About Microsoft Virtual Smart Cards
Microsoft’s virtual smart card technology emulates the two-factor authentication security benefits of card-based credentials. It eliminates the need for separate authentication hardware (physical cards and readers).
The virtual smart card is created in the native Trusted Platform Module (TPM) present on the device’s motherboard, and the associated keys are isolated in cryptographically secured hardware.
The virtual smart card is protected by a PIN, offering a two-factor authentication model.
The main difference compared to physical smart cards is that the virtual smart card is part of the Microsoft Windows device (desktop, laptop or tablet). Multiple virtual smart cards are needed if multiple Microsoft Windows devices are used.
The virtual smart card provides the same functionality as physical smart cards:
-
Authentication:
-
Authentication to the Microsoft Windows desktop.
-
Two-factor authentication-based remote access.
-
Client authentication using Secure Socket Layer (SSL) or a similar technology.
-
Remote desktop connections with virtual smart cards stored on the connecting computer that are loaded onto the remote computer.
- Windows To Go with virtual smart cards provisioned for the user on removable storage devices.
-
-
Encryption:
-
S/MIME email
- BitLocker for data volumes
-
Signing data using digital signatures containing a private key that is stored in the virtual smart card.
-
For further information about virtual smart cards, go to:
https://technet.microsoft.com/en-us/library/dn593708(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/dn578507(v=ws.11).aspx
