Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Vista Newsgroups > Vista security

Vista - Bitlocker and Smartcard authentification

Reply
 
Old 12-29-2006   #1 (permalink)
Detlev Rackow


 
 

Bitlocker and Smartcard authentification

Hello,

our technical account manager suggested to me to look into Bitlocker as
a possible reason to do on early migration for notebooks. We do
currently use Safeguard Easy and Safeboot for driveencryption.

These products allow the use of smartcards and Aladdin tokens to
authenticate both against the drive encryption prior to the O/S-boot and
against the operation system at logon.

For several reasons, I would prefer a smartcard-authentification over
the current TPM/Pin-system.

Among these reasons are:

- Our current standard laptops have no TPM, and we use them for appx. 4
years based on our accounting procedures. Thus, changing to a
TPM-bearing model would change our hardwarebase over a period of more
than 4 years.
- Our notebooks are often pooled among several users. The current
authentification procedure authentificates single users and allows us to
differentiate which notebook belongs to which pool, as each user has 2
factors which are unique to him, and we can allow one or more
credentials on each machine. The TPM-based approach sets a common
factor: Posession of the chassis with the TPM which is the "posession
factor" and a common secret which all pooling employees share among
them. The TPM-based approach is more designed with the idea of dedicated
machines in mind.

Is there a chance that a smartcard-operated authentification might be
implemented into the security system of Bitlocker?

Regards,

Detlev

My System SpecsSystem Spec
Old 12-29-2006   #2 (permalink)
Paul Adare


 
 

Re: Bitlocker and Smartcard authentification

In article <uwr2N$5KHHA.3564@TK2MSFTNGP02.phx.gbl>, in the
microsoft.public.windows.vista.security news group, Detlev
Rackow <detlev.rackow@gmx.de> says...

> Is there a chance that a smartcard-operated authentification might be
> implemented into the security system of Bitlocker?
>


Not any time soon, no.

--
Paul Adare - MVP Virtual Machines
Waiting for a bus is about as thrilling as fishing,
with the similar tantalisation that something,
sometime, somehow, will turn up. George Courtauld

My System SpecsSystem Spec
Old 01-23-2007   #3 (permalink)
Pat Hoffer [MSFT]


 
 

Re: Bitlocker and Smartcard authentification

Smart cards can be used in Vista for logon and for EFS encryption. A
combination of these features may be a solution to consider for your laptops.
Here's an overview that might be helpful:
http://www.microsoft.com/technet/win...ata.mspx#EGJAC

Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Paul Adare" wrote:

> In article <uwr2N$5KHHA.3564@TK2MSFTNGP02.phx.gbl>, in the
> microsoft.public.windows.vista.security news group, Detlev
> Rackow <detlev.rackow@gmx.de> says...
>
> > Is there a chance that a smartcard-operated authentification might be
> > implemented into the security system of Bitlocker?
> >

>
> Not any time soon, no.
>
> --
> Paul Adare - MVP Virtual Machines
> Waiting for a bus is about as thrilling as fishing,
> with the similar tantalisation that something,
> sometime, somehow, will turn up. George Courtauld
>
>

My System SpecsSystem Spec
Reply

Thread Tools


Similar Threads
Thread Forum
Authentification problem Vista networking & sharing
Authentification mystery - XP Pro SP3 + Vista Ult 64 SP1 Vista networking & sharing
LEAP AUTHENTIFICATION WITH VISTA Vista networking & sharing
LDAP user authentification PowerShell
BitLocker: SmartCard support? Vista security


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46