Crayonic Agent
Crayonic Agent is decentralized end-point security solution that enables Crayonic smart authenticators or even ordinary smart cards that observe PIV and FIDO standards to protect access to Windows desktop environment and even legacy applications that may still require usernames and passwords.
Its first version secures shared Windows account (domain or local) by only allowing access to desktop when user authenticates using X509 certificate stored on authenticators. The access is granted when X509 certificate is presented and signature of nonce (timestamp) is verified against its public key using PIV protocol supported by Windows natively. Besides signature verification, the certificate has to be valid i.e. not expired and must be signed by trusted CA with its root certificate stored in the Windows key store.
The screen is locked whenever the access to the card that presented X509 certificate is lost i.e. when user disconnects the authenticator or card. Access could be revoked by time when activated as a windows screensaver.
Login and logout events are logged in the local Windows event log and could be collected by the preferred SIEM tool or Crayonic Gateway.
The upcoming version of Crayonic Agent will support auto-fill of usernames and passwords for legacy Windows applications. The username and password is pulled from connected Crayonic authenticators (Crayonic Badge or Crayonic KeyVault) and filled automatically into pre-configured windows dialog pop-up requesting username and password. The correct app dialog recognition needs to be configured per application before this feature can be used.