A smart card is, in most cases, a credit card–sized device that contains a memory chip. These devices have many uses. For example, they are used to provision a phone's identity in the Global System for Mobile (GSM) communications cellular telephone system and its derivatives. Smart cards may also be used to authenticate to Windows. In that case they contain an X.509 certificate. (See Chapter 10 for more information about certificates.) The certificate contains a private key, and the corresponding public key is stored in the user object in Active Directory.

When the user authenticates using a smart card, WinLogon will ask for a PIN code instead of a password. It then contacts the smart card provider and provides it with ...