Smart Card Logon - Use Case Description
This demo use case will demonstrate a WINDOWS 2-factor Log-On authentication using a Java Card and the wireless card reader AirID.
Additionally AirID will automatically lock the computer if a preset distance between your computer and AirID will be exceeded.
For this smart card demo use case we are using a third-party secure Log-On software, the EIDAuthenticate. This software simplifies WINDOWS smart card logon and does not require to be connected to a WINDOWS domain or to set up a Public Key Infrastructure (PKI). The smart card, provided by the AirID Evaluation-Kit, has been already initialised and personalized with a demo certificate.
1. Please check before you start:
For this use case of WINDOWS Smart Card Logon you will require:
- A smart card, JCOP 2.4.1 with an applet (provided with the AirID Evaluation-Kit)
- An AirID Version 1, wireless smart card reader (provided with the AirID Evaluation-Kit)
- A computer running Windows 10 operating system with Bluetooth LE 4.0 enabled (if BLE is not available onboard, a separate USB Bluetooth LE Adapter will be required). Please use a complete fresh system (clean Windows 10 installation) for this demo use case.
- Administrative rights for installing new software on the computer
5. The computer must be stand alone or a local account must be configured on domain computers
Please use this smart card and PINs for Smart Card Logon demo use case:
2. Initial Installation on Windows 10
This section describes the initial setup and basic configurations on Windows 10 which are required for the Windows based demo use case, provided that no other prior installation has taken place.These steps are not necessary if there is a previous configuration for the document signing use case.
- AirID Driver and AirID Central Installation
- Bluetooth Pairing
2.1 AirID Driver and AirID Central Installation
Follow the steps below to install the AirID Windows Driver and the AirID Central App.
The AirID Central is a management App for your AirID. The App provides you with information and settings options for your AirID when your AirID is connected to your Windows device.
The AirID Windows Driver and the AirID Central App have been installed and the next step will be Bluetooth Pairing of the AirID with your computer.
3. EIDAuthenticate Installation
Follow the steps below to install EIDAuthenticate:
- Please download the software EIDAuthenticateSetup EIDAuthenticateSetup_Enterprise-Edition_1.2.5_x64.msi for EIDAuthenticateCertgateEnterpriseEditionx64.msi for a 64-bit system or EIDAuthenticateSetup_Enterprise-Edition_1.2.5_x86.msi for EIDAuthenticateCertgateEnterpriseEditionx86.msi for a 32-bit system and double click on the .msi file to install.
- Follow the instructions in the installation wizard and enter your Windows user account password (not the PIN of the smart card) in the corresponding dialog box.
Now, EIDAuthenticate has been installed and from now on you will be able to log in using the smart card and the PIN.
4. Using automated "Distance Log-Out" with AirID
The AirId reader can log you out and locks WINDOWS automatically, if a (preset) distance between your computer and your AirID has been exceeded.
The "Distance Log-Out" is managed in AirID settings using "Coverage".
Please set the "Coverage" value so that the access to the device is automatically locked when the predefined distance from AirID is exceeded.
- Make sure, AirID is connected via BLE with your working device
- Take your AirID and navigate to Settings > Coverage
- Select On
- Select Presetting and Near
Optionally, you can select any other presetting value or do a manual setting.
Settings can only be changed with an active Bluetooth connection between your computer and AirID reader.
To avoid unintended disconnects, keep in mind that the minimum distance for the automated log-out is about three meters between your computer and AirID reader.
The distance value for the coverage feature represents a relative value. It depends on the signal strength of the AirID, on the environment and on other interferencing signals.