Interface devices, or readers, are an essential component of any smart card deployment and ensure communication between smart cards and network services, but they must do so in a convenient yet secure manner. Thales' SafeNet family of smart card readers provide the perfect balance of ease of use, backed by the highest level of security. As the number one supplier of Smart Card readers in the world, Thales' products are backed by more than 30 years of security and cryptography research and development, and are reliable, versatile and compliant with relevant standards and certifications for each industry.
All in one platform. Connected to a PC, laptop or thin client, these readers ensure communication between the smart card and network services. This portfolio of products includes readers for desktops, laptops and PIN pads for secure PIN entry. This ensures the maximum flexibility for any use case or business environment.
Gempc Smart Card Reader Driver For Mac
Discover the benefits of SafeNet IDBridge family of contact and embedded smart card readers. IDBridge products are backed by more than 30 years of security and cryptography research and development and are reliable, versatile and compliant with relevant standards and certifications for each industry.
Connected to a PC, laptop or thin client, these readers ensure communication between the smart card and network services. This portfolio of products includes readers for desktops, laptops and PIN pads for secure PIN entry. This ensures the maximum flexibility for any use case or business environment.
ACS smart cards are available for custom branding and promotional purposes. We welcome OEM enquiries for design printing and personalization at a reasonable cost. Furthermore, customers can buy white ACS cards, which they can design by their own.
The ACS Android Library was built to support the use of various ACS readers with Android devices. The ACS Android Library is a collection of methods and functions allowing application developers to build smartcard based application in the Android platform.
Find web applications that enable users to experience the functionalities of ACS smart cards and smart card readers. These demo applications are offered free of charge. Applications require that a user have the smart card or smart card reader being demonstrated.
Find programs to help navigate or maximize the use of supported smart cards and smart card readers. These utility tools are offered free of charge. Tools can be used only with the supported operating systems, indicated respectively.
I just upgraded my MacBook Pro to Monterey and now the smart card functionality is not working (DoD CAC). It was working prior to the update. Did Monterey change some setting I need to switch back, or did Apply release an OS upgrade that made my machine useless for my primary task (work)?o
When you insert a smart card into a smart card reader, Windows tries to download and install the smart card minidrivers for the card through Plug and Play services. If the driver for the smart card is not available at any of the preconfigured locations, such as Windows Update, WSUS, or intranet paths, and a custom Crypto service provider is not already installed on the system, you receive the following error message in the notification area:
However, if the user is provided with only item 3 or 4 from this list, the smart card continues to work on the system. However, the user will receive the error message that is mentioned in this section every time that they insert the smart card.
All smart cards require additional software to work in Windows unless there is an inbox driver that lets the user use the card without installing additional software. The Windows Smart Card Framework was improved in Windows 7 to enable the automatic downloading of smart card minidrivers from Windows Update or from other similar locations such as a WSUS server when the smart card is inserted into the reader. All smart cards that successfully pass the logo requirements, as published by the Windows Logo Program, benefit from this feature.
However, if the software that is required to use a smart card in Windows is not logoed or is of a type that differs from a minidriver, such as a PKCS#11 driver, a custom CSP, middleware, or an ActiveX control, the automatic download option fails because Microsoft certifies only smart card minidrivers. Therefore, if the user inserts a card for which a custom CSP is not already registered, the user receives an error message that states that the driver software is missing for the smart card device even though the user can use the smart card through additional software that was installed on the user's computer from a custom installation.
We recommend that card issuers, vendors, and manufacturers implement smart card minidrivers and participate in the Windows Logo Program to benefit from the improvements that are introduced in the platform such as Smart Card Plug and Play, Device Stage for Smart Cards, and so on.
If custom software such a PKCS#11 driver, an ActiveX control, or some other middleware is required to enable the use of smart card on Windows, and implementing a smart card minidriver or a custom CSP is not a practical option, we recommend that card issuers, vendors, or manufacturers consider submitting NULL drivers to Windows Update. The typical process for making sure that a NULL driver is available on Windows Update requires a successful unclassified device submission through Winqual. If in the future, there is a minidriver available for these cards, the new driver can be uploaded to Windows Update by participating in the Windows Logo Program. The NULL drivers can then be manually downloaded by the end users or can made available by using optional updates.
This option is recommended only for enterprise deployments where the computers are managed by administrators and all the necessary software to work with the smart cards that are being used in the enterprise is installed by using software management tools such as SMS.
If your deployment uses only non-Plug and Play smart card solutions, Smart Card Plug and Play can be disabled by a local administrator on a client computer. Disabling Smart Card Plug and Play prevents smart card drivers, also known as smart card minidrivers, from downloading. It also prevents Smart Card Plug and Play prompts.
This is the least-recommended option. You should use this option only if the cards are legacy cards and there are no plans to implement smart card minidrivers in future. This option requires that the existing software that is already installed on the system notify Windows that there is a custom CSP installed on the system even though no such CSP exists on the end-user system. As soon as Windows determines that there is a custom CSP already installed on the system, Windows does not try to download and install a driver through Smart Card Plug and Play. No device node for the smart card device is created that is visible in Device Manager. This option results in the following changes to the system registry:
We recommend that, instead of directly changing the system registry, you use WinSCard APIs to introduce these changes to the system. Here is sample code example that detects smart card insertion and then disables Smart Card Plug and Play for the particular card by creating a registry entry that associates the card with a non-existing provider.
In Red Hat Enterprise Linux, we strive to support several popular smart-card types. However, because it is not possible to support every smart card available, this document specifies our targeted cards. In addition it provides information on how to investigate a potential incompatibility between the cards and RHEL.
On the lower level, the operating system communicates with the smart card reader, using the PC/SC protocol, and this communication is performed by the pcsc-lite daemon. The daemon forwards the commands received to the card reader typically over USB, which is handled by low-level CCID driver.
The PC/SC low level communication is rarely seen on the application level. The main method in RHEL for applications to access smart cards, is via a higher level API, the OASIS PKCS #11 API, which abstracts the card communication to specific commands that operate on cryptographic objects (private keys etc). Smart card vendors, often provide a shared module (.so file), which follows the PKCS #11 API, and serves as a driver for the card. That shared module can be imported by applications, and be used to communicate with the card directly. In the open source world, we have projects like OpenSC, which wraps several smart card drivers into a single shared module. For example the OpenSC module as shipped by RHEL8.0, provides support for Yubikey, Nitrokey, and the US-government PIV and CAC cards and many more, on a single module. We highly recommend smart card vendors to provide support for their cards using the OpenSC libraries.
The PKCS#11 URI scheme is used to consistently identify smart cards, tokens and objects on them in the system. They are used by most of the tools in RHEL 8+ and simplify configuration of applications for smart cards. More information about supported applications and uses of the URI can be found in separate blog post.
When working with applications using smart cards, it is often useful to know the URIs of the tokens or the objects stored in the token.The identification URIs of registered PKCS#11 modules can be seen with the following command (this uses p11tool from gnutls-utils component).
RHEL 7 was originally shipped with CoolKey smart cards driver, which was deprecated and is no longer available in RHEL 8 and newer. The current driver OpenSC supports all cards that used to be supported by CoolKey. For more information, see the RHEL7 Smart Cards article.
Gnome in RHEL7 was relying on pam_pkcs11 to provide access to Smart Cards through NSS. In RHEL8+, the desktop login is managed by System Security Services Daemon (SSSD). How to configure system to allow smart cards login of users in IdM is described in RHEL 8 Product documentation, section Configuring Identity Management. 2ff7e9595c
Comments