Classic Client   In Production
 
The smart way to protect your network  
 

Classic Client is a smart card-based crypto-library product that brings portability and the highest level of security to enterprise networks. It is an easily integrated system that delivers all key functionalities required for a safe corporate infrastructure:  

  • Secure smart card authentication when accessing desktop, network and web applications
  • Smart card enabled digital signing and encryption of e-mail exchanges
  • Smart card enabled digital documents signing

 

Features and Benefits

Classic Client allows organizations to escalate productivity, increase profitability, and secure the corporate information flow between employees, partners, customers, and suppliers.

Highest level of Security

Classic Client offers the highest level of security, using public-key cryptography to store the digital identity on a smart card instead of a PC where it is vulnerable to hackers. PIN (Personal Identification Number) codes ensure proper identification while the microprocessor on the card transparently carries out user authentication. The solution integrates seamlessly with the latest standards for secure web access (SSLv3, TLSv1) and e-mail (S/MIME).

Portability

With Classic Client, users can store their identity and confidential information on a smart card, enabling complete portability. Traveling with your electronic identity in your pocket, network services can now be accessed simply and securely from any Classic Client-equipped PC in the world.

Ease-of-use

Thanks to Classic Client deployment, administration and use of smart cards is now simplified: IT department can enforce a specific PIN policy and limit card usage functions, helpdesk can help user to unblock the card, software certificates can be imported on the card, and user can be forced to change PIN code at first use.

Ready to integrate

Classic Client Integrator Kit provides software components, sample source code and documentation to help developers within the integration of the Classic Edition solution (on demand)

News

- April 2010

  • Classic Client v6.0 for MAC OS X 10.6 Snow Leopard is now available.

    • This version now support MAC OS X 10.6 and the IAS ECC card

     

    - December 2009

    • Classic Client v6.0 for Windows is now available.

      • This version now support Windows 7 and the IAS ECC card

       

      - October 2009

     

  • Patch2 for Classic Client v5.2 for Windows is now available.

    • This patch fixes several customers issues

    - July 2009

    • Patch1 for Classic Client v5.2 for Windows is now available.

      • This patch includes the driver 4.0.7.5 for Gemalto’s PC Pinpad readers and fixes several minor issues

        - May 2009

        • Classic Client v5.2 for Windows is now available in Gold Release.

          • This version supports all the classic TPC and MDE card and integrates the following features :

            - Support of Windows Server 2008

            - Improvment of the user experience using Gemalto PinPad

            - Support of Sha-256 mechanism and of the Global Pin functionality (applet V3 only)

            - Bug fixes

            - Documentation update- February 2009 : 

            • Classic Client v5.1.8 for Mac OS 10.5 (applet v2 or v3) is available in Gold Release.

            This version supports Classic TPC cards with Classic applet V2 or V3 and includes the TokenD interface. It does not provide the classic client toolbox, only a PIN management tool.

            • Classic Client v5.1.9 for Mac OS 10.5 (applet v1) is available in Release Candidate.

            This version supports Classic TPC cards with Classic applet V1. The scope of this release is similar than for the V2orV3 version.

            • Classic Client v5.1.8 for Linux (applet v1, v2 or v3) is available in Gold Release.

            This version supports Classic TPC cards with Classic applet V1, V2 or V3.

            It supports 2 Linux Distributions : Redhat W5 and Debian Etch.

            It integrates several bug fixes by synchronisation with the latest code baseline

             
 

Technical Specifications

Software
  • RSA Public Key Cryptography
  • SSLv3 client authentication for secure web access
  • S/MIME digital signature and 40-bit encryption for secure e-mail
  • CryptoAPI-enabled for use with Microsoft applications (Internet Explorer ,Microsoft Outlook Express ...)
  • PKCS #11 (v2.01) -enabled for use with other applications (Firefox, Netscape ...)
  • Onboard key generation
  • External loading of keys and certificates
  • User Setup management: create specific user setup packages for deployment
  • Certificate management: certificate automatic registration, view, import, export and delete
  • PIN Management: PIN policy, change PIN at first use, change and unblock PIN tools
Operating Systems
  • Windows 2000 SP4,
  • Windows XP SP2 & SP3 32 & 64 bits
  • Windows Vista SP1 32 & 64 bits,
  • Windows Server 2003 R2 SP2 32 & 64 bits
  • Windows Server 2008 32 & 64 bits
  • Linux Red Hat v5 32 bits (for Classic TPC cards),
  • Debian Etch 32 bits (for Classic TPC cards),
  • Mac OS 10.5 (for Classic TPC cards).
Smart Cards
  • Manufactured to ISO 7816-1, -2, -3, and -4 specifications
  • Onboard RSA up to 2048-bit signature and key unwrapping
  • X.509v3 certificate storage
  • 16/32/64KB EEPROM
  • Supported Gemalto Smart Cards and Tokens: Classic TPC (with Classic v1 ,  v2 or v3 applet installed and pre-personalized) and Classic MDE.
Card Readers
  • Support any smart card readers compliant with PC/SC and certified by the Microsoft WHQL
  • Support the Gemalto PC Pinpad secure reader
Compatibility

Overview of the compatibility with third party systems.

 

The following table lists the products that have been tested during the validation campaign of Classic Client v5.2. Other third party products relying on PKCS#11 and MS-CAPI interfaces should be able to access the Gemalto cards through Classic Client; however Gemalto doesn’t guarantee that it will work without problem.

Category Product Name Versions Use Cases API
Web Browsers Internet Explorer v7, v8 Strong authentication with SSL MS-CAPI
Mozilla Firefox v3 Strong authentication with SSL, PIN change, PKCS#12 file key injection PKCS#11
Safari v3 Strong authentication with SSL PKCS#11
Iceweasel v3 Strong authentication with SSL, PIN change, PKCS#12 file key injection PKCS#11
Emails Microsoft Outlook 2003 SP1 & 2007 Email signature & Encryption MS-CAPI
Mozilla Thunderbird v2.0 Email signature & Encryption PKCS#11
Mac Mail v3.5 Email signature & Encryption PKCS#11
Icedove v2.0 Email signature & Encryption PKCS#11
Certification Authorities Microsoft Windows CA 2003 & 2008 Certificate enrolment and renewal MS-CAPI
Entrust Authority (not certified) v7.1 Certificate enrolment and renewal MS-CAPI
Card Management Systems Microsoft ILM 2007 Certificate issuance & management MS-CAPI / PKCS#11
Opentrust SCM v4.1 Certificate issuance & management PKCS#11
Intecede MyID v8 SP1 Certificate issuance & management MS-CAPI / PKCS#11
Thin client and remote access Microsoft Terminal Services Server 2003 & Server 2008 Smart card logon MS-CAPI
Citrix Presentation Server v4.5 on Server 2003 Smart card logon MS-CAPI
Citrix Xenapp Server v5.0 on Server 2008 Smart card logon MS-CAPI
Office tools Microsoft Office 2003 SP1 & 2007 Documents Signature & Encryption MS-CAPI
Adobe Acrobat v9 Document Signature & Encryption PKCS#11
Gemalto eSigner 3.0.6 Document Signature PKCS#11
OpenOffice Writer 3.0 Document Signature PKCS#11
OpenOffice Calc 3.0 Document Signature PKCS#11
NeoOffice Writter 2.2.5 Document Signature PKCS#11
NeoOffice Calc 2.2.5 Document Signature PKCS#11
Adobe Acrobat Reader v8 & v9 Document Signature PKCS#11
Disk encryption Safeguard Enterprise 5.35.3 (Applet V1 only) Preboot Authentication & Disk encryption PKCS#11
McAfee Endpoint Encryption build 5600 Preboot Authentication & Disk encryption PKCS#11
WinMagic SecureDoc 4.8 Preboot Authentication & Disk encryption PKCS#11

 

Next Steps