Windows 10: Windows Security (Smart Card Pin)

Discus and support Windows Security (Smart Card Pin) in Windows 10 Ask Insider to solve the problem; Everytime I boot in, Windows Security prompts me to enter my Common Access Card. Even if I boot without my CAC Reader in. It only started doing this... Discussion in 'Windows 10 Ask Insider' started by /u/Palejonesy, Feb 15, 2020 at 12:07 AM.

  1. Windows Security (Smart Card Pin)


    Everytime I boot in, Windows Security prompts me to enter my Common Access Card. Even if I boot without my CAC Reader in. It only started doing this after the recent update. I've disabled the CAC Reader Driver, uninstalled DoD Certs and reinstalled, created a new profile and it all seems to be the issue.

    I'm running the following:

    Asrock 370 sli/ac mobo 32gb ram (g.skill 3000mhz) Nvidia GTX 1070 (ROG OC Edition) x2 on SLI 650PSU Kingston 500 SSD Hitachi 4gb HDD

    My CAC reader is: ACR39U ICC Reader

    According to Windows Update and DriversCloud, all my drivers are up to date. The popup usually appears 4 times in a row and then disappears until I actually login to an Army website or until I restart the computer. If I just have my card in and use my pin at login, the popup disappears until reboot.

    If needed, I can post a full read of my PC via the output from CPU-Z

    submitted by /u/Palejonesy
    [link] [comments]

    :)
     
    /u/Palejonesy, Feb 15, 2020 at 12:07 AM
    #1
  2. OOlahoop Win User

    About the security of Virtual Smart Cards

    * Merged

    * Original title: About Virtual Smart Card Security

    Trying to have a good overview about the security of Virtual Smart Cards relying on TPMs, I read this very short article (the only I found) covering this topic (first part): Evaluate Virtual Smart Card Security (Windows 10) - Microsoft 365 Security.

    I well understand there is a key hierarchy (EK ; SRK -> SmartCardK ; SRK -> UserKey) as it is commonly in keys management solutions. However, I don't understand how the authorization process works. Moreover, the article says : "The TPM key hierarchy is designed
    to allow encryption of user data with the storage root key, but it authorizes decryption with the user PIN in such a way that changing the PIN doesn’t require re-encryption of the data." This explictely means that the PIN is not used at any moment to encrypt/decrypt
    any user key, but it is used instead to authorize this description..ok.

    Well, what is this process of authorization and what (how) is really encrypted ?

    I'm not 100% sure of that but I guess the PINs are not stored in the TPM since there may be a lot of VSC and since the TPM is not suited to store a lot of objects (limited memory). So, taking the first step as an example, how is the SCK decrypted/encrypted
    ? Regardind the decryption, we can see "ScKey = DsrkPriv(SCKeyBlob) | PIN" which makes me believe the SCK blob is only the SCK encrypted with the public part of the SRK. So what does mean "| PIN" ? And how does the TPM verify the PIN is correct ? It seems
    the PIN is involved somewhat here (as well as the "authorization key" for the user keys).

    | PIN is obviously not a concatenation since it would make the PIN leak just by looking at the file stored on the disk.

    Thanks for your feedback !

    Have a nice day Windows Security (Smart Card Pin) :)
     
  3. Windows Security Smart Card popup

    Hi Hoarder,

    Disable Smart Card Plug and Play Service

    Step 1

    Hold down the "Windows" key and press "R" to open the Run dialog. Type "gpedit.msc" at the prompt and press "Enter" to open the Local Group Policy Editor.

    Step 2

    Expand "Computer Configuration," "Administrative Templates" and "Windows Components" in the tree browser. Double-click the "Smart Card" folder in the main window.

    Step 3

    Right-click "Turn On Smart Card Plug and Play Service" and select "Edit." In the Properties dialog, select "Disabled" to turn off this service and remove the smart card option from the login screen. Click "Apply" and "OK" to save your changes.

    Step 4

    Close Local Group Policy Editor and restart Windows to finalize the changes.

    Let me know if this will work.

    Thanks and regards,
     
    RichardGuerzon, Feb 15, 2020 at 12:10 AM
    #3
  4. Naveen_M Win User

    Windows Security (Smart Card Pin)

    About the security of Virtual Smart Cards

    Hi Arachnide,

    Thank you for writing to Microsoft Community Forums.

    Windows 10 uses the TPM to protect the encryption keys for BitLocker Volumes, virtual smart cards, certificates, and the many other keys that TPM is used to generate. TPM is used to securely record and protect integrity-related measurements of select hardware.
    The TPM can also be used to generate and store cryptographic keys.

    You can refer to this thread in Microsoft TechNet forums on
    Does Windows remember PIN of the Virtual Smart Card in memory? and check.

    I'd suggest you to post your query in the
    TechNet forums
    where we have a team of experts who are well equipped to answer your query. Queries regarding encryption and decryption are best addressed here.

    Regards,

    Naveen M

    Microsoft Community - Moderator
     
Thema:

Windows Security (Smart Card Pin)

Loading...
  1. Windows Security (Smart Card Pin) - Similar Threads - Security Smart Card

  2. Windows Security Repeated Smart Card Prompting

    in AntiVirus, Firewalls and System Security
    Windows Security Repeated Smart Card Prompting: When starting/restarting my PC, I get this windows security prompt to connect a smart card. I click cancel or x out of it, and it will show up another 5-10 times. This only happens when the PC is starting up. I searched for online results, and done things people have posted...
  3. windows security smart card problem after update

    in Windows 10 Installation and Upgrade
    windows security smart card problem after update: Hello, i am a win 10 home user. yesterday i updated the latest windows 10 update and after this i keep getting this annoying smart card pop-up wich even after closing restarts immediatly. i am a somewhat experienced user but this problem has baffled me for the past hour...
  4. Smart card subsystem

    in Windows 10 Drivers and Hardware
    Smart card subsystem: I'm running Windows 10 and use a smart card reader to update a security card frequently. Lately when I plug the reader in I get an error message saying "Unable to connect to smartcard subsystem" . The tech support for the card service says this occurred during a Windows...
  5. Windows Security Smart Card popup

    in AntiVirus, Firewalls and System Security
    Windows Security Smart Card popup: When starting my computer I get the popup attached below, it comes up and has to be dismissed a total of four times. This happens on two different Windows 10 devices I use. I use a smart card to access enterprise webmail on occasion and that works without issue. I do not use...
  6. Win 10 Pro Windows Security Smart Card Prompt

    in AntiVirus, Firewalls and System Security
    Win 10 Pro Windows Security Smart Card Prompt: After an update my computer now incessantly asks for a smart card at least 4 times after I login to Win 10. How do I turn this off without disabling the smart card in gpedit?...
  7. Virtual Machine is not reading Smart Card reader and Smart card after Windows update.

    in Windows 10 Drivers and Hardware
    Virtual Machine is not reading Smart Card reader and Smart card after Windows update.: Environment: WIN10 v1607 ENT N 2016 2016 / Virtual Machine - (Physical desktops with updates operate correctly) Since installing latest updates, all VM's will not read the certificates. However both objects "SCR35xx Smart Card Reader" and "Smart Card" -ARE- shown in device...
  8. About the security of Virtual Smart Cards

    in AntiVirus, Firewalls and System Security
    About the security of Virtual Smart Cards: Hello all, Trying to have a good overview about the security of Virtual Smart Cards relying on TPMs, I read this very short article (the only I found) covering this topic (first part):...
  9. Disable PIN caching for Virtual Smart Cards

    in AntiVirus, Firewalls and System Security
    Disable PIN caching for Virtual Smart Cards: We want to store digital certificates for PDF signing in virtual smart cards. Due to regulatory reasons (FDA, we are developing medical devices), I have to assure that the PIN protecting the certificate has to be (re-)entered for each document to be signed. The default...
  10. Connect a Smart Card

    in User Accounts and Family Safety
    Connect a Smart Card: I can't make any changes on my ASUS Laptop, every time I tried "connect a smart card" appear. This is a personal computer and I didn't use any smart card. Please help to sort this out. Thanks in advance. 30636