The objective of this document is to provide the technical knowledge and understanding that is required to correctly and effectively use the Smartcard Logon plug-in on Chip PC thin clients.
The Smartcard Logon plug-in enables the use of a smartcard to secure the thin client and prevent unauthorized access to the device.
Security is achieved by using the following methods:
Authentication of smartcard certificate:
The plug-in reads the values of certain fields in the certificate that is stored on the smartcard.
The plug-in compares the values it has read to corresponding values entered during the plug-in configuration.
If any one of the values that is read from the smartcard, does not match the corresponding pre-configured value, then access to the client device is blocked.
If all values match, the plug-in uses the credentials stored in the smartcard in order to execute an automatic logon to the client device.
The fields that can be examined in the authentication process are:
Issuer CN Principal Domain
Principal Domain Name
Certificate Validity Date
Requiring a PIN Code - The plug-in can require the user to enter a PIN code. The user will be able to work on the thin client only if the correct PIN code is entered.
Smartcard removal behavior – if the smartcard is removed the plug-in can restart, logoff or lock the client device.
Read the following PDF document to understand how to configure the Smart Card plug-in: