What is – EfmSoft

Status / error code:		Category:

Constant name:
Source:	Operating System:
Description: Smartcard logon is required and was not used.

Previous	Next
STATUS_PKINIT_NAME_MISMATCH	STATUS_KDC_INVALID_REQUEST

STATUS_SMARTCARD_LOGON_REQUIRED

A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

ECDSA logon requires an associated ECDH key on the smart card

The smart card credential provider will not show ECDSA-based logon certificates on the logon screen if they do not have an associated ECDH key on the smart card. This association is made possible through a new key property for ECDSA keys. If the ECDSA key does not have this property, Windows automatically selects the first ECDH container on the smart card.

Pairing an ECDSA logon certificate with an ECDH key allows Windows to support cached logon with ECDSA certificates. To perform cached smart card logon (to log on when the domain controller is not available), the system accesses symmetrically encrypted information that was stored locally during the last logon with the domain controller. For the RSA signature algorithm, the key that encrypts and decrypts this cached information is derived from a random value signed with the RSA logon key. However, a key derived from an ECDSA signature would likely be different each time it gets computed. Therefore, an ECDH key is associated with the ECDSA logon certificate and used to generate an AES key for storing the cached credentials.

Invention

The idea of incorporating an integrated circuit chip onto a plastic card was first introduced by two German engineers in the late 1960s, Helmut Gröttrup and Jürgen Dethloff. In February 1967, Gröttrup filed the patent DE1574074 in West Germany for a tamper-proof identification switch based on a semiconductor device. Its primary use was intended to provide individual copy-protected keys for releasing the tapping process at unmanned gas stations. In September 1968, Helmut Gröttrup, together with Dethloff as an investor, filed further patents for this identification switch, first in Austria and in 1969 as subsequent applications in the United States, Great Britain, West Germany and other countries.