Security extensions of Windows environment based on FIPS 201 (PIV) smart card

This paper describes security extensions of various Windows components based on usage of FIPS 201 (PIV) smart cards. Compared to some other similar solutions, this system has two significant advantages: first, smart cards are based on FIPS 201 standard and not on some proprietary technology; second, smart card security extensions represent an integrated solution, so the same card is used for security of several Microsoft products. Furthermore, our smart card system uses FIPS 201 applet and middleware with smart card APIs, so it can also be used by other developers to extend their own applications with smart card functions in a Windows environment. We support the following security features with smart cards: start-up authentication (based on PIN and/or fingerprint), certificate-based domain authentication, strong authentication, and protection of local resources. We also integrated our middleware and smart cards with MS Outlook and MS Internet Explorer.