 Gemalto
.NET cards put state of the art technology to the service of organizations
committed to take their IT Security and Identity & Access infrastructure to
the next level. Two-factor authentication (2FA) solutions help secure your
company's digital assets from end to end. Gemalto .NET comes equipped
with support for 2 different 2FA technologies: One Time Passwords
(OTP) and Digital Certificates (PKI). Choose the one that suits you best, or
combine both at once for different uses.
With Gemalto
.NET technology, you benefit from unparalleled level of integration with Microsoft's
platforms and solutions: Native support
by
all Windows OS from XP
to Seven
and their associated Server versions. .NET cards
are also fully
compatible with Forefront Edge, Microsoft's FIM - ILM CMS,
Active Directory Domain Services and Certificate Services. With Gemalto .NET
implementation, Encryption and Digital Signature
services become easier than ever.
.NET Card References
-
.NET IM (or HM) v2+ PKI:
Minidriver based PKI version (without OTP)
-
.NET IM (or HM) v2+ PKI / OTP: Minidriver
based PKI version with OTP OATH (self or live provisioning)
-
.NET IM (or HM) v2+ Bio:
Minidriver based PKI version with OTP OATH (self or live provisioning)
and Biometrics Match On Card
-
HM option: Hybrid versions: Large choice of contactless card bodies
for Physical Access Control applications
Features and Benefits News
|
August 2010 |
Release of minidriver
assembly v7.1.0.2 that includes minor corrections compared to
V7.1.0.1.. The OTP is now self or live provisioned using SA Server 4.0
(batch provisioning only possible as a customization). The Token ID is
not printed anymore on the card. |
|
July 2010 |
New Application Note
regarding the integration of Gemalto Smart Cards in the Citrix
XenApp v5.0 virtualization application. See Download / Case Study.
Release of the new .NET Integration
Guide: This technical documentation merges and updates 3
previous ones: User's Guide, Integration Guide and APDU Encoding, which
are now obsolete. See Download /
Technical Documents. |
|
June 2010 |
Release of minidriver
v7.1.0.1 and Gemalto Credential Provider for Windows 7.
- Three new rules of the PIN policy
- Multiple PIN roles, each with its PIN policy
- Change PIN at first use
- More details in the Release Notes included in the .NET Solution for
Windows 7 zip file in Download / Libraries.
The Credential Provider is required to manage the multiple PIN
policy and the Change PIN at first use functions. |
|
May 2010 |
Certification of the new
minidriver dll v8.2 listed in the Microsoft
Windows Update site. It is backward compatible with all the .NET
card versions. |
|
April 2010 |
New PKCS#11 libraries version v2.1.3.2:
This version fixes a minor bug (regarding
the No_PIN option). There are three versions delivered as follow
- Windows (32 and 64 bit):
XP Pro up to SP3,
Vista SP1/SP2, Seven, Server 2003, 2008 and 2008 R2.
- UNIX-like OS, such as Linux, Solaris
and MacOS (32 and 64 bit): Delivery in source code format under
standard LGPL license (included in the zip file)
- Mac OS
10.6 Intel (32 and 64 bit):
The package also includes the .NET Tokend
v1.1 libraries. These libraries are
delivered in a compiled format.
These libraries are available from Download / Libraries. |
|
March 2010 |
New PKCS#11 libraries version v2.1.3.1:
The v2.1.3.1 libraries fix two bugs (see
the Release Notes) and are now delivered as follows:
- Windows (32 and 64 bit):
XP Pro up to SP3,
Vista SP1/SP2, Seven, Server 2003, 2008 and 2008 R2. The library is
delivered in a compiled format and is available from Download / Libraries.
- Linux, Mac OS
10.5 and
10.6 Intel (32 and 64 bit),
Solaris v10 SPARC and
Intel: The library is delivered in source code format. Please contact your Gemalto representative. |
|
February 2010 |
New PKCS#11 libraries version v2.1.3:
The new v2.1.3 libraries now support the biometric
authentication on Windows 7 and Server 2008 R2, the No_PIN
type and the following OS:
- Windows (32 and 64 bit):
XP Pro up to SP3,
Vista SP1/SP2, Seven, Server 2003, 2008 and 2008 R2
- Mac OS
10.6
Snow Leopard (32 and 64 bit):
The Tokend
libraries are not supplied in this package (on request).
-
Solaris v10 SPARC and
Intel
The
Linux distributions such
as
Red Hat v5, Ubuntu
v9.05, Debian v5 and Suze v11 are not part of this release. They are
still supported by the v2.1.1 release (see below).
The libraries, their associated User Guides and Release Notes are available from Download / Libraries. |
|
January 2010 |
The Gemalto .NET cards are supported by the SafeNet
ProtectDrive Enterprise encryption solution v9.1.0 |
|
December 2009 |
New
form factor: .NET cards can now be delivered in a WORLD Module
format and can be embedded by 3rd parties in a wider range of hybrid
card bodies.
Release of the .NET SDK v2.2.181:
The main new features are the support of Visual Studio 2008 and 64 bit
platforms.
|
|
November 2009 |
Update of the .NET and .NET Bio cards Minidriver (MD)
dll:
This MD is available from the
Microsoft Update Catalog that lists all the certified MDs. There is
now only one MD for all the Windows OS and all the 32/64 bit platforms.
This MD complies with the Microsoft Base CSP and MD specifications v7
and supports all the existing .NET v2+ cards.
|
Technical
Specifications
|
Last update: October, 2009 |
.NET v2+ |
|
Chip characteristics |
Chip manufacturer |
Infineon |
|
Chip model |
SLE 88CFX4000P |
|
ROM memory |
80 KB |
|
EEPROM memory |
400 KB |
|
RAM memory |
16 KB |
|
CPU |
RISC 32 bit |
|
Internal clock |
66 MHz |
|
External clock |
up to 10 MHz |
|
Voltage range |
1.62 V - 5.5 V |
|
Temperature range |
-25 C to +85 C |
|
Technology |
CMOS 0.13 microns |
|
Memory rewrite |
> 500 K r/w cycles |
|
Data retention |
>1 0 years |
|
Crypto processor |
YES (1408 bit) |
|
Onboard key generation |
Yes |
|
True Random Number
Generator |
Yes |
Card OS
characteristics |
OS type |
.NET |
|
Free EEPROM (approx) |
62 KB |
|
Max # of 1024 certificates |
15 |
|
Max # of 2048 certificates |
15 |
|
Max I/O speed |
223 Kbps,
negotiable PPS |
|
Communication protocols |
ISO 7816 protocol |
T=0 |
|
RMI / Remoting |
.NET Remoting |
|
SConnect |
Yes |
Cryptographic
algorithms
supported |
RSA |
YES (up to 2048 bit) |
|
Ellyptic Curves |
No |
|
DES / TDES |
Yes |
|
AES |
Yes (256) |
|
Hash SHA1 / SHA256 |
Yes |
|
Hash HMAC / MD5 |
Yes |
|
Security certifications |
Common
Criteria |
CC EAL5+ (chip) |
|
FIPS 140-2 |
Level 3 |
|
Standards |
ISO 7816 |
1, 2,3 |
|
Javacard |
No |
|
Others |
ECMA 335 |
|
|
ISO/IEC 23271 |
Supported crypto
architectures |
Microsoft CAPI |
Base CSP v5 to v7 |
|
PKCS#11 for Windows |
Yes |
|
PKCS#11 for Linux |
Yes |
|
PKCS#11 for MacOS |
Yes |
|
One Time Password support |
OATH OTP |
Yes |
|
CAP OTP |
Option |
|
Microsoft Minidriver |
Windows 7, Server 2008 R2 |
Microsoft Update (automatic) |
|
Vista |
v5 In the Box &
Update |
|
Vista SP1, SP2 |
v5 In the Box,
v6 Update |
|
XP up to SP3,
Server 2003 |
v5 Base CSP & Update |
|
Server 2008 |
v5 In the Box |
Performance cryptographic operations
(seconds) |
Key Gen (CSP) |
3.4 |
|
Key Gen (P11) |
6.9 |
|
Import P12 (CSP) |
9.1 |
|
Import P12 (P11) |
7.4 |
|
Cashed WinLogon (CSP) |
1.5 |
|
Crypto (CSP) |
2.3 |
|
Crypto (P11) |
4.5 |
|
Enumeration (CSP) |
4.7 |
|
Enumeration (P11) |
4.2 |
|
Supported certificate / data
formats |
X509 |
Yes (v3) |
|
PKCS12 / PFX |
Yes |
|
PKCS#15 |
No |
|
Available form factors |
Smart Card |
Yes |
Hybrid
Card
(Converged Badge) |
Yes |
|
USB Token |
Yes |
|
USB Token + OTP Display |
Yes |
|
USB Token + Secure Mass Storage |
Yes (SEG) |
|
Supported physical access standards (Converged Badge) |
MIFARE 1K, 4K,
DESFire, Plus |
Yes |
|
HID IClass and/or Prox |
Yes |
|
Legic |
Yes |
|
Others |
Option |
|
Tools |
SDK |
Yes |
|
Pin Mgmt |
Yes (DAS /ILM) |
|
Remote Unblock |
Yes (DAS / ILM) |
|
Admin Key Mgmt |
Yes (DAS / ILM) |
|
Certificate Mgmt |
Yes (ILM) |
Compatibility
Compatibility with third party solutions - Last update:
April, 2010
|
Solution type |
Partner |
Solution |
Smart card support through |
.NET v2+ |
Operating System
log on |
Microsoft |
Windows 7 |
BaseCSP |
Yes |
|
Microsoft |
Windows Server 2008 R2 |
BaseCSP |
Yes |
|
Microsoft |
Windows Vista |
BaseCSP |
Yes |
|
Microsoft |
Windows XP |
BaseCSP |
Yes |
|
Microsoft |
Windows Server 2008 |
BaseCSP |
Yes |
|
Microsoft |
Windows Server 2003 |
BaseCSP |
Yes |
|
Sun |
Unix (Solaris) |
P11 |
Yes |
|
Apple |
Mac OS X |
Token D |
Yes |
|
[Open Source] |
Linux |
P11 |
Yes |
|
RedHat |
Redhat Linux |
P11 |
Yes |
|
Novell |
Suse Linux |
P11 |
Yes |
|
Debian |
Etch |
P11 |
Yes |
|
Ubuntu |
Ubuntu Linux |
P11 |
Yes |
|
Desktop applications |
Microsoft |
Word |
BaseCSP |
Yes |
|
Microsoft |
Excel |
BaseCSP |
Yes |
|
Microsoft |
Powerpoint |
BaseCSP |
Yes |
|
Adobe |
Acrobat |
P11 |
Yes |
|
[Open Source] |
Open Office |
P11 |
Yes |
|
E-Mail clients |
Microsoft |
Outlook |
BaseCSP |
Yes |
|
Microsoft |
Outlook Express |
BaseCSP |
Yes |
|
Microsoft |
Outlook Web Access |
OTP OATH |
Yes |
|
Mozilla |
Thunderbird |
P11 |
Yes |
|
Apple |
Mail App |
Token D |
Yes |
E-mail servers &
E-mail security |
Microsoft |
Exchange |
BaseCSP |
Yes |
|
Web browsers |
Microsoft |
Internet Explorer |
BaseCSP |
Yes |
|
Mozilla |
Firefox Windows |
P11 |
Yes |
|
Mozilla |
Firefox Linux |
P11 |
Yes |
|
Apple |
Safari Apple |
Token D |
Yes |
|
SSO |
Citrix |
Password Mgr |
BaseCSP |
Yes |
|
Evidian |
ESSO |
BaseCSP |
Yes |
|
Passlogix |
v-Go |
BaseCSP |
Yes |
|
Actividentity |
SecureLogin |
BaseCSP |
Yes |
|
Quest |
QSSO |
BaseCSP |
Yes |
|
IBM |
Tivoli Access Manager |
|
Yes |
|
Avencis |
SSOX |
P11 |
Q4'10 |
|
Media encryption & Preboot Authentication |
Utimaco |
SafeGuard Enterprise |
P11 |
Yes |
|
McAfee (Safeboot) |
Endpoint Encryption |
BaseCSP |
Yes |
|
Becrypt |
Disk Protect |
|
Yes |
|
Winmagic |
SecureDoc |
|
Yes |
|
SafeNet |
ProtectDrive |
|
Yes |
|
Microsoft |
Bitlocker |
BaseCSP |
Yes |
|
VPN |
Citrix |
Access Gateway |
BaseCSP |
Yes |
|
Checkpoint |
VPN-1 SecureClient
NGX R60 |
BaseCSP |
Yes |
|
Cisco |
VPN |
BaseCSP |
Yes |
|
Juniper |
Network Connect |
BaseCSP |
Yes |
|
Microsoft |
Direct Access |
BaseCSP |
Yes |
|
Thin Client/ Remote Access |
Citrix |
Presentation Server / XenApp
5.0 |
BaseCSP |
Yes |
|
Sun Microsystems |
Sunray |
|
Yes |
|
Wyse |
WTOS Thin Client |
|
Yes |
|
Microsoft |
Remote Desktop |
BaseCSP |
Yes |
|
Bio Match on Card |
Precise Biometrics |
Biomatch |
BaseCSP |
Yes |
|
Innovatrix |
|
BaseCSP |
Yes |
|
Certificate Authority |
Microsoft |
CA Cert Srv |
BaseCSP |
Yes |
|
Verisign |
UA PKI |
BaseCSP |
Yes |
|
Entrust |
Authority v7.1 |
BaseCSP |
Yes |
|
Keynectics |
|
P11 |
Yes |
Cross platform interop.
MS AD <--> Linux, Mac |
Centrify |
Direct Control v4.2 |
Tokend |
Yes |
|
CMS |
Microsoft |
FIM 2010 |
BaseCSP |
Yes |
|
Intercede |
myID |
P11 |
Yes |
|
Opentrust |
SCM |
P11 |
Yes |
|
Passlogix |
v-GO Credential Mgr |
BaseCSP |
Yes |
|
File encryption |
Microsoft |
EFS |
BaseCSP |
Yes |
|
Prim'X |
ZoneCentral |
P11 |
Q4'10 |
|
Virtual desktop |
VMWare |
View |
BaseCSP |
Yes |
.NET card based tokens links
Other links
Exclusive information for Gemalto Enterprise Partners
Additional information about this product is available exclusively to
Gemalto Enterprise Partners. Click here
to access it through the Enterprise Partner Portal.
|
|
