Smart card and associated methods for initiating virtual sessions at kiosk device

The invention claimed is: 1. A smart card comprising: a memory configured to store a user connection lease and user interface (UI) cache for a user and a private/public key pair of the smart card, the user connection lease being bound to the private/public key pair of the smart card; and a processor coupled to the memory and configured to establish a communications link with a kiosk device to be shared by a plurality of different users, initiate a virtual session for the user at the kiosk device based upon the user connection lease and the private key responsive to establishing the communications link, the smart card defining an endpoint for the virtual session authorization, and cause the kiosk device to launch the virtual session based upon the user UI cache. 2. The smart card of claim 1 wherein updates to the user connection lease and UI cache are stored at the kiosk device, and wherein the processor is configured to download the updates to the user connection lease and UI cache from the kiosk device to the memory upon establishing the communications link with the kiosk device. 3. The smart card of claim 1 wherein the memory is further configured to store an authentication (auth) token, and wherein the processor is configured to initiate the virtual session using single sign-on (SSon) authentication based upon the auth token. 4. The smart card of claim 1 wherein the memory is configured to store a version of the public encryption key signed by a Root of Trust (RoT), and wherein the processor is further configured to cause the kiosk device to initiate updates to the user connection lease by a connection lease issuing service (CLIS) and to initiate the virtual session for the user at the kiosk device based upon the public encryption key signed by the RoT. 5. The smart card of claim 4 wherein the memory is further configured to store a public encryption key of the CLIS signed by the RoT and a public encryption key of the RoT, and wherein the processor is further configured to initiate the virtual session by performing a user connection lease exchange with a virtual delivery appliance configured to deliver the virtual session based upon the signed CLIS public key and the RoT public key. 6. The smart card of claim 1 wherein the UI cache comprises at least one static asset to be displayed by the kiosk device. 7. The smart card of claim 1 wherein the UI cache comprises at least one published resource the user is entitled to access through the virtual session. 8. The smart card of claim 1 wherein the communications link comprises at least one of a near field communication (NFC) link, a universal serial bus (USB) link, a Bluetooth link, and a wireless local area network (WLAN) link. 9. An electronic device comprising: a portable housing; a memory in the portable housing configured to store a virtual smart card, a private/public key pair of the virtual smart card, and a user connection lease and user interface (UI) cache for a user, the user connection lease being bound to the private/public key pair of the virtual smart card; and a processor in the portable housing coupled to the memory and configured to establish a communications link with a kiosk device to be shared by a plurality of different users, initiate a virtual session for the user at the kiosk device based upon the user connection lease and the private key responsive to establishing the communications link, the virtual smart card defining an endpoint for the virtual session authorization, and cause the kiosk device to launch the virtual session based upon the user UI cache. 10. The electronic device of claim 9 wherein updates to the user connection lease and UI cache are stored at the kiosk device, and wherein the processor is configured to download the updates to the user connection lease and UI cache from the kiosk device to the memory upon establishing the communications link with the kiosk device. 11. The electronic device of claim 9 wherein the memory is further configured to store an authentication (auth) token, and wherein the processor is configured to initiate the virtual session using single sign-on (SSon) authentication based upon the auth token. 12. The electronic device of claim 9 wherein the memory is configured to store a version of the public encryption key signed by a Root of Trust (RoT), and wherein the processor is further configured to cause the kiosk device to initiate updates to the user connection lease by a connection lease issuing service (CLIS) and to initiate the virtual session for the user at the kiosk device based upon the public encryption key signed by the RoT. 13. The electronic device of claim 12 wherein the memory is further configured to store a public encryption key of the CLIS signed by the RoT and a public encryption key of the RoT, and wherein the processor is further configured to initiate the virtual session by performing a user connection lease exchange with a virtual delivery appliance configured to deliver the virtual session based upon the signed CLIS public key and the RoT public key. 14. The electronic device of claim 9 wherein the portable housing comprises at least one of a smartphone housing and a smart watch housing. 15. A method comprising: storing in a memory a user connection lease and user interface (UI) cache for a user and a private/public key pair of a smart card, the user connection lease being bound to the private/public key pair of the smart card; establishing a communications link between the smart card and a kiosk device, the kiosk device to be shared by a plurality of different users; initiating a virtual session for the user at the kiosk device using the smart card based upon the user connection lease and the private key responsive to establishing the communications link, the smart card defining an endpoint for the virtual session authorization; and causing the kiosk device to launch the virtual session using the smart card based upon the user UI cache. 16. The method of claim 15 wherein updates to the user connection lease and UI cache are stored at the kiosk device; and further comprising downloading the updates to the user connection lease and UI cache from the kiosk device to the memory upon establishing the communications link with the kiosk device. 17. The method of claim 15 further comprising storing an authentication (auth) token in the memory; and wherein initiating the virtual session comprises initiating the virtual session using single sign-on (SSon) authentication based upon the auth token. 18. The method of claim 15 further comprising storing a version of the public encryption key signed by a Root of Trust (RoT) in the memory; and further comprising using the smart card to cause the kiosk device to initiate updates to the user connection lease by a connection lease issuing service (CLIS), and to initiate the virtual session for the user at the kiosk device based upon the public encryption key signed by the RoT. 19. The method of claim 18 further comprising storing a public encryption key of the CLIS signed by the RoT and a public encryption key of the RoT in the memory; and further comprising using the smart card to initiate the virtual session by performing a user connection lease exchange with a virtual delivery appliance configured to deliver the virtual session based upon the signed CLIS public key and the RoT public key. 20. The method of claim 15 wherein the UI cache comprises at least one of a static asset to be displayed by the kiosk device, and a publi