User Security. The .NET smart card supports an extendable access management system that allows developers and card deployers to define user roles for managing the card. These user roles control the deployment of new assemblies to the card, as well as control over the .NET card file system.

The smart card is designed to be able to provide secure, interoperable storage space. Following web security standards and access controls, the smart card can serve the user data based on the rules for that user.
 

Application Security. Applications deployed on the .NET smart card are always signed assemblies. The public-key token of the signed assemblies is used to grant or deny privileges to a given application. For example, a library assembly installed on the card might restrict unknown assemblies from using its API.
 

Data Security. Data for .NET applications can be stored either internally to the application or in the .NET file system. Applications using the file system can be assured that file-based data is secured by access control lists associated with the public-key tokens of on-card assemblies