Setting up Smart Cards...where do I begin?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Setting up Smart Cards...where do I begin?

44 Views
ichiha68
Contributor I

First post on here, love that this resource is available and I refer to it frequently! Had a question regarding setting up 2FA smart cards for my end users.

We currently use HID 1386 contactless cards to badge into the building (125Khz...?), and I'd like to be able to use them for the PCs as well. I don't know if this is feasible however, seeing as the cards come pre-programmed and I dont even know if it would meet NIST 800-171 guidelines. I got a quote for some HID cards model 1597 that include a smart chip, and the contactless standard we use to enter the building.

My question is, would these work to authenticate with Windows? By this I mean, could we use these cards for entry, and would the chip be compatible with Windows AD? Or is there a standard these chips have to meet to work properly? The standard I kept seeing was ISO 7816.

Also, what would I be looking for cost-wise to deploy this? The quote I got was for ~$1100 for 100 of the aforementioned cards. I'm willing to entertain this as it means we only have to carry one card, but if it would be considerably cheaper to just get new smart cards and have to carry an extra I'm willing to entertain that as well.

Thanks in advance!

Labels (1)
0 Kudos
Reply
1 Reply

10 Views
EduardoZamora
NXP TechSupport
NXP TechSupport

Hello @ichiha68

Hope you are doing well.

My apologies, I am not completely aware of the requirements of Windows AD and the specifications of the contactless cards you are using (please consider contacting the manufacturer for further support).

After some quick research, HID 1386 cards appear to be 125 kHz LF proximity credentials intended for physical access control. That LF proximity technology by itself would not be sufficient for native Windows/Active Directory smart-card logon, because Windows smart-card sign-in seems to expect a supported smart-card interface/middleware where Windows can enumerate a user certificate and use the corresponding private key for authentication.

Regards,
Eduardo.

0 Kudos
Reply
%3CLINGO-SUB%20id%3D%22lingo-sub-2389625%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3ESetting%20up%20Smart%20Cards...where%20do%20I%20begin%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2389625%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EFirst%20post%20on%20here%2C%20love%20that%20this%20resource%20is%20available%20and%20I%20refer%20to%20it%20frequently!%20Had%20a%20question%20regarding%20setting%20up%202FA%20smart%20cards%20for%20my%20end%20users.%3C%2FP%3E%3CP%3EWe%20currently%20use%20HID%201386%20contactless%20cards%20to%20badge%20into%20the%20building%20(125Khz...%3F)%2C%20and%20I'd%20like%20to%20be%20able%20to%20use%20them%20for%20the%20PCs%20as%20well.%20I%20don't%20know%20if%20this%20is%20feasible%20however%2C%20seeing%20as%20the%20cards%20come%20pre-programmed%20and%20I%20dont%20even%20know%20if%20it%20would%20meet%20NIST%20800-171%20guidelines.%20I%20got%20a%20quote%20for%20some%20HID%20cards%20model%201597%20that%20include%20a%20smart%20chip%2C%20and%20the%20contactless%20standard%20we%20use%20to%20enter%20the%20building.%3C%2FP%3E%3CP%3EMy%20question%20is%2C%20would%20these%20work%20to%20authenticate%20with%20Windows%3F%20By%20this%20I%20mean%2C%20could%20we%20use%20these%20cards%20for%20entry%2C%20and%20would%20the%20chip%20be%20compatible%20with%20Windows%20AD%3F%20Or%20is%20there%20a%20standard%20these%20chips%20have%20to%20meet%20to%20work%20properly%3F%20The%20standard%20I%20kept%20seeing%20was%20ISO%207816.%3C%2FP%3E%3CP%3EAlso%2C%20what%20would%20I%20be%20looking%20for%20cost-wise%20to%20deploy%20this%3F%20The%20quote%20I%20got%20was%20for%20~%241100%20for%20100%20of%20the%20aforementioned%20cards.%20I'm%20willing%20to%20entertain%20this%20as%20it%20means%20we%20only%20have%20to%20carry%20one%20card%2C%20but%20if%20it%20would%20be%20considerably%20cheaper%20to%20just%20get%20new%20smart%20cards%20and%20have%20to%20carry%20an%20extra%20I'm%20willing%20to%20entertain%20that%20as%20well.%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2389625%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3EAutomotive%20Smart%20Cards%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2389975%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20Setting%20up%20Smart%20Cards...where%20do%20I%20begin%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2389975%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F264340%22%20target%3D%22_blank%22%3E%40ichiha68%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EHope%20you%20are%20doing%20well.%3C%2FP%3E%0A%3CP%3EMy%20apologies%2C%20I%20am%20not%20completely%20aware%20of%20the%20requirements%20of%20Windows%20AD%20and%20the%20specifications%20of%20the%20contactless%20cards%20you%20are%20using%20(please%20consider%20contacting%20the%20manufacturer%20for%20further%20support).%3C%2FP%3E%0A%3CP%3EAfter%20some%20quick%20research%2C%20HID%201386%20cards%20appear%20to%20be%20125%20kHz%20LF%20proximity%20credentials%20intended%20for%20physical%20access%20control.%20That%20LF%20proximity%20technology%20by%20itself%20would%20not%20be%20sufficient%20for%20native%20Windows%2FActive%20Directory%20smart-card%20logon%2C%20because%20Windows%20smart-card%20sign-in%20seems%20to%20expect%20a%20supported%20smart-card%20interface%2Fmiddleware%20where%20Windows%20can%20enumerate%20a%20user%20certificate%20and%20use%20the%20corresponding%20private%20key%20for%20authentication.%3C%2FP%3E%0A%3CP%3ERegards%2C%3CBR%20%2F%3EEduardo.%3C%2FP%3E%3C%2FLINGO-BODY%3E