I have an unused SmartCard slot on my laptop and I want to learn how companies take advantage of it.
Are all SmartCard slots capable of reading and writing a blank card?
Are there compatibility issues between cards and readers/writers?
What additional information should I know about SmartCards (capacity, physical security features, logical security features)
What backing infrastructure should I use? Is AD + Windows CA sufficient? What are widely deployed alternatives?
There are a few different types of Smart Cards, here are the types my old Dell 6420 supports:
What are you going to use the Smartcard for? Signatures, Encryption, or Authentication? Will the smart card be part of a Common Access Control (CAC) solution?
If you're using it for Authentication know that it's very difficult to get it to work across multiple platforms. For example, pretend you want to integrate Windows, iPads, Snow Leopard and Linux. Currently integration of a unified Smart Card authentication is impossible without relying on 3rd party software. As of Jan 2011, Apple's Federal Engineering Management suggest not using out of the box OSX support for Smartcards.
Thursby's PKard for iOS software extends CAC support to Apple iPads and iPhones
Coolkey is a LDAP server that provides smart card login, single sign-on, secure messaging, and secure email access.
Here is a ton of information on how to set up a PKI and ROOT CA that allows for smartcard use.
Also this document describes the Homeland Security HSPD-12 smart card security standard and related Active Directory configuration.
Lastly, SmartCard deployment is much more than the technology involved. I suggest also learning about the processes of securely provisioning them.
Microsoft has a Solution Accelerator for Secure Access using Smart Cards available here that includes technical solutions, hypothetical scenarios and technical requirements on how this can be done.
It is my understanding that not all readers can write to all sorts of smart cards - http://en.wikipedia.org/wiki/Smart_card gives a very broad definition of smart card, "A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits."
If you have not yet read it, The Smart Card Tutorial that can be found at http://www.smartcard.co.uk/tutorials/sct-itsc.pdf might be a few years old, but most is still valid when it comes to the smart cards.
"Write Binary
[...]The actual physical writing of data to the memory of an ICC can be quite a complex operation. The process differs between EPROM and EEPROM memory. In this tutorial we have largely ignored the EPROM memory which requires the IFD to supply the memory programming voltage to the Vpp connector. This voltage varies (significantly) between the different chips which is why the necessary information must be contained within the answer to reset (ATR) interface bytes. The EEPROM devices generate the higher voltage required within the chip. It is also necessary for the correct timing sequence to be generated for the
memory write operation[...]
Develop a new ROM operating system [...] The centre of the development kit is the chip emulation system. This is manufactured to contain the components of the chip in an accessible form [...]
"
Some software solutions are compatible with contactless PKI and dual identification cards, as well as other smart cards and readers. These may include contactless, contact, Risk-Based authentication, credential management, logging, SSO, and a lot of other features.
