.NET Card   In Production
 
No middleware to install, several Authentication Factors, several form factors  
 
Gemalto .NET cards put state of the art technology to the service of organizations committed to take their IT Security and Identity & Access infrastructure to the next level. Two-factor authentication (2FA) solutions help secure your company's digital assets from end to end.  Gemalto .NET comes equipped with support  for 2 different 2FA technologies: One Time Passwords (OTP) and Digital Certificates (PKI). Choose the one that suits you best, or combine both at once for different uses.

With Gemalto .NET technology, you benefit from unparalleled level of integration with Microsoft's platforms and solutions: Native support  by all Windows OS from XP to Seven and their associated Server versions. .NET cards are also fully compatible with Forefront Edge, Microsoft's  FIM - ILM CMS, Active Directory Domain Services and Certificate Services. With Gemalto .NET implementation, Encryption and Digital Signature services become easier than ever.

.NET Card Product Range

     

.NET IM v2+

   .NET IM v2+ Bio  

.NET HM v2+ (Bio)

  .NET Display Card

PKI Minidriver based and OTP-OATH authentication (self or live provisioning)

 

   PKI Minidriver based with OTP  (self or live provisioning) and Biometrics Match On Card authentication  

Large choice of contactless card bodies for Physical Access Control applications

   A unique device that combines a .NET card and an OTP Display Card

.NET Card Based Tokens

Smart Enterprise Guardian (SEG)

 USB Shell Token V2

.NET Dual Token

Smart Guardian
(SG)
Features and Benefits
News
February 2012 The .NET Utilities web-based tool is back online. It works with any .NET card with a default Admin Key.
January 2012 New compatibility:
- Oracle-Sun Sun Ray virtualization solution
- Arkoon-Skyrecon Security Box data protection solution.
November 2011 Release of the PKCS#11 libraries v2.2.0.10 for  MacOS 10.5 (Leopard):
- Compilation process improvement. Same features as the version 2.2.0.9
- Source code format delivered under LGPL license (attached in the zip package)
- Tokend libraries are not supported
- To get these libraries, please contact your Gemalto Technical Consultant.
October 2011 New version of the .NET v2+ SIM-punched cards (MD v7.2) now available in Webstore
Update of the .NET Integration Guide and PKCS#11 Library for Windows User Guide: See Download / Technical Document
 New brochure of the Protiva SA Display Card and .NET Display Card: See Download / Sales Brochure
New compatibility: Teradici PCoIP zero clients v3.4.1
September 2011 New compatibility
- Google Chrome Internet browser based on Base CSP and PKCS#11 crypto layers
- Intercede MyID v8 SP2 in native Base CSP mode
New version of the .NET v2+ cards available in production:
- New Minidriver v7.2.0.0, new OS V2.1.3.3
 - Minor improvements and new functions: SKI, serialization, reset card, etc.
August 2011 The .NET SDK v2.2 software is now available free of charge from Download / Development, as well as two training webcasts
- The SDK is removed from the webstore. The .NET card samples and the readers can be purchased separately.
- The associated .NET Integration Guide is available on Download / Technical document
- A v2.3 beta version compliant with Visual  Studio 2010 is available on request to the PM
New compatibility
- Becrypt Full Disk Encryption solutions: Disk Protect, Enterprise Manager and Trusted Client.
July 2011 Microsoft certification and release of the minidriver dll v8.3.1.3:
- Performance improvements and minor optimizations
 - Available from the Microsoft Update site
- Can be installed automatically using the installation software available from Download / Libraries
Release of the PKCS#11 libraries v2.2.0.9 for UNIX-like (Linux) and MacOS:
- Same features as the Windows version released last month
- Linux source code format delivered under LGPL license (attached in the zip package)
- To get these libraries, please contact your Gemalto Technical Consultant.
.NET Display Card product launch: Please refer to:
- the specific pages of the .NET Display Card and the OTP Display Card
June 2011 Three new videos about the use of .NET cards with Microsoft Outlook, Excel, Word, PowerPoint and FIM. See Download / Solution Sheet.
Release of the PKCS#11 libraries v2.2.0.8 and v2.2.0.9 for Windows:
- New functions: Performance improvement, multi slot management, SetCardProperty command. More details in the Release Notes included in the zip package.
- V2.2.0.9 is the latest version. V2.2.0.8 is the version validated with the Opentrust SCM v4.4.3 Card Management System.
- The libraries zip package is available from Download / Libraries.
May 2011 The .NET Utilities web-based tool is removed and replaced by t the standalone Minidriver Manager tool. See Download / Development.
New version v8.3.0.0 of the .NET minidriver dll certified:
 - Improvements of the interface with some specific card readers
 - Can be downloaded from the Microsoft Udate site
- Compatible with all the .NET card versions and Windows OS from XP to Seven
April 2011 New version of the .NET Integration Guide: See Download / Technical Document
New compatibility: Idactis Security SSO solution
Release of the PKCS#11 libraries v2.2.0.6 for Linux and UNIX-like OS (32 & 64 bit)
March 2011 Release of the PKCS#11 libraries v2.2.0.6 for Windows:
- New functions: Performance improvement, multi slot management, SetCardProperty command. More details in the Release Notes included in the zip package.
- The libraries zip package and the User's Guides are available from Download / Libraries.
New document in Download / White papers: Gemalto .NET card and Bitlocker
New compatibilities: Avencis SSOX, Prim'X ZoneCentral and Sophos SafeGuard LAN & PrivateDisk.
New links to Base CSP / CAPI architecture and functions
January 2011 New .NET v2+ flyer: See Download / Sales Brochure
December 2010 New version v2.3 of the vSEC:CMS U-Series free tool: Online or offline version

Technical Specifications
  Characteristics
Smart card chip Chip manufacturer Infineon
Chip reference SLE 88CFX4000P
Chip CC certification EAL 5+
ROM memory 80 KB
EEPROM memory 400 KB
CPU RISC 32 bit
Internal clock 66 MHz
External clock up to 10 MHz
Voltage range 1.62 V -  5.5 V
Temperature range -25 C to +85 C
Technology CMOS 0.13 microns
Memory rewrite >  500 K r/w cycles
Data retention >10 years
Crypto processor Yes (1408 bit)
Onboard key generation Yes
True Random Number Generator Yes
Smart card OS OS type Gemalto .NET 
Free EEPROM (approx) 50 KB with OTP
66 KB without OTP
Number of certificates and key pairs (2048 bit) Recommended: 8
Max.: 15 (without OTP)
Max I/O speed 223 Kbps,
negotiable PPS
Communication protocols ISO 7816 protocol T=0
RMI / Remoting .NET Remoting
SConnect Yes
Cryptographic
algorithms		 RSA Yes (512 to 2048 bit)
Elliptic Curves No
DES / TDES Yes
AES Yes (256)
Hash SHA1 / SHA256 Yes
Hash HMAC / MD5 Yes
Security certifications Common Criteria  EAL5+ (chip)
FIPS 140-2 Level 3 Option
Standards ISO 7816  1, 2,3
Javacard No
Others ECMA 335
  ISO/IEC 23271
Supported crypto.
architectures		 Microsoft CAPI Base CSP v5 to v7
PKCS#11 for Windows Yes
PKCS#11 for  Linux Yes
PKCS#11 for MacOS Yes
One Time Password OATH OTP Yes, event based
OTP provisioning Self or Live using SA Server v4 +
(batch prov. in option)
CAP OTP Option
Microsoft Minidriver Windows 7, Server 2008 R2 Microsoft Update (automatic download)
Vista, Server 2008 v5 In the Box  &  Update
XP up to SP3, Server 2003 v5 Base CSP  & Update
Performance of crypto. operations RSA Key Generation 1024 bit
(CSP / P11)		 3.1 s / 4.1 s
RSA Key Generation 2048 bit
(CSP / P11)		 8.4 s / 9.4 s
Import P12 1024 bit (CSP / P11) 9.1 s / 6.3 s
Cached WinLogon (CSP) 1.5 s
Crypto (CSP / P11) 2.3 s / 4.5 s
Object enumeration 1024 / 2048 bit (P11) 1.0 s / 1.1 s
Signature 1024 bit (CSP / P11) 0.5 s / 0.6 s
Signature 2048 bit (CSP / P11) 0.8 s / 0.9 s
Supported certificate / data formats X509 v3 Yes, up to 2048 bit
PKCS#12 / PFX Yes, up to 2048 bit
PKCS#15 No
Form factors Smart Card Standard (ID1) & SIM (ID000) format
Hybrid Card
(contact + contactless)		 Yes
USB Token Yes
USB Token with OTP display Yes
USB Token with secure mass storage Yes
Contactless technologies MIFARE 1K, 4K, DESFire, Plus Yes
HID IClass and/or Prox Yes
Legic Yes
Others See the complete list
Tools SDK Yes
DAS, vSEC:CMS, Minidriver Manager Tool Change & unblock PIN, Admin Key & certificates Mgmt
Compatibility

 

Solution type Partner Solution Smart card support through Compliance
Operating System
log on		 Microsoft Windows 7 & Server 2008 R2 BaseCSP Yes
Microsoft Windows Vista & Server 2008 BaseCSP Yes
Microsoft Windows XP & Server 2003 BaseCSP Yes
Sun Unix (Solaris) P11 Yes
Apple Mac OS X Token D, P11 Yes
[Open Source] Linux, Unix P11 Yes
[Open Source] EIDAuthenticate BaseCSP Yes
Other OS Other OS Marshaller API
See Download / Libraries		 Yes
Desktop applications Microsoft Word BaseCSP Yes
Microsoft Excel BaseCSP Yes
Microsoft Powerpoint BaseCSP Yes
Adobe Acrobat P11 Yes
[Open Source] Open Office P11 Yes
E-Mail clients Microsoft Outlook BaseCSP Yes
Microsoft Outlook Express BaseCSP Yes
Microsoft Outlook Web Access OTP OATH Yes
Mozilla Thunderbird P11 Yes
Apple Mail App Token D Yes
E-mail servers &
E-mail security		 Microsoft Exchange BaseCSP Yes
Web browsers Microsoft Internet Explorer BaseCSP Yes
Mozilla Firefox  Windows P11 Yes
Mozilla Firefox Linux P11 Yes
Google Chrome BaseCSP & P11 Yes
Apple Safari Apple Token D Yes
SSO Citrix Password Mgr BaseCSP Yes
Evidian ESSO BaseCSP / P11 Yes
Passlogix v-Go BaseCSP Yes
Actividentity SecureLogin BaseCSP Yes
Quest QSSO BaseCSP Yes
IBM Tivoli Access Manager Base CSP & P11 Yes
Avencis SSOX P11 Yes
Idactis Idactis Security Base CSP & P11 Yes
Data protection & Preboot Authentication Sophos -
Utimaco		 SafeGuard Enterprise / LAN / PrivateDisk BaseCSP & P11 Yes
McAfee (Safeboot) Endpoint Encryption for PC 6.x BaseCSP Yes
Winmagic SecureDoc P11 Yes
SafeNet ProtectDrive   Yes
Microsoft Bitlocker (to Go) BaseCSP Yes
Arkoon-Skyrecon Security Box P11  
Becrypt Disk Protect 6.0.0
Enterprise Manager 3.0.0
Trusted Client 4.0.0		   Yes
VPN Citrix Access Gateway BaseCSP Yes
Checkpoint Endpoint Security R75 BaseCSP Yes
Cisco VPN BaseCSP Yes
Juniper Network Connect BaseCSP Yes
Microsoft Direct Access / UAG
 ISA Server 2006		 BaseCSP Yes
Thin Client/ Remote Access Citrix XenDesktop 4 /
 XenApp 5.0		 BaseCSP Yes
Wyse WTOS Thin Client   Yes
Microsoft Remote Desktop BaseCSP Yes
Teradici PCoIP zero clients v3.4.1   Yes
Pragma Systems Secure SHell (SSH)   Yes
Bio Match on Card Precise Biometrics Biomatch BaseCSP Yes
Innovatrix   BaseCSP Yes
Certificate Authority Microsoft CA Cert Srv BaseCSP Yes
Verisign UA PKI BaseCSP Yes
Keynectics   P11 Yes
Cross platform interop.
MS AD <--> Linux, Mac		 Centrify Direct Control v4.2 Tokend Yes
CMS Microsoft ILM / FIM 2010 BaseCSP Yes
Intercede myID v8 SP2 Base CSP & P11 Yes
Opentrust SCM v4.4.3 P11 Yes
Passlogix v-GO Credential Mgr BaseCSP Yes
Gemalto DAS BaseCSP Yes
Gemalto vSEC:CMS
Operator Token		   Yes
Gemalto vSEC:CMS U series   Yes
[Open Source] scUtil BaseCSP Yes
File encryption Microsoft EFS BaseCSP  Yes
Prim'X ZoneCentral Base CSP & P11 Yes
PKI Client SecMaker net.id   Yes
Virtual desktop Oracle - Sun Sun Ray P11 Yes
VMWare View BaseCSP Yes
Next Steps

Useful Links

  • vSEC:CMS U2.3:       A set of online or offline free tools that allow you to manage samples of .NET cards.
  • Microsoft Update:       Download the latest certified .NET card minidriver dll
  • Gemalto webstore
  • The .NET Utilities web-based tool is back online. As a reminder, it works with any .NET sample card with a default Admin Key.
     

Exclusive Information for Gemalto Enterprise Partners