IDPrime .NET   In Production
Gemalto IDPrime .NET cards put state of the art technology to the service of organizations committed to take their IT Security and Identity & Access infrastructure to the next level. Two-factor authentication (2FA) solutions help secure your company's digital assets from end to end.  IDPrime .NET 510 cards support  for two different 2FA technologies: Digital Certificates (PKI) and One Time Passwords (OTP), now proposed as an option. Choose the one that suits you best, or combine both at once for different uses.

With Gemalto IDPrime technology, you benefit from unparalleled level of integration with Microsoft's platforms and solutions: Native support  by all Windows OS from XP to 8.x and their associated Server versions..NET cards are also fully compatible with Forefront Edge, Microsoft's  FIM - ILM CMS, Active Directory Domain Services and Certificate Services. With Gemalto IDPrime implementation, encryption and digital signature services become easier than ever.


 Thanks to the IDGo 800 middleware, the IDPrime .NET cards also suppor the PKCS#11 cryptographic standard on the Linux, MacOS and Windows environments. This brings a high portability level to the numerous applications developed by Gemalto partners listed in the Compatibility section below. These layers are named IDGo 800 PKCS#11 libraries.
The IDPrime .NET cards are also supported by IDGo 800 for Mobile devices on Android and iOS.


         IDGo 800

IDPrime .NET Smart Card Product Range


IDPrime .NET 510


IDPrime .NET 511
IDPrime .NET 5501


PKI minidriver based.
OTP-OATH authentication available as an option



Large choice of contactless card bodies for Physical Access Control applications


IDPrime .NET Card Based Tokens

IDBridge K30
(ex USB Shell Token v2)

IDBridge K50
(ex USB Shell Token v3)

IDBridge K3000
(ex SG Core)

USB token embedding
any ID-000 format card
USB token embedding
any ID-000 format card
in a robust casing
USB token embedding any ID-000 format card and a MicroSD memory card
Features and Benefits
March 16  The IDGo 800 v1.2.5 minidriver for Windows is now released. IDGo 800 v1.2.5 is bringing a fix related to certificate renewal with Microsoft FIM. More details are available from the download section.
Dec 2015 The IDGo 800 v1.2.4 for MAC OS X 10.11 (El Capitan), 10.10 (Yosemite) and 10.9 (Mavericks) is now released. IDGo 800 v1.2.4 supports the entire range of IDPrime .NET and IDPrime MD smartcards. More details are available from the download section.
Oct 2015 The IDGo 800 v1.2.4 for Windows 10 and previous Windows versions is now released. IDGo 800 v1.2.4 is bringing compatibility with Windows 10 and some other improvements. More details are available from the download section.
Sept 2015 The integration guides for IDGo  800 Minidriver with Citrix Xenapp 7.6 & Citrix Xen Desktop 7.6 are released and  available  from the download section (technical documents)
August 2015 The IDGo 800 v1.2.3 for Linux Ubuntu 14.04 LTS is now released. IDGo 800 v1.2.3 supports the entire range of IDPrime .NET and IDPrime MD smartcards, and is bringing some other improvements.
July 2015 The IDGo 800 v1.2.3 for MAC OS X 10.10 (Yosemite), 10.9 (Mavericks) and 10.8 (Mountain Lion) is now released. IDGo 800 v1.2.3 supports the entire range of IDPrime .NET and IDPrime MD smartcards.
June 2015 Please note that .NET Utilities will be discountinued by end of June 15. The recommended tools to be used are Minidriver Manager and IDGo 800 User Tool (see download section/development).
April 2015 New version v1.2.3 of IDGo 800 Minidriver, PKCS#11 for Windows and Credential Provider that supports the most recent IDPrime card versions and some various other improvements
- Minidriver v8.4.8.0 and Cred. Prov. available on Download / Libraries. This new Minidriver is certified and available on the Microsoft Update site or through the Plug & Play mechanism
February 2015 New versions of the IDGo 800 Minidriver User Guide, IDGo 800 PKCS#11 for Windows User Guide, IDGo 800 Credential Provider User Guide and IDGo 800 Integration Guide.
- A
vailable on Download / Technical document.

New User Tool for Windows providing a user friendly interface for managing the PKI certificates, Changing and Unblocking user PINs and resetting / recycling the smart cards.
- Available on request
December 2014 - New flyers about the Mohela and Fraser Health Authority case studies, available on Download / Case Study
- The latest version of the Chrome browser doesn't work with the .NET Utilities web tool anymore due to some evolutions regarding the SConnect compatibility
November 2014 New compatibility with Prim'X Cryhod preboot authentication and disk encryption solution
The latest version of the Chrome browser doesn't work  with the .NET Utilities web tool.
August 2014 New version v1.2.1 of IDGo 800 PKCS#11 for Linux that supports new PIN pads functions, the new IDPrime MD 3810 RevB cards and Ubuntu 14.04 LTS.
- Technical documentation available on Download / Technical document.
June 2014 New Strong Authentication Implementation Guide available on Download /  White Papers
April 2014 New version v1.2 of IDGo 800 PKCS#11 for MacOS
- Support of MacOS Mavericks v10.9
- Support of the new IDPrime MD 840 and 3840 cards
January 2014 New compatibility with Novell ZENworks Full Disk Encryption
December 2013 New version v3.2 of the vSEC:CMS T-Series. For more details about the new functions, please refer to our vSEC:CMS page

Technical Specifications
Smart card chip Chip manufacturer Infineon
Chip reference SLE 88CFX4000P
Chip CC certification EAL 5+
ROM memory 80 KB
EEPROM memory 400 KB
CPU RISC 32 bit
Internal clock 66 MHz
External clock up to 10 MHz
Voltage range 1.62 V -  5.5 V
Temperature range -25 C to +85 C
Technology CMOS 0.13 microns
Memory rewrite >  500 K r/w cycles
Data retention > 10 years
Crypto processor Yes (1408 bit)
Onboard key generation Yes
True Random Number Generator Yes
Smart card OS OS type Gemalto .NET 
Free EEPROM (approx) 70 KB without OTP
55 KB with OTP (option)
Number of certificates and key pairs (2048 bit) 15 (*)
Max I/O speed 223 Kbps,
negotiable PPS
Communication protocols ISO 7816 protocol T=0
RMI / Remoting .NET Remoting
RSA Yes (512 to 2048 bit)
Elliptic Curves No
AES Yes (256)
Hash SHA1 / SHA256 Yes
Hash HMAC / MD5 Yes
Security certifications Common Criteria  EAL5+ (chip)
Standards ISO 7816  1, 2,3
Javacard No
Others ECMA 335
  ISO/IEC 23271
Supported crypto.
Microsoft CAPI Base CSP v5 to v7
PKCS#11 for Windows Yes
PKCS#11 for  Linux Yes
PKCS#11 for MacOS Yes
One Time Password OATH OTP, event based Option
OTP provisioning Self or Live using IDConfirm 1000 v4 +
(batch prov. in option)
OTP CAP Option
Microsoft Minidriver Windows 8, Windows 7, Server 2008 R2,  Server 2012 Automatic download from Microsoft Update
Vista, Server 2008 v5 embedded  +  manual update from Microsoft Update
XP SP1 to SP3, Server 2003 Manual download from Microsoft Update
Performance of crypto. operations RSA Key Generation 1024 bit
(CSP / P11)
3.1 s / 4.1 s
RSA Key Generation 2048 bit
(CSP / P11)
8.4 s / 9.4 s
Import P12 1024 bit (CSP / P11) 9.1 s / 6.3 s
Cached WinLogon (CSP) 1.5 s
Crypto (CSP / P11) 2.3 s / 4.5 s
Object enumeration 1024 / 2048 bit (P11) 1.0 s / 1.1 s
Signature 1024 bit (CSP / P11) 0.5 s / 0.6 s
Signature 2048 bit (CSP / P11) 0.8 s / 0.9 s
Supported certificate / data formats X509 v3 Yes, up to 2048 bit
PKCS#12 / PFX Yes, up to 2048 bit
PKCS#15 No
Form factors Smart Card Standard (ID1) & SIM (ID000) format
Hybrid Card
(contact + contactless)
USB Token Yes
USB Token with OTP display Yes
USB Token with secure mass storage Yes
Contactless technologies MIFARE 1K, 4K, DESFire, Plus Yes
HID IClass and/or Prox Yes
Legic Yes
Others See the complete list
Tools SDK Yes
DAS, vSEC:CMS, .NET Utilities, Minidriver Manager Tool Change & unblock PIN, Admin Key & certificates Mgmt

(*): For the best performance level, it is recommended not to exceed 10 certificates (with a size of 3 KB) when the OTP option is selected.



Solution type Partner Solution Smart card support through
Operating System
Microsoft Windows 10 BaseCSP
Microsoft Windows 8.1 & Server 2012 R2 Base CSP
Microsoft Windows 8 & Server 2012 Base CSP
Microsoft Windows 7 & Server 2008 R2 Base CSP
Microsoft Windows Vista & Server 2008 Base CSP
Microsoft Windows XP & Server 2003 Base CSP
Sun Unix (Solaris) P11
Apple Mac OS X 10.6 & 10.7 P11
[Open Source] Linux, Ubuntu P11
[Open Source] EIDAuthenticate Base CSP
Other OS Other OS Marshaller - Stub API
on request
Desktop applications Microsoft Word Base CSP
Microsoft Excel Base CSP
Microsoft Powerpoint Base CSP
Adobe Acrobat Reader Base CSP / P11
[Open Source] Open Office P11
E-Mail clients Microsoft Outlook Base CSP
Microsoft Outlook Express Base CSP
Microsoft Outlook Web Access OTP OATH
Mozilla Thunderbird - Icedove P11
Apple Mail Tokend
E-mail servers &
E-mail security
Microsoft Exchange Base CSP
Web browsers Microsoft Internet Explorer Base CSP
Mozilla Firefox  Windows P11
Mozilla Firefox -  Iceweasel Linux P11
Google Chrome Base CSP & P11
Apple Safari Tokend
SSO Citrix Password Mgr Base CSP
Evidian ESSO Base CSP / P11
Passlogix v-Go Base CSP
Actividentity SecureLogin Base CSP
Quest QSSO Base CSP
IBM Tivoli Access Manager Base CSP & P11
Avencis SSOX P11
Idactis Idactis Security Base CSP & P11
Data protection & Preboot Authentication Sophos -
SafeGuard Device Encryption POA / LAN / PrivateDisk Base CSP & P11
McAfee (Safeboot) Endpoint Encryption 6.x
Drive Encryption 7.1
Base CSP
Winmagic SecureDoc P11
SafeNet ProtectDrive  
Microsoft Bitlocker (to Go) Base CSP


Security Box v8.0.6 P11
Wave Embassy Security Center
& Remote Admin Server v2.9
Novell ZENworks Full Disk Encryption P11
Prim'X Cryhod P11
Symantec Endpoint Encryption 11.0.1  
Becrypt Disk Protect 6.0.0
Enterprise Manager 3.0.0
Trusted Client 4.0.0
VPN Citrix Access Gateway Base CSP
Checkpoint Endpoint Security R75 Base CSP
Cisco VPN Base CSP
Juniper Junos Pulse - SA/IC series Base CSP
Microsoft SSTP / Direct Access / UAG BaseCSP
Thin Client/ Remote Access Citrix XenDesktop 5.6 /
 XenApp 6.5 /
Base CSP
Wyse WTOS Thin Client  
Microsoft Remote Desktop Base CSP
Teradici PCoIP zero clients v3.4.1  
Linux Open source PuttyS, PuttyCAC, SecureCRT
SSH tools
Pragma Systems Secure SHell (SSH)  
Bio Match on Card Precise Biometrics Biomatch Base CSP
Innovatrix   Base CSP
Certificate Authority Microsoft CA Cert Srv Base CSP
Verisign UA PKI Base CSP
Keynectis   P11
Cross platform interop.
MS AD <--> Linux, MacOS
Centrify Direct Control v4.2 Tokend
CMS Microsoft ILM / FIM 2010 Base CSP
Intercede myID v8 SP2 Base CSP
Opentrust CMS 4.7 Base CSP & P11
Passlogix v-GO Credential Mgr Base CSP
Gemalto /
Versatile Security
vSEC:CMS T Series Base CSP
Versatile Security vSEC:CMS U Series /
vSEC:CMS K Series
Native /
Base CSP
[Open Source] scUtil Base CSP
File encryption Microsoft EFS Base CSP
Prim'X ZoneCentral  P11
PKI Client SecMaker  
Virtualization Oracle - Sun Sun Ray P11
Cisco VXI Base CSP
VMWare View 5.1.2 Base CSP

Useful Links

  • vSEC:CMS U-Series: Online or offline free tool to perform user smart card operations (change PIN, unblock PIN, card info…) with IDPrime .NET cards. The offline version is Java based and works on any Java compliant platform (Windows, Linux, MacOS).
  • vSEC:CMS K-Series: Standalone free tool to perform expert smart card operations (PIN and Bio Policy management, admin key change, offline PIN unblock, advanced certificate management  …) with IDPrime .NET cards. K-Series works on Windows minidriver platforms.
  • Microsoft Update: Download the latest certified IDGo 800 minidriver dll
  • Gemalto webstore

Exclusive Information for Gemalto Enterprise Partners