Citrix has tested smart cards that meet Standard 7816 of the International Organization for Standardization (ISO) for cards with electrical contacts (known as a contact card) that interface with a computer system through a device called a smart card reader. The reader can be connected to the host computer by the serial, USB, or PC Card (PCMCIA) port.
Citrix supports the use of PC/SC-based cryptographic smart cards. These cards include support for cryptographic operations such as digital signatures and encryption. Cryptographic cards are designed to allow secure storage of private keys such as those used in Public Key Infrastructure (PKI) security systems.
These cards perform the actual cryptographic functions on the smart card itself, meaning the private keys never leave the card. In addition, smart cards provide two-factor authentication for increased security: the card and the user’s pin number. When these items are used together, the cardholder can be proven to be the rightful owner of the smart card.
Smart Card Software Requirements
Consult your smart card vendor or integrator to determine detailed configuration requirements for your specific smart card implementation. The following components are required on the server or client:
- PC/SC software
- Cryptographic Service Provider (CSP) software
- Smart card reader software drivers
Your Windows server and client operating systems might already include PC/SC, CSP, or smart card reader drivers. See your smart card vendor for information about whether these software components are supported or must be replaced with vendor-specific software.
To use smart cards in a Windows Server 2008 or Windows Vista environment, your central store must be created with or updated by a Single Sign-on 4.5 (formerly Password Manager) or later console and Microsoft Data Protection API (requires roaming profiles) must be selected in your user configurations.