After a deep search on the internet I didn’t find any exhaustive document related to how the smart card logon authentication works in an offline scenario. The only relevant documents that I found on the internet about the topic are the next: http://craigchamberlain.com/library/microsoft/sclogon.doc http://technet.microsoft.com/en-us/library/ff404285(WS.10).aspx Windows Server 2008 Security Resource Kit (Jesper M. Johansson and MVPs with the Microsoft Security Team) All the above documents don’t explain the details of the smart card logon authentication in an offline scenario. In an online scenario using the standard username and password, after successfully obtaining a TGS from the ticket granting service of the Kerberos authentication protocol, a “password verifier” (also known as “cached credentials”) is built salting (with the username) a hash of the NT hash password (The NT hash is built applying a MD4 hash to the password used to logon and It is cached in lsa protected ram memory for the next multiple purposes: 1) Building the password verifier and compare it to the one stored in the local machine to authenticate the user in an offline scenario 2) Deriving a key used to decrypt the DPAPI master key used for EFS and other purposes 3) Accessing any resource that cannot use the Kerberos system) and applying to the result 10000 PKCS #5 operations. This “password verifier” is stored locally on the machine where the domain user has performed the domain logon to allow the domain user to authenticate to the domain-joined computer when the dc is unavailable (similar but with much stronger security to the authentication protocol that happens in a machine that is not joined to a domain. In this case the NT hash is stored locally without applying another salted hash and PKCS #5 operations. Another difference, in this case, is that the DPAPI master key is decrypted using a key derived directly from the plaintext password store in lsa as described at http://msdn.microsoft.com/en-us/library/ms995355.aspx) When the policy that requires a user to logon to domain using a smart card is enabled a strong random password (that never expires) is generated for that user in DC and the NT hash of this strong password is calculated and stored on DC disk in the user object data. Since when the user is required to logon using the smart cart he/she doesn’t use a password to logon the NT hash can’t be built in lsa memory. In this case the DC, after successfully obtaining a TGS from the ticket granting service of the Kerberos authentication protocol, sends directly to the user the NT hash, along with other authentication data. The NT hash is sent encrypted with the public key of the user smart card logon certificate so that the user is able to decrypt it and store it in protected lsa. The NT hash is needed in lsa memory for the next two reasons: 1) Accessing any resource that cannot use the Kerberos system 2) Deriving a key from the NT hash to decrypt the DPAPI master key (Even if, in this case, one could argue, with reasons, that it would be easier to use the public key stored on the smart card to encrypt the DPAPI master key. I think this is done for compatibility with current and old software that use the system and user DPAPI interfaces. From Windows Vista it is possible to use EFS (Encrypting File System) encrypting the FEK directly with an appropriate certificate and I think that in the future the smart card will be further integrated in the Window Os allowing to use it also for encrypting at least the user DPAPI master key) I finally come to my question. While it is clear how the offline authentication is performed in a username/password scenario I have not found any document that explains how the offline authentication works in smart card logon enforced scenario. From the above documents it is clear that , in this case, once authenticated by Domain, the user has the NT Hash in lsa memory but it is not clear if the “Password verifier” is built also in this case. So: 1) Is the password verifier (Salted hash of NT hash with final 10000 PKCS #5 operations) built from NT hash cached in protected ram and stored locally on the pc also when the user logs on with the smart card? 2) It is obvious that, in any way, to offline authenticate a user with a smart card the private key of the logon smart card certificate has to be used to decrypt some data on the local pc that is encrypted with the user smart card public key or key derived from random data signature created with the private key of the smart card logon certificate. My question is: Is this encrypted data simply the NT hash that, once decrypted with the private key of the smart card user logon certificate, is used to build the password verifier that is compared to the password verifier stored on the local pc? 3) In the case 1) and 2) are false can anyone explain how the offline authentication is performed in the case a smart card logon is required? Thanks a lot for reading and for any help Best regards

When computers are configured for the smart card logon process, the smart card is used to authenticate users when they log on to a local computer or a network. Therefore, you can deploy smart cards for portable computers that are used by mobile users without requiring either separate logon credentials or separate logon processes for online and offline operation. http://technet.microsoft.com/en-us/library/cc962052.aspx http://technet.microsoft.com/en-us/library/ee844149(WS.10).aspx

When computers are configured for the smart card logon process, the smart card is used to authenticate users when they log on to a local computer or a network. Therefore, you can deploy smart cards for portable computers that are used by mobile users without requiring either separate logon credentials or separate logon processes for online and offline operation. http://technet.microsoft.com/en-us/library/cc962052.aspx http://technet.microsoft.com/en-us/library/ee844149(WS.10).aspx