Integrating to Windows custom authentication protocols or devices

Mysmartlogon can develop Credential Provider, Gina DLL, Authentication package (SSP/AP), Security Support Provider (SSP) for custom authentication protocol or security devices like smart card. As a proof of our knowledge, you can look at the open source project EIDAuthenticate, our solution to allow smart card logon on stand alone computer on Vista or later.

Smart card mini driver

Integrating smart card, especially EIDs, can be difficult as most software vendors provide bugged CSP and don't test scenarios like smart card logon. Common mistakes includes : wrong caching, don't work under SYSTEM account, don't work under SILENT contexts, can't enumerate key containers, require to be manually deployed under Windows Seven workstations...

Ask Mysmartlogon for a qualified mini driver, compliant with Microsoft tests, ready to be autodeployed by Microsoft Update !

You can also get a look at our open source Open PGP smart card mini driver.

EID integration within Active Directory

Imagine you've decided to implement the new smart card logon technology available since Windows 2008. The procedure to collect users' certificates proposed by Microsoft (manual export and import) is not scalable.

We propose solutions depending if your users are on site or off site.

• On Site : Integration into your login script to collect the certificate of the current user.

• Off Site : A Software As a Service solution for collecting certificates named SmartCollect

SmartCollect is based on the EID applet provided by the Belgium Government. It can be used with Microsoft Forefront Identity Manager 2010 as a Connected Datasource Extension. Currently tested at the Mons Hospital, an application to the eHealth program has been sent to the Microsoft Initiative Center.

Please contact us for a quote and for a instant demo.

Consulting service for smart card Integration into Active Directory

Given a remote access (remote desktop or vnc) to an active directory, we can connect to your infrastructure and show you how to manually bind users to existing smart card infrastructure. Results guaranteed and pricing starting at 200€. Please contact us for a quote.

Smart card Authentication Provider for ASP.Net

Using SSL to authenticate your EID users in SharePoint isn't used for the following reasons :

• It requires some middleware to be deployed
• If the authentication fails (technical error or user not authorized), you can't display custom error messages

Mysmartlogon enrichs the user experience by offering custom authentication process in SharePoint.

Advantage :

• No technical requirements (no installation of middleware as of MacOSX, Unix, Windows ,...)
• Decrease helpdesk interventions because there are less complexity and better error messages

Why not contact us to test our Smart card Authentication Provider for ASP.Net ?

You need custom authentication methods with security and reliability ?

In your day-to-day routine you're buying online with the confidence that https is protecting you. But do you know how it works ? Do you know what are the intimate mecanism that windows use ? If you ask experts they will answer you that your password is hashed and then simply compared. But they're wrong ! They forget for example DPAPI which protects your Internet Explorer passwords. Can you trust experts to build a secure authentication method if they don't know what the system need and how it protects itself ?

You need to access some hidden feature of your smart card ?

From the smart card to the software, you've numerous layer to pass : Smart card Reader driver, APDUs, Smart Card mini driver, CryptoAPI Driver, CryptoAPI and your application. Do you know somebody who know perfectly what does each layer ? Do you know if your encrypted data is in big endian (Crypto.Net) or little endian (CryptoAPI) ? Do you know what kind of padding is applied to your data ? And what's about interoperability between java and dotNet ?

You want to have a web site that can register the identity of your users so they can use active directory smart logon methods ?

Do you know the several methods you can use to remotely query informations from smart cards ? ActiveX, Java applet, SSL Authentication, ... How does the back end interface with these technologies ? Does the customer need to install a driver ? Does it work with every smart card ?

You need some password synchronization method which avoid the use of the Netbios protocol as in Windows Server 2008 trust protocols ?

No NetBIOS is not dead. It may surprise you but NetBIOS is still used every day even in new Windows 2008 servers with the lastest active directory functional level. Try to create a trust with NetBIOS disabled : you can't complete the wizard because NetBIOS is embedded deap into Windows. How to challenge this ? For that, you've to know how password works and how it's used.