Smart Card and S-MIME

are any plans to support S-MIME and smart card functionality. We are pertucarly interested to encrypt and decrypt messages via Web Mail. We know that already some other web cliiens (like Lotus iNotes) provide this
Kind Regards,
K. Hairopoulos

There's no current plan to implement S/MIME and SmartCard support for WAC, although we have the technical expertise in-house to do it, I think. Three years ago we implemented a prototype of S/MIME enabled OCS WebMail capable of reading private keys stored on a SmartCard. That project did not turn into product features.
The big difficulty with implementing and deploying S/MIME is the availability of an underlying public key infrastructure (for public key lookup, for example). IMHO the fact that we don't have S/MIME in Webmail or WAC reflects that OCS customers either don't have the infrastructure or don't require S/MIME beyond SSO. If that assumption is false, and there is a demand for S/MIME enabled WAC, please communicate the need through the usual product management channels.
Thanks,
Thomas

Similar Messages

  • Error encountered while signing. Windows cryptographic service provider reported an error. Object not found. Error code:2148073489. Windows 7, Adobe Reader XI, Symantec PKI, Smart Card and CAC. I have seen other threads for this error but none have a reso

    Error encountered while signing. Windows cryptographic service provider reported an error. Object not found. Error code:2148073489. Windows 7, Adobe Reader XI, Symantec PKI, Smart Card and CAC. I have seen other threads for this error but none have a resolution. Any help would be appreciated.
    Sorry for the long title, first time poster here.

    This thread is pretty old, are you still having this issue?

  • JavaCard + Schlumberger Smart Cards and Terminals

    Have anybody worked on following combination?
    JavaCard + Schlumberger Smart Cards and Terminals (Cyberflex Access SDK 4.4) + IDRBT

    It's certification authority in India.
    Check http://www.idrbt.ac.in
    Can you privide some help about this matter? I am new to this, and It will be greate if you help me.
    Please send your e-mail id on [email protected]
    Thx and Reg,
    Chetan Parekh

  • Smart card and Account Lockout Policies Issue

    I have enabled "Interactive logon: Require smart" card and "Account Lockout threshold: 3 invalid logon attempts". The lockout policy works fine with normal passwords. However, when I try to use the smart card and entering wrong PIN 4
    times, the lockout policy does not work. 
    Can anyone please help with this issue?

    Hi,
    the validity of the PIN is managed by the smartcard itself, not by windows. Windows just logs in of the smartcard gives the right certificates/keys. the smartcard will only do so when it is provided a valid PIN.
    Also note an account should not be locked out to avoid brute forcing the PIN. instead, the smartcard should lock.
    http://technet.microsoft.com/en-us/library/cc962052.aspx
    http://technet.microsoft.com/en-us/library/ff404290(v=ws.10).aspx
    MCP/MCSA/MCTS/MCITP

  • Need a recommendation about java smart card and a reader

    I've been posting some message in this forum and others and haven't gotten a clear response.
    I want to experiment with java smart card technology.
    From what I gathered, Gemplus is a leading company in this field so I thought about buying a smart card reader from it and a java smart card.
    I thought about buying the "USB Smart Card Reader/Writer Plug n Play (GemPC430)" reader which costs 69$.
    Is this a reasonable price?
    I need an answer from someone with experience using it.
    Now then, which one should I buy?
    I only want to do smart card to desktop application interaction without anything on the web (e-commerce or anything to do with encryption).
    I can buy 5 "GS2.2 Standard Crypto GPK8000su512 RED"
    cards which cost 87.50$
    THATS A LOT OF MONEY!!!!
    Are all java smart cards that expensive?
    There is a list of other cards on their site but I haven't been able to locate their price and don't know which to buy.
    Finally, there is the "Kit, GemSAFE Enterprise Workstation 2.21 Standard Cryptography Serial Port Reader" which as I read consists a GPK8000 card.
    Is this card a java card?
    Or do I need to buy the reader and java card seperately.
    Any help and insight would be greatly appreciated.
    Thanks.

    I've looked closely at the Cyberflex 32K cards + SDK from Schlumberger.
    My criteria was:
    * Javacard 2.1 support
    * visa open support (or whatever it is called now)
    * complete sdk (develop, test, deploy)
    * exportable
    * upgradable
    * customer support
    I tried to get someone from Gemplus to contact me, but was unable to ever get even an
    email response.
    Schlumberger, on the other hand, won me over with the quick responses over email.
    They offer fairly inexpensive upgrades after you buy the product, and technical support
    is free.
    For simple experimentation, you can get the JavaCard SDK for free. At JavaOne, several
    years ago, they were giving away JavaRings with Card Readers (which presumably
    means these are cheap to buy) from SCM or some company in Texas. You might
    try to get one of these. They don't have much memory, but are an interesting twist
    on the Java Card thing.
    If you want to dive in, the Smart Card SDK from Schlumberger will run you about $499.
    This includes the reader, 5 cards, and the SDK. Likewise, Metrowerks puts out an
    IDE for Java Card which runs about $1200, and may be available as a bundle from
    vendors like Schlumberger.
    dk

  • Help needed in learning the basics of Java Smart Card and implementation?

    Hello every body,
    I am trying to develop the applications on java contactless smart cards technology.
    Can any body give me the details like how to start?
    What are the required softwares and installation procedure and path settings and etc.?
    I am the beginner in java smart card application development.
    plz help me out

    Dear Friend,
    I would advice to divide learning into two main parts: JavaCard technology and contactless RFID cards. For JavaCard technology you can find useful articles on Sun web-site (developers.sun.com/mobility/javacard/articles/javacard1/). For contactless RFID you can find few useful books at Amazon. Regarding software you need JC development kit. How to install it there is an instrunction in JCDK user guide.
    If it is not a secret what a javacard contactless card you are going to use in your work?
    Yours
    Dmitri

  • Smart Card and  Java Card (URGENT)

    Dear everyone.
    I have purchased a card reader (which is supposed to be java card compatible).
    I have 2 problems.
    1. I just wonder if i can use a Smart Card generally available. Do i need to have a special card for Java Card??
    2. Can i use card kit to interface to the reader/writer? How do i install my applets??
    Please reply soon.
    Thank you very much.

    I tried to execute the OCF samples.
    this code
    OpenCard.services = com.ibm.opencard.factory.MFCCardServiceFactory
    did not give any trouble
    this code
    OpenCard.terminals = com.ibm.opencard.terminal.pcsc10.Pcsc10CardTerminalFactory
    gave some troubles. May be because iam not using ibm terminal(card).
    And also, i think the OCF samples will not work anyhow, because the Reflex reader is not OCF complaint.
    So the following may not work
    OpenCard.services = com.slb.opencard.Cyberflex
    I have most imp. questions to ask you now.
    1. What card should i purchase and from whom (along with some software if necessary)?
    2. What is the procedure for reading/writing to that card using the Reflex reader.
    Please help.
    Thanks
    Goldy.

  • Removed use a password feature, now I have to enter a smart card and have no admin rights!

    HI,
    I recently have bought a new laptop with windows 8, I did not like using a password to sign in. After removing that feature by accessing the users and checking the remove password box and restarting the computer I seem to have lost all administrative rights.
    I tried the trust this machine signup online however that did nothing. I am prompted to insert a smart card however I have no account to change to and I have no rights on this account. 
    Any advice would be great,
    Thanks,
    Ryan

    Hi,
    How about your problem now? How did you remove the Password feature? Uncheck "Users must enter a user name and password to use this computer" like the picture below?
    In your login screen, Is there any window to input password? or only need to inser a smart card? If so, maybe you need to reinstall your Windows. For Windows login problem with password, you can refer to link below:
    What to do if you forget your Windows password:http://windows.microsoft.com/en-us/windows/what-do-forget-windows-password#1TC=windows-8
    Roger Lu
    TechNet Community Support

  • Extract the name of a digital ID from a smart card and place in a field

    In DoD we use Smart Cards, commonly called 'Common Access Card (CAC)', I am wondering if it's possible to extract the name of the user from their CAC, or at least be able to extract the name from a .FDF file. If you go to 'Sign & Certify' from Acrobat 10.x, and then go to 'More Sign & Certify', then click on 'Security Settings', again, this only applies if you have either a Smart Card or digital ID, you will see the security settings menu. Within this menu, you will see the option to 'Export' the file to either an email or save the data to a file. When you click next, you have the option to save as and .fdf file or .p7c file. Is it possible to create a button or a digital signature that will allow me to export the name of the user to a field?

    Hi bsabourin1962,
    It can be done by creating a button with a script to extract the name of the user.

  • What is the relation between Smart Card and Java Programming?

    Kindly ingnore the message as this is just a test message by Mihir Mehta

    Nothing.....Pls ignore.....just testing the Forum

  • SUN One web server 6.1,strong authentication and smart card

    Hi guys,
    I am experiencing a weired issue with smart cards.
    scenario:
    SOWS 6.1 SP6, smart card Gem Plus and Internet explorer 6 and 7 as client and strong authentication.
    Once I put my smart card and insert the PIN code to get into the html page, when I tried to just move the mouse in a frame, I got lots of PIN request. I have notest the there are lots of SSLv3 sessions opened. When I put the PIN code after a while and again when I move the mouse quickly I got the same request
    I tried with Firefox and the it works fine.
    Anyone experienced a sort of same issue? any clue? Could it be that Firefox store the PIN code somewhere and IE doesn't?
    Cheers

    Hi,
    Yes, Firefox and other mozilla products by default only require the pin for tokens the first time they are needed. In Seamonkey, the preference is in edit/preference/privacy & security/master passwords/master password timeout/web browser will ask for your master password . There is an equivalent in Firefox, but since i don't use it, I don't know the exact location of that pref.
    The fact that you are being prompted multiple times in IE means that there are multiple SSL handshakes happening. This may be because the server is forcing a new SSL handshake on each HTTP request. . There may be a way for the web server to be configured not to do that by setting client auth globally on the listen socket instead of setting it on a specific URL space.

  • MIDlets and smart cards ???

    Hi
    A question:
    We have smart cards and SIM cards, a smart card with a much smaller plastic substrate than credit-card sized smart cards.
    We have the Java[tm] programming language.
    We know, that there are wireless phones that can execute so-called MIDlets. And - as far as I know - they can execute those MIDlets because they have a java-understanding SIM-card.
    So the language is the same and the "hardware" is the same.
    So where are the differences bedween programs for smart cards and MIDlets. Is it the same?
    RB

    You mix Java on SIM cards with Java on phones! MIDlets are executed by a Java VM that runs on the mobile phone hardware. Java Card Applets, however, are executed by a Java VM that runs on a smart card hardware. This smart card might be a SIM card, which sits inside a mobile phone but appart from that we are talking about two differnent things - two different Java runtime environments. Please consult the MIDP/Java Card specifications.

  • Token and smart card reader are not detected on Mavericks if not plugged on a USB port during system boot

    Well, both token and smart card reader are not detected on OS X 10.9 if not plugged on a USB port during system boot. So, if I am already working within the system and need to use my certificates I have to plug the token or smart card reader on a USB port and restart Mavericks.
    Token is a GD Starsign and Smart Card Reader is a SCR3310 v2.
    Thoughts?

    SCS is a very good app, since I've read that Apple has discontinued support for PC/SC interfaces after the release of Mountain Lion.
    (My previous installation was a Mavericks upgrade from Lion)
    However, I don't know what and how to debug using Smart Card Services. Do you know any commands to use?
    Apparently, the SC reader reports no issues: the LED is blinking blue when no smart card is present and becomes fixed blue when a smart card is inserted – according to the manuals, this shows that there is correct communication between the OS and the CCID reader.
    I don't know what to do; I'm beginning to hypothesize it's a digital signer issue. In fact, my smart card only supports one application called File Protector (by Actalis) to officially sign digital documents. This application seems to have major difficulties in identifying the miniLector EVO.
    The generic and ambiguous internal error comes when I try to manually identify the peripheral.
    Athena CNS is one of the Italian smart cards and is automatically recognized and configured (so it's correct – no doubts about this), while "ACS ACR 38U-CCID 00 00" seems to be the real name of the miniLector.
    (I'm assuming this because System Information also returns that the real manufacturer is ACS... bit4id is a re-brander)
    However, when I click on it and then tap OK, it returns internal error.
    As first attempt, I would try to completely erase&clean File Protector files to try a reinstall. Then, if this still doesn't work, I'd debug using the terminal.
    So:
    - Do you know any applications to 100% clean files created by an installer?
    - Do you have in mind any solutions that I might have forgotten?
    Thanks in advance from an OS X fan!

  • Standard Account and Smart Card

    I apparently have a standard account and  whenever I try to make an administrator change it tells me to connect a smart card and I don't know what it is.

    Owenthec,
    A smart card is a card that you can insert into a computer with a smart card reader that will allow you to log on to an account associated with that card. 
    In your case, the account associated with the card is an administrator account.
    If this is a work computer that you’re using, then it appears that your systems administrator has it set so that you cannot make changes.
    For more information, check out
    What is a smart card and how do I use one?
    Hope this helps!
    Mike
    Windows Outreach Team – IT Pro
    Windows for IT Pros on TechNet

  • Windows 7 Smart Card Logon

    Hi,
    Testing PKI with Windows 7 x64 under a (otherwise) working public key infrastructure (Windows 2008 CA) using Smart Card certificates based on V2 templates. I've enrolled an AD user successfully with a smartcard and validating the cert it looks all ok (via certutil -scinfo). For all intents and purposes the smart card appears ok but when I try to logon with the user and the smartcard inserted in the machine, I get the following error message:
    "The system could not log you on. You cannot use a smart card to log on because smart card login is not supported for your user account. Contact your system administrator to ensure that smart card logon is configured for your organization."
    Kind of weird message :-/ The smart card reader is in-built on a Dell E6400 ATG... the smart card itself is a Gemalto .NET based card. I've validated that the cert is correctly written to the card via the netsolutions site at Gemalto ... Windows 7 reads the smart card and the user ID correctly from the GUI Logon screen ... it's only when I enter the PIN and it attempts to logon do I get the above message....
    Is there anything "special" I need to do in Windows 7 or in group policy to enable smart card support?? This has worked fine in the past on XP....
    Both the smart card service and the certificate propogation service are running...
    Regards,
    Mylo

    Stigh,
    OK..... I've got it working with Windows 7 on the 6400 together with the Mobile Internet Broadband using domain-based interactive logon.... so the pressures off at least at this end :-)
    "I actually disagree."
    I can see you're healthy motivated to fix the problem.. which is good :-)
    "As long as there is a EKU in the certificate, it should work for local logon."
    Agreed (kind of).. although in your case the common name (the username) is the key identifier for logon purposes..  a UPN in this case is moot as there is no domain to speak of.... I'm assuming the Smart Card Login OID is present in your certificate template together with Client Authentication, and that the purpose is set to "Signature and Smartcard Logon".. I'm working with V2 templates at the mo...
    "In GPedit, under Computer Configuration-Windows Components-Smart Card there are policies to disable certain paramters. I need to read more on those.
    In my case I haven't tweaked any settings via GPO... to resolve the problem described earlier I ended adding the AMT HECI driver for the chipset and the Broadcom drivers from the Connection Manager packs.... I suspect it was the latter that was the problem. Again I haven't installed any Dell Connection Manager software so I'm relying purely on drivers.
    "Btw; Dell SmartCard is not available for shopping in Norway where I'm located; so I can not enroll any cards through Controlpoint/Wave manager. My Gemalto.NET card is purchased from a local store"
    The Gemalto drivers from Windows 7 RTM worked ok for me.
    "The reason for using the laptop as stand alone outside domain is that it's "never" connected locally to any wired network, and there is no reason for it to be a member of the domain.
    OK, but here's where I disagree :-) .. the machine in question will need to connect back to your Enterprise CA certificate distribution point (CDP) to check that the certificate is valid. That's part of basic PKI functionality to ensure certificates are valid. In your case, you'll need an HTTP-based CDP reachable from the local machine, i.e. reachable over a LAN or over the Internet from the "stand-alone" machine, as default LDAP CDP's are meaningless as your client is not domain-joined. Otherwise, you'll need to turn off certificate revokation on the local machine completely, which is diluting security even further. 
    "Its only connecting through RDP and for Outlook (Exchange 2007). Here I use the certificate for RDP logon and for signing/encrypting emails."
    I was slight confused here.. so you don't intend to use the smartcard for local logon? If this is the case this is a workable scenario. You can use a smartcard from a non-domain joined machine to connect for RDP logon. S/MIME is also possible from Outlook, but YMMV as you may run into trust issues when sending encrypted mails to parties that don't trust your CA. Again, bear in mind the comments made earlier about the CDP... the "stand-alone" machine will still need to "connect" back to the CA to access the CDP/AIA, plus you'll have to do certificate renewals etc.
    On a parting note, you need to be clear about why you really need to use smart cards (in this scenario). You're working outside the normal working conventions of Windows with a non-domain joined machine and the pay-off in this case is negligible. I'm not trying to dissuade you from continuing but it's likely to be an uphill struggle.
    Good luck and post back if you want to discuss further!
    Regards,
    Mylo

Maybe you are looking for

  • Itunes library physically on 2 computers

    Hello all, Well I am the new owner of a Macbook Pro and its my first Mac. So far I am happy with it, and still learning. I have been searching all day for an answer to my question, however I haven't found any questions similar to my situation. It may

  • IS Mill  & IS Retail

    Hi IS MIll experts & IS Retail experts, We are using ECC 6.0 and have activated IS Retail system. And for our specific business, we wanted to use some functions in IS mill, such as double-measure-unit for per meterial with variable convert factors, i

  • Returning structure from dll to pl/sql

    hi we have a problem regarding how to return structure of arrays from c dll. It may be possible with oci programing . Is it possible with simple c program using oracle object types or by pl/sql records . We are having oracle 8i running on windows 200

  • Any fm for PO Invoice receipt details ?

    Hi all, Is there any function which gives invoice receipt details for a purchase order ? I am aware of the tables to be used.

  • [svn] 663: Fix SDK-14201: Performance: embedded images are written into the swf one byte at a time.

    Revision: 663 Author: [email protected] Date: 2008-02-26 13:56:08 -0800 (Tue, 26 Feb 2008) Log Message: Fix SDK-14201: Performance: embedded images are written into the swf one byte at a time. This changes the way swfs are written out when they conta