What are SmartCard readers on laptops used for?

Discussion in 'Hardware Components and Aftermarket Upgrades' started by Apollo13, Nov 8, 2015.

Thread Status:
Not open for further replies.
  1. Apollo13

    Apollo13 100% 16:10 Screens

    Reputations:
    1,432
    Messages:
    2,582
    Likes Received:
    210
    Trophy Points:
    81
    This topic came up at work recently, where many of the laptops in use have a SmartCard reader. What are they meant to be used for? Someone put their ID card in, and Windows 7 installed the driver, and I was able to replicate that with an expired credit card... but what are they actually supposed to be used for? Payments via laptop with credit card? A much larger SIM-type card than the old SIM card slots of circa 2007? Something else?

    I realized afterwards that my newer personal laptop also has a SmartCard slot. Not sure what it's intended for either. Can someone enlighten me?

    P.S. This is not the same as ExpressCard or the older PCMCIA - I'm familiar with those. My personal laptop actually has both ExpressCard and SmartCard.
     
    9ac3 and austin_wardy like this.
  2. KLF

    KLF NBR Super Modernator Super Moderator

    Reputations:
    2,839
    Messages:
    2,753
    Likes Received:
    847
    Trophy Points:
    131
    To identify the user. I don't use them myself but here for example banks and doctors/nurses use them.
    To access personal information about client/customer, in addition to username/password they need to enter their ID smarcard into the reader first. Software won't let them access anything otherwise.

    Since the ID card is in their keychain or similar, they need to remove it from the computer when they leave and it makes unauthorized access impossible. That's how it works in theory at least.
     
    austin_wardy and Apollo13 like this.
  3. kent1146

    kent1146 Notebook Prophet

    Reputations:
    2,354
    Messages:
    4,450
    Likes Received:
    475
    Trophy Points:
    151
    Smartcard slots are for companies that support two-factor authentication for logins. You'll only find smartcard readers on enterprise-grade laptops, since they don't have a use in the consumer space.

    You'll usually find this in larger companies with mature IT infrastructure. The idea is that you plug in the smartcard to the laptop, and also type in a username / password, in order to log in. This way, you protect against single-factor authentication attacks; such as password-based attacks (keylogger, weak passwords, leaked passwords); and you protect against stolen keys / smartcards. You need both the password AND physical smartcard to log in.

    The concept is the same as those RSA keychain tags people carry, that automatically generate a new code every 60 seconds. You need to be in possession of that physical "key" (RSA tag); as well as know your username / password to log in.

    If you don't work for a company that supports this, then this feature is pretty much useless, and can be safely ignored.
     
  4. triturbo

    triturbo Long live 16:10 and MXM-B

    Reputations:
    1,577
    Messages:
    3,828
    Likes Received:
    1,228
    Trophy Points:
    231
    I thought that they can be used for digital signatures as well.
     
    austin_wardy likes this.
  5. TomJGX

    TomJGX I HATE BGA!

    Reputations:
    1,454
    Messages:
    8,707
    Likes Received:
    3,312
    Trophy Points:
    431
    Hit the nail on the head! +rep :)
     
  6. Apollo13

    Apollo13 100% 16:10 Screens

    Reputations:
    1,432
    Messages:
    2,582
    Likes Received:
    210
    Trophy Points:
    81
    Thanks for the detailed explanations! That makes more sense now. Both my work laptop and my newer home one are HP EliteBooks, though one is an Ultrabook and the other a desktop replacement, so that's likely why they have them. Though we don't use them at the enterprise where I work, it's possible that the SmartCard slot on my DTR was used during its previous life in a large healthcare system.
     
  7. Tsunade_Hime

    Tsunade_Hime such bacon. wow

    Reputations:
    5,413
    Messages:
    10,720
    Likes Received:
    1,204
    Trophy Points:
    581
    The issue with consumers using them is you also need software to interpret the 2 factor authentication, and normally big enterprise integrates that with Microsoft SSO (single sign on), so it generates a profile on the domain with those credentials. ActivClient and CAC are the most popular used by the government and military.

    You can do this as well, you do have to write some certificates. The government uses PIV card readers to authorize time sheets and needs your digital signature with your PIV badge.

    Alot of software has registry keys so you can change the Windows behavior with the smart card. We found out the default is when you move the smart card it autolocks Windows, but as a default we had that disabled.
     
    TomJGX and triturbo like this.
Loading...
Similar Threads - SmartCard readers laptops
  1. tomcatsniper
    Replies:
    6
    Views:
    565
Thread Status:
Not open for further replies.

Share This Page