Strong Authentication: Building Apps That Leverage Virtual Smart Cards in Enterprise, BYOD, and Consumer Environments

Sign in to queue

The Discussion

  • User profile image
    bdhc73a

    Please address if you can send an APDU to a real smart card in a reader similar to the API SCardTransmit().

     

     

  • User profile image
    Himanshu Soni

    bdhc73a - I assume you are asking if there is an ability to send APDU to a smart card (real or virtual) using WinRT API from a Windows Store App. For Windows 8.1, this functionality is not available. Only Win32 applications can send APDUs to real or virtual smart cards.

  • User profile image
    bdhc73a

    You are correct, I am waiting for smartcard access from a WinRT API.

    Is it a matter of policy that it is prevented, or a lack of resources?

     

  • User profile image
    Himanshu Soni

    You are right in that the certificate cannot be pulled out like a real "something you have". Hence, you cannot claim 2FA to the device itself. However, when authenticating to a network resource such as a website or a file share or authenticating for remote access for VPN, the device can be claimed as an authenticating factor because without the possession of the device, the user is not able to authenticate to the network resource. In those cases, the device is "something you have" and the PIN is "something you know".

Add Your 2 Cents