IDPrime .NET   In Production
 
 
 
Gemalto IDPrime .NET cards put state of the art technology to the service of organizations committed to take their IT Security and Identity & Access infrastructure to the next level. Two-factor authentication (2FA) solutions help secure your company's digital assets from end to end.  IDPrime .NET 510 cards support  for two different 2FA technologies: Digital Certificates (PKI) and One Time Passwords (OTP), now proposed as an option. Choose the one that suits you best, or combine both at once for different uses.

With Gemalto IDPrime technology, you benefit from unparalleled level of integration with Microsoft's platforms and solutions: Native support  by all Windows OS from XP to 8.x and their associated Server versions..NET cards are also fully compatible with Forefront Edge, Microsoft's  FIM - ILM CMS, Active Directory Domain Services and Certificate Services. With Gemalto IDPrime implementation, encryption and digital signature services become easier than ever.

         

 Thanks to the IDGo 800 middleware, the IDPrime .NET cards also suppor the PKCS#11 cryptographic standard on the Linux, MacOS and Windows environments. This brings a high portability level to the numerous applications developed by Gemalto partners listed in the Compatibility section below. These layers are named IDGo 800 PKCS#11 libraries.
The IDPrime .NET cards are also supported by IDGo 800 for Mobile devices on Android and iOS.

 

         IDGo 800
 

IDPrime .NET Smart Card Product Range

     

IDPrime .NET 510

  IDPrime .NET 5500  

IDPrime .NET 511
IDPrime .NET 5501

  IDPrime .NET 7510

PKI minidriver based.
OTP-OATH authentication available as an option

 

  PKI minidriver based and Biometrics Match On Card authentication  

Large choice of contactless card bodies for Physical Access Control applications

  A unique device that combines a .NET card and an OTP Display Card

IDPrime .NET Card Based Tokens

IDBridge K30
(ex USB Shell Token v2)

IDPrime .NET 7519
(ex .NET Dual Token)

IDBridge K50
(ex USB Shell Token v3)

IDBridge K3000
(ex SG Core)
 

USB token embedding
any ID-000 format card
USB token embedding
a .NET chip and an OTP
display
USB token embedding
any ID-000 format card
in a robust casing
 
USB token embedding any ID-000 format card and a MicroSD memory card
Features and Benefits
News
August 2014 New version v1.2.1 of IDGo 800 PKCS#11 for Linux that supports new PIN pads functions, the new IDPrime MD 3810 RevB cards and Ubuntu 14.04 LTS.
- Technical documentation available on Download / Technical document.
July 2014 New version v1.2.1 of IDGo 800 Minidriver, PKCS#11 for Windows and Credential Provider that supports the PIN pads and the new IDPrime MD 3810 RevB cards.
- Minidriver v8.4.5.0 and Cred. Prov. available on Download / Libraries. This new Minidriver is certified and available on the Microsoft Update site or through the Plug & Play mechanism
-
Technical documentation available on Download / Technical document.
June 2014 New Strong Authentication Implementation Guide available on Download /  White Papers
April 2014 New version v1.2 of IDGo 800 PKCS#11 for MacOS
- Support of MacOS Mavericks v10.9
- Support of the new IDPrime MD 840 and 3840 cards
March 2014 New version of the Integration Guide
- Homogeneous with the IDGo 800 documentation
- Improvement of the External PIN and PINpad readers management

- Available on Download / Technical document
February 2014 New version v1.2 of IDGo 800 Minidriver, PKCS#11 for Windows and Credential Provider that supports Windows 8.1, Windows Server 2012 R2 and previous Windows versions
- Available on Download / Libraries
- The new Minidriver v8.4.3.0 is certified and available on the Microsoft Update site or through the Plug & Play mechanism
January 2014 New compatibility with Novell ZENworks Full Disk Encryption
December 2013 New version v3.2 of the vSEC:CMS T-Series. For more details about the new functions, please refer to our vSEC:CMS page
New reference of the IDPrime .NET 511 MIFARE 4K cards available on the Gemalto webstore: O1047452
- No change of the product itself
November 2013 IDGo 800 PKCS#11 for MacOS replaces IDGo 500:
- Tokend libraries are also provided but not supported
October 2013 IDGo 800 middleware replaces IDGo 500:
- New minidriver dll v8.4.1 available on Microsoft Update site
- New PKCS#11 v1.1 libraries for Windows and Linux in Ubuntu and source code format.
- New optional Credential Provider v1.1
-
New set of technical documents available on  Download / Technical documents

New IDPrime .NET 510 flyer (French language) and IDGo 800 flyer available on Download / Sales Brochures
June 2013 New IDPrime .NET 511 DESFire EV1 4K cards available on the webstore that replace the previous DESFire 4K version (non EV1). More details ...
New versions of the IDPrime .NET Integration Guide  and Administration & User Guide
- Available on Download / Technical documents.
British Sky Broadcasting OneCard project case study flyer available on  Download / Case Study
IDPrime .NET 7510 cards (ex .NET Display Cards) are now available in low volumes on the Gemalto Webstore
May 2013 Release of the IDGo 500 PKCS#11 libraries v2.3.1.1 for Windows
-
Maintenance version fixing some minor issues described in the Release Notes included in the zip package: SSO and No PIN options, RDP, C_Finalize
-
Available on Download / Libraries.
March 2013 New compatibility with Wave Embassy Remote Administration Server (ERAS) data protection solution.
February 2013 New compatibility with Wave Embassy Security Center endpoint security solution
The IDGo 500 Minidriver dll v8.3.2.0 installation package now includes only two msi files (32 and 64 bit). Each msi works with any Windows version and does not require a reboot.
- Available on Download / Libraries.

Technical Specifications
  Characteristics
Smart card chip Chip manufacturer Infineon
Chip reference SLE 88CFX4000P
Chip CC certification EAL 5+
ROM memory 80 KB
EEPROM memory 400 KB
CPU RISC 32 bit
Internal clock 66 MHz
External clock up to 10 MHz
Voltage range 1.62 V -  5.5 V
Temperature range -25 C to +85 C
Technology CMOS 0.13 microns
Memory rewrite >  500 K r/w cycles
Data retention > 10 years
Crypto processor Yes (1408 bit)
Onboard key generation Yes
True Random Number Generator Yes
Smart card OS OS type Gemalto .NET 
Free EEPROM (approx) 70 KB without OTP
55 KB with OTP (option)
Number of certificates and key pairs (2048 bit) 15 (*)
Max I/O speed 223 Kbps,
negotiable PPS
Communication protocols ISO 7816 protocol T=0
RMI / Remoting .NET Remoting
Cryptographic
algorithms
RSA Yes (512 to 2048 bit)
Elliptic Curves No
DES / TDES Yes
AES Yes (256)
Hash SHA1 / SHA256 Yes
Hash HMAC / MD5 Yes
Security certifications Common Criteria  EAL5+ (chip)
FIPS 140-2 Level 3 Option
Standards ISO 7816  1, 2,3
Javacard No
Others ECMA 335
  ISO/IEC 23271
Supported crypto.
architectures
Microsoft CAPI Base CSP v5 to v7
PKCS#11 for Windows Yes
PKCS#11 for  Linux Yes
PKCS#11 for MacOS Yes
One Time Password OATH OTP, event based Option
OTP provisioning Self or Live using IDConfirm 1000 v4 +
(batch prov. in option)
OTP CAP Option
Microsoft Minidriver Windows 8, Windows 7, Server 2008 R2,  Server 2012 Automatic download from Microsoft Update
Vista, Server 2008 v5 embedded  +  manual update from Microsoft Update
XP SP1 to SP3, Server 2003 Manual download from Microsoft Update
Performance of crypto. operations RSA Key Generation 1024 bit
(CSP / P11)
3.1 s / 4.1 s
RSA Key Generation 2048 bit
(CSP / P11)
8.4 s / 9.4 s
Import P12 1024 bit (CSP / P11) 9.1 s / 6.3 s
Cached WinLogon (CSP) 1.5 s
Crypto (CSP / P11) 2.3 s / 4.5 s
Object enumeration 1024 / 2048 bit (P11) 1.0 s / 1.1 s
Signature 1024 bit (CSP / P11) 0.5 s / 0.6 s
Signature 2048 bit (CSP / P11) 0.8 s / 0.9 s
Supported certificate / data formats X509 v3 Yes, up to 2048 bit
PKCS#12 / PFX Yes, up to 2048 bit
PKCS#15 No
Form factors Smart Card Standard (ID1) & SIM (ID000) format
Hybrid Card
(contact + contactless)
Yes
USB Token Yes
USB Token with OTP display Yes
USB Token with secure mass storage Yes
Contactless technologies MIFARE 1K, 4K, DESFire, Plus Yes
HID IClass and/or Prox Yes
Legic Yes
Others See the complete list
Tools SDK Yes
DAS, vSEC:CMS, .NET Utilities, Minidriver Manager Tool Change & unblock PIN, Admin Key & certificates Mgmt


(*): For the best performance level, it is recommended not to exceed 10 certificates (with a size of 3 KB) when the OTP option is selected.

Compatibility

 

Solution type Partner Solution Smart card support through
Operating System
logon
Microsoft Windows 8.1 & Server 2012 R2 Base CSP
Microsoft Windows 8 & Server 2012 Base CSP
Microsoft Windows 7 & Server 2008 R2 Base CSP
Microsoft Windows Vista & Server 2008 Base CSP
Microsoft Windows XP & Server 2003 Base CSP
Sun Unix (Solaris) P11
Apple Mac OS X 10.6 & 10.7 P11
[Open Source] Linux, Ubuntu P11
[Open Source] EIDAuthenticate Base CSP
Other OS Other OS Marshaller - Stub API
on request
Desktop applications Microsoft Word Base CSP
Microsoft Excel Base CSP
Microsoft Powerpoint Base CSP
Adobe Acrobat Reader Base CSP / P11
[Open Source] Open Office P11
E-Mail clients Microsoft Outlook Base CSP
Microsoft Outlook Express Base CSP
Microsoft Outlook Web Access OTP OATH
Mozilla Thunderbird - Icedove P11
Apple Mail Tokend
E-mail servers &
E-mail security
Microsoft Exchange Base CSP
Web browsers Microsoft Internet Explorer Base CSP
Mozilla Firefox  Windows P11
Mozilla Firefox -  Iceweasel Linux P11
Google Chrome Base CSP & P11
Apple Safari Tokend
SSO Citrix Password Mgr Base CSP
Evidian ESSO Base CSP / P11
Passlogix v-Go Base CSP
Actividentity SecureLogin Base CSP
Quest QSSO Base CSP
IBM Tivoli Access Manager Base CSP & P11
Avencis SSOX P11
Idactis Idactis Security Base CSP & P11
Data protection & Preboot Authentication Sophos -
Utimaco
SafeGuard Device Encryption POA / LAN / PrivateDisk Base CSP & P11
McAfee (Safeboot) Endpoint Encryption 6.x
Drive Encryption 7.1
Base CSP
Winmagic SecureDoc P11
SafeNet ProtectDrive  
Microsoft Bitlocker (to Go) Base CSP

Arkoon-Skyrecon

Security Box v8.0.6 P11
Wave Embassy Security Center
& Remote Admin Server v2.9
 
Novell ZENworks Full Disk Encryption P11
Becrypt Disk Protect 6.0.0
Enterprise Manager 3.0.0
Trusted Client 4.0.0
 
VPN Citrix Access Gateway Base CSP
Checkpoint Endpoint Security R75 Base CSP
Cisco VPN Base CSP
Juniper Junos Pulse - SA/IC series Base CSP
Microsoft SSTP / Direct Access / UAG BaseCSP
Thin Client/ Remote Access Citrix XenDesktop 5.6 /
 XenApp 6.5
Base CSP
Wyse WTOS Thin Client  
Microsoft Remote Desktop Base CSP
Teradici PCoIP zero clients v3.4.1  
Linux Open source PuttyS, PuttyCAC, SecureCRT
SSH tools
P11
Pragma Systems Secure SHell (SSH)  
Bio Match on Card Precise Biometrics Biomatch Base CSP
Innovatrix   Base CSP
Certificate Authority Microsoft CA Cert Srv Base CSP
Verisign UA PKI Base CSP
Keynectis   P11
Cross platform interop.
MS AD <--> Linux, MacOS
Centrify Direct Control v4.2 Tokend
CMS Microsoft ILM / FIM 2010 Base CSP
Intercede myID v8 SP2 Base CSP
Opentrust CMS 4.7 Base CSP & P11
Passlogix v-GO Credential Mgr Base CSP
Gemalto IDAdmin 100 - DAS Native
Gemalto /
Versatile Security
vSEC:CMS T Series Base CSP
Versatile Security vSEC:CMS U Series /
vSEC:CMS K Series
Native /
Base CSP
[Open Source] scUtil Base CSP
File encryption Microsoft EFS Base CSP
Prim'X ZoneCentral  P11
PKI Client SecMaker net.id  
Virtualization Oracle - Sun Sun Ray P11
Cisco VXI Base CSP
VMWare View 5.1.2 Base CSP

Useful Links

  • vSEC:CMS U-Series: Online or offline free tool to perform user smart card operations (change PIN, unblock PIN, card info…) with IDPrime .NET cards. The offline version is Java based and works on any Java compliant platform (Windows, Linux, MacOS).
  • vSEC:CMS K-Series: Standalone free tool to perform expert smart card operations (PIN and Bio Policy management, admin key change, offline PIN unblock, advanced certificate management  …) with IDPrime .NET cards. K-Series works on Windows minidriver platforms.
  • Microsoft Update: Download the latest certified IDGo 800 minidriver dll
  • Gemalto webstore
  • .NET Utilities web-based tool
  • .NET Evaluation Kit page.
     

Exclusive Information for Gemalto Enterprise Partners