90meter software complies with all applicable standards, including:FIPS 201-1, GSC IS 201, US DoD CAC Middleware Requirements v.3.0, GSA BasicServices Interface (BSI), GlobalPlatform, PKCS 7-12, 1024 and 2048-bit RSA, andSection 508.
90 Meter Smart Card Manager Software Download
Getting what you need when you need it. 90meter supports a highly client-centric development style. 90meter products are continually refined in response to direct client feedback. 90meter software is made with pride in the USA.
With shrinking budgets and growing management costs, software needs to be less expensive and simpler to manage over the long haul. 90meters minidriver middleware takes into account that the majority of users have simple identification, authentication and authorization needs utilizing smart cards or tokens.
Forward deployed and remote employees face speed issues when authenticating, signing or encrypting communication. With this in mind 90meter built software that is fast and secure without all the confusion.
In Red Hat Enterprise Linux, we strive to support several popular smart-card types. However, because it is not possible to support every smart card available, this document specifies our targeted cards. In addition it provides information on how to investigate a potential incompatibility between the cards and RHEL.
On the lower level, the operating system communicates with the smart card reader, using the PC/SC protocol, and this communication is performed by the pcsc-lite daemon. The daemon forwards the commands received to the card reader typically over USB, which is handled by low-level CCID driver.
The PC/SC low level communication is rarely seen on the application level. The main method in RHEL for applications to access smart cards, is via a higher level API, the OASIS PKCS #11 API, which abstracts the card communication to specific commands that operate on cryptographic objects (private keys etc). Smart card vendors, often provide a shared module (.so file), which follows the PKCS #11 API, and serves as a driver for the card. That shared module can be imported by applications, and be used to communicate with the card directly. In the open source world, we have projects like OpenSC, which wraps several smart card drivers into a single shared module. For example the OpenSC module as shipped by RHEL8.0, provides support for Yubikey, Nitrokey, and the US-government PIV and CAC cards and many more, on a single module. We highly recommend smart card vendors to provide support for their cards using the OpenSC libraries.
The PKCS#11 URI scheme is used to consistently identify smart cards, tokens and objects on them in the system. They are used by most of the tools in RHEL 8+ and simplify configuration of applications for smart cards. More information about supported applications and uses of the URI can be found in separate blog post.
When working with applications using smart cards, it is often useful to know the URIs of the tokens or the objects stored in the token.The identification URIs of registered PKCS#11 modules can be seen with the following command (this uses p11tool from gnutls-utils component).
RHEL 7 was originally shipped with CoolKey smart cards driver, which was deprecated and is no longer available in RHEL 8 and newer. The current driver OpenSC supports all cards that used to be supported by CoolKey. For more information, see the RHEL7 Smart Cards article.
Gnome in RHEL7 was relying on pam_pkcs11 to provide access to Smart Cards through NSS. In RHEL8+, the desktop login is managed by System Security Services Daemon (SSSD). How to configure system to allow smart cards login of users in IdM is described in RHEL 8 Product documentation, section Configuring Identity Management.
OpenSSH in RHEL8 and newer supports PKCS #11 URIs as part of Consistent PKCS #11 support in RHEL8. In the past, configurations had to provide full path to the PKCS #11 shared object. This is no longer needed and minimal example to use private keys from smart cards with ssh requires the use of pkcs11: uri scheme:
RHEL 8+ is using system-wide registry of PKCS #11 modules for unifying access to cryptographic hardware. By default, only OpenSC PKCS #11 module is registered. If your smart card is not supported by OpenSC, but you have different PKCS #11 module, just create a new file under /usr/share/p11-kit/modules/ with the following syntax:
Note, that the file_cache_dir needs to be accessible by the applications using smart cards, generally sssd's privileged process or any other application using pkcs11 module (Firefox, openssh, ...), depending on the use case. The directory should not be world-writable to prevent malicious users to tamper with this cache.This was successfully tested with PIV cards, but should give performance improvement also for other card types.
While in theory the automatic loading for thunderbird and firefox is nice, in our case we don't use our YK smart cards with either of them and yet TB and Firefox keep asking for the PIN/passphrase at certain times. How can I prevent this?
ACS smart cards are available for custom branding and promotional purposes. We welcome OEM enquiries for design printing and personalization at a reasonable cost. Furthermore, customers can buy white ACS cards, which they can design by their own.
The ACS Android Library was built to support the use of various ACS readers with Android devices. The ACS Android Library is a collection of methods and functions allowing application developers to build smartcard based application in the Android platform.
Find web applications that enable users to experience the functionalities of ACS smart cards and smart card readers. These demo applications are offered free of charge. Applications require that a user have the smart card or smart card reader being demonstrated.
Find programs to help navigate or maximize the use of supported smart cards and smart card readers. These utility tools are offered free of charge. Tools can be used only with the supported operating systems, indicated respectively.
90meter software complies with applicable standards, including: FIPS 201-1, US DoD CAC Middleware Requirements, GlobalPlatform, PKCS 7-12, 2048-bit RSA, and Section 508. The PIV Minidriver, is Federal Information Processing Standard (FIPS) 201 certified middleware, meeting Personal Identity Verification (PIV) I & II standards and meets SP 800-73 for technical specifications to interface with the smart card to retrieve and use identity credentials.
The Software Development Kit provides codes samples and documentation to software developers for developing Microsoft Windows applications that work with SD, CD, CE, CL900, CR, Sigma series card printers. It also supports CLM and TIM modules. Samples are provided as source code and compiled binaries for Visual C++, Visual C#, Visual Basic, and Java. Developers who need application control of printing preferences, application control of card movement, or require data from the card must use the SDK.
Offering a series of feature-rich editions and an enhanced web-based user experience, the Entrust Adaptive Issuance Instant ID Software leverages core technologies to meet a wide range of application requirements and credential types. Please take a moment to fill out the form below. Once completed, you will be able to download an evaluation copy of Entrust Adaptive Issuance Instant ID Software for yourself and see why this innovative identification software is essential for your identification program.
This is the smartcard driver for the new SCM SCR331-DI Smart Card reader. The previous version of the smartcard driver for the old SCM SCR331-DI Smart Card reader cannot co-exist with the new version. The old version must be deleted before the new version can be installed. Refer to the smartcard manual for installation instructions to install the smartcard driver.
Equally as important as lowering endpoint costs to federal agencies is security. The IGEL OS, enabled by its UDC3 and UMS software, delivers advanced endpoint security capabilities for the reliable and resilient end user computing demanded by the federal market. Offering embedded security, the IGEL OS is virtually impossible to manipulate and extremely resistant to viruses and other malware. This embedded security includes automatic support for critical technologies such as two-factor authentication and smart card readers.
Among the smart card reader support offered is integration with PIV Minidriver and CAC Smart Card Manager-90 from 90meter. Designed to enable two factor authentication, maximize security and deliver performance for secure end user computing. The 90meter smartcard manager (SCM) software is designed for fast, secure digital identity assurance. 90meter SCM software complies with all applicable standards, including, PIV, FIPS 201, GSCIS, US DoD CAC Middleware Requirements GlobalPlatform, PKCS 7-12, 2048-bit RSA, and Section 508.
This reference provides the requirements to support pre-session smart card authentication when connecting to VMware Horizon (View) know to work with the latest firmware. It also lists Supported Smart Cards and USB Smart Card Readers for Tera2 PCoIP Zero Clients Connected to PCoIP Connection Managers
PCoIP Zero Clients support pre-session smart card authentication when connecting to VMware View virtual desktops that meet the system configuration requirements listed below. For deployments that meet these requirements, PCoIP Zero Clients can also read and process smart card information and allows SSO (single sign-on) authentication of the user prior to session establishment.
When used with VMware View 4.5 or higher with smart card authentication enabled, the firmware securely transfers the attached smart card properties to the View Connection Server for authentication and SSO of a user prior to a session. The Zero Client can only support comparing 75 distinguished names retrieved from a VCS certificate request.
Lexmark partners with 90Meter to leverage the benefits of smart card security. By embedding the solution directly into the Lexmark device, users experience the same level of security at the printer or MFP as at their own workstation. This partnership ensures ongoing compatibility with SIPR tokens and fulfills the latest government security mandates including FIPS 140-2 and FIPS 201. 2ff7e9595c
Komentarze