Features of Smart ID Desktop App

Use cases

Use virtual smart cards for securing the day-to-day business.

Provision manage and use virtual smart cards, Yubikey and other tokens for authentication, signing and encryption.  

Store keys in Microsoft certificate store with the same use cases as virtual smart cards. 

One-time passwords (OTP)

There are two different types of one-time passwords (OTP), as defined by the Initiative for Open Authentication (OATH):

• Time-based OTP (TOTP): A TOTP is renewed after a fix amount of time, for example 30 seconds. The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique.

• Event-based OTP (HOTP): An HOTP is valid per authentication. After authentication a new OTP is generated. 

External middleware and smart card integration

Only applicable for Smart ID Desktop App 2.0 and later versions.

• Card details visible in GUI

• Online authentication and signing via Hermod Messaging.

• Simple PIN management features (PIN change)

• Personal Desktop Client with a defined set of Atos CardOS and NXP JCOP3 cards

• Thales SAC and IDPrime MD (3)940 with Thales profile

PKI-encode smart cards as part of the Digital ID solution. 

Windows-related use cases, such as these: 

• Windows logon, logging in to a PC or laptop

• TLS client cert authentication in Microsoft Edge

• Remote access using VPN or direct access

• Native app integration through MS crypto APIs CAPI or CNG

• Secure email using S/MIME

Independently of Smart ID Desktop App, the following use cases also apply:

• Document protection by signing or encryption

• BitLocker drive encryption for data volumes

If you connect to another computer using remote desktop, the virtual smart card on the remote computer is disabled.

Integrate PKCS#11 clients with the virtual smart card.

User interface

Modern user interface which allows the user to:

• View profile and certificate details

• Delete profiles

• Change PIN

• Import certificate from file

• Read logs and manage log level

• Change colour theme

• Automatically use the language according to Windows setting, for supported languages

For more information on language support etc, see Smart ID Desktop App requirements and interoperability.

Lifecycle management

Integrated into the overall Nexus Smart ID architecture for:

• Remote provisioning of certificates to the virtual smart card

• Remote PIN reset in case user forgets their PIN

• Web browser online authentication via plugout, see Plugout web browser integration.

• Web browser online signing via plugout, see Plugout web browser integration.

For more information on use cases, see Virtual smart card management in Smart ID.

Security

Virtual smart cards have the same level of security as a physical smart card:

• Keys used for authentication are created and stored in cryptographically secured hardware (TPM)

• Non-exportability, isolated cryptography and anti-hammering by using the TPM