Using the PC/SC API, Active Directory Service will be able to authenticate users using a smartcard, which in turn grants a Kerberos ticket. Microsoft claims this functionality will be available by NT 5.0's final release. Users should be able to log into a NT 5.0 workstation using only a smartcard and a passphrase protecting that card.

Dan Backman can be reached dbackman@nwc.com.

Types Of Smartcards
Smartcards are by no means limited to just computer-security applications. Although they are a convenient storage mechanism for X.509 certificates and private keys, the majority of smartcards are used in financial transactions or specialized applications like SIM (Subscriber Information Modules) in GSM telephones, both primarily in Europe. Because of their varied uses, smartcards come in many forms.

Most smartcards are physically similar, but they are not created equal. The simplest type of card is the memory card, which is aimed primarily at securely storing information with varied density of available memory. The standard density at the time of this writing is 8 KB. However, 16-KB memory cards will soon be available.

Smartcards also can carry application-specific chipsets. In the case of computer security applications, the cards we tested include RSA crypto-engines. These cryptocards are slightly more expensive than simple memory cards and support less on-board memory than standard memory cards (our cards were 4 KB), but perform RSA public key encryption, signatures and verification on the card itself.