No middleware to install, several Authentication Factors, several form factors
Gemalto .NET cards put state of the art technology to the service of organizations committed to take their IT Security and Identity & Access infrastructure to the next level. Two-factor authentication (2FA) solutions help secure your company's digital assets from end to end. Gemalto .NET comes equipped with support for 2 different 2FA technologies: One Time Passwords (OTP) and Digital Certificates (PKI). Choose the one that suits you best, or combine both at once for different uses.
With Gemalto .NET technology, you benefit from unparalleled level of integration with Microsoft's platforms and solutions: Native support by all Windows OS from XP to 8 and their associated Server versions. .NET cards are also fully compatible with Forefront Edge, Microsoft's FIM - ILM CMS, Active Directory Domain Services and Certificate Services. With Gemalto .NET implementation, Encryption and Digital Signature services become easier than ever.
Features
- Unparalleled Integration with Microsoft Identity and Access Ecosystem: See the Base CSP / CAPI links.
- Support for Certificate Based and One Time Password based strong authentication
- Compliance with the Microsoft Minidriver specifications version 7
- Support for Windows, Linux & Mac Operating Systems
- Wide range of .NET based devices and form factors
- 1st ever .NET Framework implementation for smart cards
- Strong Smart card Security
- Smart Card integration with Web Services
- DAS - Device Administration Solution for Small and Medium Enterprise
- Large enterprise device administration through Microsoft's ForeFront Identity Manager (ex Identity Lifecycle Manager)
Specifications
| Characteristics | ||
|---|---|---|
| Smart card chip | Chip manufacturer | Infineon |
| Chip reference | SLE 88CFX4000P | |
| ROM memory | 80 KB | |
| EEPROM memory | 400 KB | |
| RAM memory | 16 KB | |
| CPU | RISC 32 bit | |
| Internal clock | 66 MHz | |
| External clock | up to 10 MHz | |
| Voltage range | 1.62 V - 5.5 V | |
| Temperature range | -25 C to +85 C | |
| Technology | CMOS 0.13 microns | |
| Memory rewrite | > 500 K r/w cycles | |
| Data retention | >10 years | |
| Crypto processor | Yes (1408 bit) | |
| Onboard key generation | Yes | |
| True Random Number Generator | Yes | |
| Smart card OS | OS type | Gemalto .NET |
| Free EEPROM (approx) | 54 KB | |
| Max. number of certificates and key pairs (up to 2048 bit) | 15 containers | |
| Max I/O speed | 223 Kbps, negotiable PPS |
|
| Communication protocols | ISO 7816 protocol | T=0 |
| RMI / Remoting | .NET Remoting | |
| SConnect | Yes | |
| Cryptographic algorithms |
RSA | Yes (512 to 2048 bit) |
| Elliptic Curves | No | |
| DES / TDES | Yes | |
| AES | Yes (256) | |
| Hash SHA1 / SHA256 | Yes | |
| Hash HMAC / MD5 | Yes | |
| Security certifications | Common Criteria | EAL5+ (chip) |
| FIPS 140-2 | Level 3 | |
| Standards | ISO 7816 | 1, 2,3 |
| Javacard | No | |
| Others | ECMA 335 | |
| ISO/IEC 23271 | ||
| Supported crypto. architectures |
Microsoft CAPI | Base CSP v5 to v7 |
| PKCS#11 for Windows | Yes | |
| PKCS#11 for Linux | Yes | |
| PKCS#11 for MacOS | Yes | |
| One Time Password | OATH OTP | Yes |
| OTP provisioning | Self or Live using SA Server v4 + (batch prov. in option) |
|
| CAP OTP | Option | |
| Microsoft Minidriver | Windows 7, Server 2008 R2 | Microsoft Update (automatic download) |
| Vista, Server 2008 | v5 In the Box & Update | |
| XP up to SP3, Server 2003 | v5 Base CSP & Update | |
| Performance of crypto. operations | Key Gen (CSP) | 3.4 s |
| Key Gen (P11) | 6.9 s | |
| Import P12 (CSP) | 9.1 s | |
| Import P12 (P11) | 7.4 s | |
| Cached WinLogon (CSP) | 1.5 s | |
| Crypto (CSP) | 2.3 s | |
| Crypto (P11) | 4.5 s | |
| Enumeration (CSP) | 4.7 s | |
| Enumeration (P11) | 4.2 s | |
| Supported certificate / data formats | X509 v3 | Yes |
| PKCS#12 / PFX | Yes | |
| PKCS#15 | No | |
| Form factors | Smart Card | Standard (ID1) & SIM (ID000) format |
| Hybrid Card (contact + contactless) |
Yes | |
| USB Token | Yes | |
| USB Token with OTP display | Yes | |
| USB Token with secure mass storage | Yes | |
| Contactless technologies | MIFARE 1K, 4K, DESFire, Plus | Yes |
| HID IClass and/or Prox | Yes | |
| Legic | Yes | |
| Others | See the complete list | |
| Tools | SDK | Yes |
| DAS, vSEC:CMS, Minidriver Manager Tool | Change & unblock PIN, Admin Key & certificates Mgmt | |
Compatibility
| Solution type | Partner | Solution | Smart card support | Compliance |
|---|---|---|---|---|
| Operating System log on |
Microsoft | Windows 7 & Server 2008 R2 | BaseCSP | Yes |
| Microsoft | Windows Vista & Server 2008 | BaseCSP | Yes | |
| Microsoft | Windows XP & Server 2003 | BaseCSP | Yes | |
| Sun | Unix (Solaris) | P11 | Yes | |
| Apple | Mac OS X | Token D, P11 | Yes | |
| [Open Source] | Linux, Unix | P11 | Yes | |
| [Open Source] | EIDAuthenticate | BaseCSP | Yes | |
| Other OS | Other OS | Marshaller API See Download / Libraries |
Yes | |
| Desktop applications | Microsoft | Word | BaseCSP | Yes |
| Microsoft | Excel | BaseCSP | Yes | |
| Microsoft | Powerpoint | BaseCSP | Yes | |
| Adobe | Acrobat | P11 | Yes | |
| [Open Source] | Open Office | P11 | Yes | |
| E-Mail clients | Microsoft | Outlook | BaseCSP | Yes |
| Microsoft | Outlook Express | BaseCSP | Yes | |
| Microsoft | Outlook Web Access | OTP OATH | Yes | |
| Mozilla | Thunderbird | P11 | Yes | |
| Apple | Mail App | Token D | Yes | |
| E-mail servers & E-mail security |
Microsoft | Exchange | BaseCSP | Yes |
| Web browsers | Microsoft | Internet Explorer | BaseCSP | Yes |
| Mozilla | Firefox Windows | P11 | Yes | |
| Mozilla | Firefox Linux | P11 | Yes | |
| Apple | Safari Apple | Token D | Yes | |
| SSO | Citrix | Password Mgr | BaseCSP | Yes |
| Evidian | ESSO | BaseCSP | Yes | |
| Passlogix | v-Go | BaseCSP | Yes | |
| Actividentity | SecureLogin | BaseCSP | Yes | |
| Quest | QSSO | BaseCSP | Yes | |
| IBM | Tivoli Access Manager | Base CSP & P11 | Yes | |
| Avencis | SSOX | P11 | Yes | |
| Idactis | Idactis Security | Base CSP & P11 | Yes | |
|
Media encryption |
Sophos - Utimaco |
SafeGuard Enterprise / LAN / PrivateDisk | BaseCSP / P11 | Yes |
| McAfee (Safeboot) | Endpoint Encryption | BaseCSP | Yes | |
| Winmagic | SecureDoc | P11 | Yes | |
| SafeNet | ProtectDrive | Yes | ||
| Microsoft | Bitlocker | BaseCSP | Yes | |
| VPN | Citrix | Access Gateway | BaseCSP | Yes |
| Checkpoint | Endpoint Security R5 | BaseCSP | Yes | |
| Cisco | VPN | BaseCSP | Yes | |
| Juniper | Network Connect | BaseCSP | Yes | |
| Microsoft | Direct Access / ISA Server 2006 |
BaseCSP | Yes | |
| Thin Client/ Remote Access | Citrix | XenDesktop 4 / XenApp 5.0 |
BaseCSP | Yes |
| Wyse | WTOS Thin Client | Yes | ||
| Microsoft | Remote Desktop | BaseCSP | Yes | |
| Pragma Systems | Secure SHell (SSH) | Yes | ||
| Bio Match on Card | Precise Biometrics | Biomatch | BaseCSP | Yes |
| Innovatrix | BaseCSP | Yes | ||
| Certificate Authority | Microsoft | CA Cert Srv | BaseCSP | Yes |
| Verisign | UA PKI | BaseCSP | Yes | |
| Entrust | Authority v7.1 | BaseCSP | Yes | |
| Keynectics | P11 | Yes | ||
| Cross platform interop. MS AD <--> Linux, Mac |
Centrify | Direct Control v4.2 | Tokend | Yes |
| CMS | Microsoft | FIM 2010 | BaseCSP | Yes |
| Intercede | myID | P11 | Yes | |
| Opentrust | SCM v4.4.3 | P11 | Yes | |
| Passlogix | v-GO Credential Mgr | BaseCSP | Yes | |
| Gemalto | DAS | BaseCSP | Yes | |
| Gemalto | vSEC:CMS Operator Token |
Yes | ||
| Gemalto | vSEC:CMS U series | Yes | ||
| [Open Source] | scUtil | BaseCSP | Yes | |
| File encryption | Microsoft | EFS | BaseCSP | Yes |
| Prim'X | ZoneCentral | Base CSP & P11 | Yes | |
| PKI Client | SecMaker | net.id | Yes | |
| Virtual desktop | VMWare | View | BaseCSP | Yes |