Abstract: A system, method, and computer program to implement Public Key Infrastructure (“PKI”)-based access controls on a computing device independently of the operating system's user identification and authorization system. A software application on a standalone, non-networked computing device detects a “smart card” with a PKI certificate identifying the card holder. The identity of the card holder is verified against a registry stored on the computing device separately from the operating system's user identification and authorization system. Verification of the identity of the card holder results in setting the state of the computer system as “authorized” or “unauthorized.” In the unauthorized state, user input and viewing of information is prevented. The software application may thus identify individual smart card holders and provide secure access to data and resources, and track authorized and unauthorized access on computing devices that must remain in an “always logged in” state.