoots the "next big thing" for commerce, communication
and entertainment. Unfortunately, growing in lock step with the boom
in network and communication technology are the proliferation of multiple
user IDs and passwords, the increasing proficiency of computer hackers
and the occurrence of credit-card fraud.
The family of Microsoft® Windows® operating systems together
with Windows for Smart Cards is designed as a best-of-breed platform
for the emerging world of connected commerce and far-flung networks.
By incorporating the same widely used software development tools from
the desktop and back office, Windows scales from the smallest networks
- the smart card - to the largest enterprise networks, enabling customers
to run their businesses complete with multiple networks, remote users,
electronic commerce, credit-card payments and websites.
Introducing Windows for Smart Cards
As the newest member of the Windows operating system family, Windows
for Smart Cards extends the benefits of the Windows environment to the
smart card segment. According to ICMA member Gemplus, technical support
calls for companies implementing smart cards have been reduced by 40
percent by automatically performing the error-prone authentication process
for users.
According to Michel Roux, vice president of strategic alliances at
Gemplus, Windows for Smart Cards-powered smart cards will rapidly become
the de facto standard for network security and Internet applications.
Close cooperation with smart card industry leaders such as Gemplus will
rapidly bring Microsoft technology at the highest level of performance
and security to the enterprise, while taking full advantage of the seamless
integration with Windows-based architectures and unsurpassed ease of
application development."
Windows for Smart Cards and the Microsoft Windows family help corporate
users to obtain network assets quickly, securely and without error.
At a price of approximately $20 per card reader and a maximum of $5
per card, Windows for Smart Cards is a smart, inexpensive way to strengthen
your corporate security. And simply by implementing Windows for Smart
Cards for security reasons, your business benefits from the multitude
of other functions that smart cards facilitate. These services include
payment functionality and storage of loyalty information, medical and
citizen information, and personal contacts. With Windows for Smart Cards,
Microsoft Windows, and Microsoft application programming interfaces
(APIs) and development tools, your business can be on its way to success.
Windows for Smart Cards is a microcomputer without a graphical user
interface. It enhances your existing corporate network - with Windows
for Smart Cards, there is no need to replace your existing system infrastructure.
It works with the Microsoft Windows 95, Windows 98 and Windows NT®
4.0 operating systems and will be optimized for Windows 2000.
Windows for Smart Cards is often described as a key to a lock: The
lock protects your business data, and the key is customized for each
user. Windows for Smart Cards can be programmed with multiple keys.
It can be used to log on to a PC, to log on to one or more networks,
and to perform remote logons. By storing all of a user's authentication
information, one Windows for Smart Cards can gain a user admittance
to all their accounts: on the corporate network, within Internet chat
rooms or to financial institutions.
Windows for Smart Cards used with one or more of the Microsoft Windows
operating systems results in benefits known as the four P's: It enhances
protection, improves productivity, increases profit and facilitates
promotion.
Protection
Corporate computers generally are configured to require a form of authentication
for logon purposes. Password authentication, the most widely used logon
security mechanism, is only as infallible as its users. Users often
share their personal passwords with friends and spouses. Even the most
reliable user may write a password on a slip of paper where another
can later discover it. If a user does not safeguard a password, the
network may be subject to concurrent usage of a user account or, worse,
may be unprotected against malicious break-ins.
Windows for Smart Cards can be used by only one individual at a time,
making concurrent account usage impossible. Because it is essential
to accessing the network, users are inclined to carry it with them wherever
they go, preventing malicious break-ins. The security officials at your
company determine the authentication mechanism used with Windows for
Smart Cards, whether it is as basic as a PIN or as advanced as fingerprint
recognition or retinal scanning. Windows for Smart Cards can be configured
with the appropriate security information for your network.
If the card is lost, no one else can use it to access the network because
only the owner knows the PIN or has the fingerprint or retina to match
the authentication account. Information and account balances are not
lost if the card is lost, because a user's information is replicated
on each card partner's server. When a replacement card is activated
and inserted into the card partner's network, the information is transferred
back to the new card.
Like a bank or credit card, if a Smart Card is lost or stolen, an 800
number can be used to turn off the card, and a new card is issued. Unlike
a bank or credit card, a smart card can be produced at a branch office
for quicker turnaround.
Using the most secure crypto-algorithms, such as RSA, DES, 3DES and
SHA, and built on the most reliable chips, Windows for Smart Cards is
virtually inviolable.
Productivity
Windows for Smart Cards ensures a consistent experience for application
developers and end users. Application developers can use the development
and debugging tools with which they are already proficient to create
applications for Windows for Smart Cards. And developers save time by
using Windows for Smart Cards. Unlike UNIX, which differs from vendor
to vendor, Windows for Smart Cards is a logical extension of the Microsoft
Windows operating systems and provides a consistent development and
run-time environment.
By implementing Windows for Smart Cards with the Microsoft Windows
operating systems, develo-pers spend their time writing and debugging
many diverse applications rather than in the more time-consuming process
of porting the same application over and over again. And since the functionality
of Windows for Smart Cards is a logical extension of Microsoft Windows,
end users need not learn multiple techniques for employing the card.
Windows for Smart Cards is the key to inter-operability in your organization.
Windows for Smart Cards used with one or more of the Microsoft Windows
operating systems can store personal contact information. By using Windows
for Smart Cards as a companion to the Microsoft Outlook® messaging
and collaboration client, you can transfer the names, email addresses
and phone numbers of business associates from a PC or network to the
card. You can slip the card into your pocket or wallet; then, miles
and time zones away, you can insert it into another computer running
a Microsoft Windows operating system. Instantly, your Outlook information
is accessible.
With the appropriate hardware, Windows for Smart Cards can be used
to call a contact at the touch of a button, obtain a street address
while driving, or exchange contact information with another user of
Outlook. And, unlike email attachments or floppy disks, Windows for
Smart Cards is tamper-proof, making it impervious to viruses, physical
modification or any other type of unauthorized access.
In fact, physical defenses are built into the hardware of Windows for
Smart Cards. It uses the software protection strategy of the Access
Control List (ACL), enabling information to be retrieved from the card
only if certain known principles (e.g., requester's identification,
computer identification, time of day) match information stored in the
ACL. In addition, Windows for Smart Cards utilizes an MS-DOS®-type
multi-partition file system so that applications from different vendors
are stored separately. Vendors therefore can't obtain information from
the card that does not directly pertain to their application. ACL and
file partitioning, together with security libraries and mathematical
algorithms, collaborate to protect Windows for Smart Cards from unauthorized
users and the most invasive tampering ruses. If the card is tampered
with, either by consecutive incorrect PIN entries, electron microscope,
sawing open or any other method, it automatically implodes, rendering
it useless to meddlers.
Windows for Smart Cards also can be used to store medical information
and citizen accounts. Pharmacies could check a patient's card to verify
that the patient isn't taking medication that may interact negatively
with a new prescription. Using Windows for Smart Cards, a doctor's office
could bill a patient's insurance at the time of treatment, eliminating
the need to fill out countless forms at a later date and speeding payment
of charges. Furthermore, Windows for Smart Cards could be used to help
distribute food stamps, store traffic violations, and verify a consumer's
age for tobacco and alcohol purchases.
Using standard Windows-based APIs, vendors of Windows for Smart Cards
can customize the amount and type of information stored on a card. For
those who loath to store their personal information on a card that could
be lost, the card can be configured as an identification mechanism only.
In such a case, medical and citizen information would reside on an agency's
server, and the user's Windows for Smart Cards would act as the identity
key.
Profit
With the advent of e-commerce, fraudulent behavior has increased. Stolen
credit-card numbers are used to purchase goods and services on the Internet,
where signatures are not required to prove identity. Underage users
can access information and entertainment intended for more mature audiences.
With Windows for Smart Cards, a Web site administrator could ascertain
the identity of a user signing in to a chat room to ensure the safety
of patrons. In addition, administrators of Web sites containing adult
content could ensure that only the intended audience view material.
Internet merchants could implement Windows for Smart Cards to obtain
a digital signature when goods and services are purchased. Such a digital
signature would protect financial institutions as well, ensuring that
only a card's owner can make purchases with the card. Windows for Smart
Cards could be used in lieu of a bank or credit card in traditional
purchasing scenarios as well. By writing a financial application and
storing it on the card, a vendor can determine the payment method. Financial
institutions can write applications for Windows for Smart Cards that
store a prepaid value, deducting from it as purchases are made. Alternatively,
an application for Windows for Smart Cards could be written with the
same familiar Windows-based APIs developers already use to interact
with a server-side automatic billing program.
Promotion
Windows for Smart Cards can be used much like a credit card to advertise
your business and your corporate partners. You can also store loyalty
information such as airline miles and past purchase amounts directly
on the card. Or you can issue Windows for Smart Cards to your customers
and sell advertising space on it.
Unlike a credit card, however, Windows for Smart Cards is read-writable.
When your company's strategic alliances change, you don't need to manufacture
more cards; rather, you can change the advertisements and loyalty information
on the cards you have already issued.
Conclusion
With Windows for Smart Cards, Microsoft Windows operating systems and
Microsoft application development tools, you can better protect your
enterprise while experiencing the synergy of user productivity, corporate
profit and promotion.
Microsoft, Windows, Windows NT, Outlook and MS-DOS
are either registered trademarks or trademarks of Microsoft Corp. in
the United States and/or other countries. Other product and company
names herein may be trademarks of their respective owners.
The information contained in this document represents
the current view of Microsoft Corp. on the issues discussed as of the
date of publication. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part
of Microsoft, and Microsoft cannot guarantee the accuracy of any information
presented after the date of publication. This document is for informational
purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN
THIS DOCUMENT.
© 1999 Microsoft Corporation.
November 17, 1999. All rights reserved.