.NET Bio   In Production
 
Biometric Match on Card Solution on Windows XP, Vista and Seven, based on Protiva .NET smart cards  
 

Gemalto .NET Bio Solution is an innovative software solution that provides fingerprint biometric support for Gemalto .NET smart cards integrated with Microsoft Windows XP and Windows 7.

Gemalto .NET Bio Solution enables fingerprint Match-on-Card user authentication as an alternative or complement to smart card PIN verification. This in turn gives access to the digital certificates on the card, that can then be used for logon, digital signature, file encryption, secure VPN access among other services. This solution provides a secure two or three factor authentication system that is convenient for users, easy to deploy and manage, and fully compatible with the smart card security components available in Windows Operating Systems. It is also compatible, with the vast majority of fingerprint sensors available in the market.

Features and Benefits
Features:
  • Fingerprint storage and fingerprint verification performed on-card
  • 4 different modes modes for card authentication: PIN only, Fingerprint Only, PIN or Fingerprint, PIN and Fingerprint
  • Storage for up to 10 fingerprint templates
  • Compatible with standard fingerprint sensors representing 90 % of the market
  • Integrated with Microsoft Operating Systems, Microsoft applications and 3rd party applications that support Microsoft's Windows Smart Card Framework (and Windows Biometric Framework for the Windows 7 version)
  • User experience consistent with Microsoft OS
  • Compliant with the Microsoft Minidriver specifications version 7

 

Benefits:

  • Security: Optional Three-Factor Authentication: Token, PIN and Fingerprint
  • Security: Biometric credentials securely stored on smart card. Not susceptible to service outages and Man-in-the-middle attacks
  • Convenience: Roaming --> User can use fingerprints and certificates stored on the card to authenticate on any computer
  • Convenience: Fingerprints used instead of the smart card PIN – Easier to use, no forgotten PIN issues --> Better user acceptance and adoption
  • Privacy: Match performed on the card: Biometric credentials never leave the card
  • Non repudiation: User cannot deny having operate the application or the transaction
  • Compliancy: Certain countries have regulations preventing storage of biometric data in central repositories.
  • Technology: Maturity, accuracy and performance
  • Cost-savings: Eliminating expensive and complex password administration.
News
February 2012 The .NET Utilities web-based tool is back online. It works with any .NET card with a default Admin Key.
December 2011 New version of the Gemalto vSEC:CMS T Series Card Management System (CMS) that manages the biometric properties of the .NET Bio card. More details.....
November 2011 New video about the .NET Bio Solution for Windows 7 benefits and use-cases
See Download / Product Demonstration
June 2011 Release of the PKCS#11 libraries v2.2.0.8 and v2.2.0.9 for Windows:
- New functions: Performance improvement, multi slot management, SetCardProperty command. More details in the Release Notes included in the zip package.
- V2.2.0.9 is the latest version. V2.2.0.8 is the version validated with the Opentrust SCM v4.4.3 Card Management System.
- The libraries zip package and the User's Guides are available from Download / Libraries.
April 2011  The .NET Bio cards for Windows XP and Vista are pre-obsolete. They will be replaced by the .NET Bio card for Windows 7 in Q3 2011. So the same .NET Bio card will work on all the Windows OS from XP to Seven. A new middleware will be released on XP and Vista to support this card.
December 2010 New version of the .NET Bio Solution for Windows 7 Admin. Guide: See Download / Technical Document
November 2010 First .NET IM v2+ SIM-Punched cards and .NET IM v2+ Bio for Windows 7 available in the webstore with the latest v7.1.0.2 minidriver assembly
Certification by Microsoft of the minidriver dll v8.2.1: See the Microsoft Update site
October 2010 New page for our Partners: List of the .NET and .NET Bio cards available in the Partners webstore.
August 2010 Release of  minidriver assembly v7.1.0.2 that includes minor corrections compared to V7.1.0.1.. The OTP is now self or live provisioned using SA Server 4.0 (batch provisioning only possible as a customization). The Token ID is not printed anymore on the card.
July 2010 Release of .NET Bio Solution for Windows 7 v2.0.1: Different bit value in PC registry
Up date of the Administrator Guide of the .NET Bio Solutions for Windows XP, Vista and Seven. Addition of the Release Notes in the zip installation packages. See Download / Libraries.

Technical Specifications
  Characteristics
Difference with the standard .NET v2+ card Card components Gemalto .NET OS + Minidriver, OTP and Biometric assemblies
Free EEPROM (approx) 55 KB without OTP (recommended)
39 KB with OTP
Number of certificates and key pairs (2048 bit) 10 without OTP (recommended))
5 with OTP


System requirements:

• Windows XP and Windows 7
• PC/SC smart card reader
On Windows XP and Vista, the following biometric sensors are supported:
        - UPEK sensors: TCS1, TCS2, TCS3, TCS4
        - AuthenTec sensors: AES2501, AES2550, AES2801
        - Broadcom CVU with swipe sensors
On Windows 7, the following swipe biometric sensors have been validated:
         - UPEK Eikon reader and TCS4 sensors
         - AuthenTec sensors AES2550
         - Zvetco P2500 reader including a smart card reader
         - Validity sensors embedded in HP laptops (but with compatibility issue with fingerprints of other sensors)
• Gemalto .NET  Bio v2+ smart card

Disclaimer:
Please note that not all implementations of above mentioned sensors are reference implementations. We are utilizing the latest dll:s from UPEK and AuthenTec and for the solution to recognize the sensors, it’s important that the latest drivers are installed. Additional sensor support is added continuously and is also available upon request.
For all UPEK sensors we are utilizing BSAPI.dll version 3.5.
For AuthenTec sensors we are utilizing the runtime AT8.4min and the drivers included in this.
Broadcom CVU is not a reference implementation of the sensors. We are compatible with CVUsr1fc with the latest drivers.

Compatibility
 

The following applications have been successfully tested. All the other applications that use the Windows Base CSP architecture should work properly as well.

SOLUTION TYPE PARTNER SOLUTION
Operating System logon Microsoft Windows 7
Microsoft Windows XP
Desktop applications Microsoft Word
Microsoft Excel
Microsoft PowerPoint
E-Mail clients Microsoft Outlook
Web browsers Microsoft Internet Explorer
Google Chrome
CMS
Gemalto vSEC:CMS T Series
File / Volumes encryption Microsoft EFS
Microsoft Bit Locker,
Bit Locker To Go
VPN Microsoft UAG,
Direct Access
Certification Authority Microsoft CA Cert Srv
 
Next Steps

Useful links

Exclusive information for Gemalto Enterprise Partners