Smart Card Middleware

I'm trying to install a cherry smart card (CAC) reader on my iMAC G5 OSX 10.4.11. I have downloaded the driver but see that I need to install PCSC lite 1.1.1 of PCSC Framework before loading the driver. To load those middleware products I have to perform (I think) a manual installation, which requires entering text such as: "./configure" etc. I don't know how to get to something that looks like a "DOS" page on my MAC that would allow me to manually enter the program. I've searched high and low for answers...can you help?

A quick bit of googling through up a driver that is open source and has to be compiled to run on your mac.
Your issue is not really related to the 'getting online' section of the forum and is more of a UNIX based issue.
I would suggest you post your issue in the UNIX section of the forum where you will find help on how to compile this software.

Similar Messages

  • Compatible Smart Card Availability

    I need help locating compatible smart cards for purchase for use with Client Security Solution 8.2 on my Thinkpad X60.
    According to the installation notes for OmniPass Smart Card Middleware for Client Security Solution, the following smart cards are compatible...
    - Gemalto/Axalto Cyblerflex Access eGate 32K (PRO/PKI)
    - G&D SmartCafe 64K (PRO/PKI)
    - OmniPass 72K (PRO/PKI)
    - JCOP 72K (PRO/PKI)
    I cannot find any vendor that sells these.
    Any help would be appreciated.
    Thanks.

    Hi,
    try with Lenovo sales team
    We do sale also smart Card readers. Although I know, that usually we sell them with systems, but you need to ask  whether they can sell it separatelly. I think they do.
    Sorry for the confusing answer, but for Lenovo technicals it's easy to get separate parts, like this one.
    Cheers

  • Problem signing certificates from external token (smart card)

    I can not sign PDF documents with an external token (smart card) through a card reader of a Cherry keyboard.
    The card drivers perfectly detect the card and certificates in it, however when trying to sign a certificate in Adobe and select the location of the certificate click in the option "A device attached to this computer" ... I get an error indicating that no device is connected to the computer appears.
    I have tried several different card readers, it seems a problem of drives because the middleware card recognizes all tested certificates readers, however it seems that Adobe is not able to find the card reader. It has happened with several teams. In one team made a clone and deploy it to another machine with the same hardware environment, the firm run properly in the pdf that clone, however on the original computer is not working.
    You have any idea what could be the problem? Thank you very much in advance.

    If the digital ID's corresponding public-key certificate is not getting added to either the Windows Certificate Store, or Mac Keychain Access when you plug the card into the card reader, then you need to load the PKCS#11 module via the Acrobat UI. The module will be a DLL on Windows or a bundle file on the Mac. The problem is there is no one file name to look for, you would need to consult the hardware's documentation to find the name of the file. Once you know the name you can add the P11 module from the Security Settings dialog and then Acrobat will then see the digital ID(s) loaded on the smart card.
    Steve

  • Compatible Smart Cards

    Hello everyone,
    Hopefully you can help me out with the following.
    I have windows 7 clients and a windows server 2012 r2 server running PKI.
    I recently ordered an omni card reader 3121.
    I als bought several smart cards like the CHIP SLE 4428 and the CHIP SLE5542.
    Neither of them are supported in Windows.
    Case:
    I installed the smartcard reader with the corresponding drivers and I can see that it has been installed succesfully in device manager. However when I enter a smartcard in the card reader it sees the card as a new hardware and want to install drivers for it.
    However, it can't find any driver on windows update and the supplier of the card doesn't know anything about drivers.
    Does anyone of you know which smartcard is supported with Windows 7 & 8 and has at least a chip for a 2KB cert.
    Goal:
    I would like to achieve smartcard logons so users in my domain can logon with a smart card but I just can't seem to find a smartcard to enter in my card reader in which Windows has a native driver.
    I would really appreciate all the help in this as this is driving me crazy for weeks now.
    Many thanks in advance.
    Andre

    To add to Mark's answer, any smart card based on the smart card Base CSP should work out of the box, as the mini-driver must be downloadable to be certified.
    That being said, it all depends on the standards you wish to follow. If things like FIPS 201 or PIV-C are being tossed around your organization, then you need different smart cards (Java based).
    This means that smart cards are just part of the purchase. You also need to purchase middleware and the associated CSP/KSP for the smart cards
    Brian

  • Installing Smart Card Reader Software

    I'm trying to install a cherry smart card (CAC) reader on my iMAC G5 OSX 10.4.11. I have downloaded the driver but see that I need to install PCSC lite 1.1.1 of PCSC Framework before loading the driver. To load those middleware products I have to perform (I think) a manual installation, which requires entering text such as: "./configure" etc. I don't know how to get to something that looks like a "DOS" page on my MAC that would allow me to manually enter the program. I've searched high and low for answers...can anyone help?

    Thanks. That's the pointer I needed. I'll try loading the instructions in Terminal and will let you know if that worked.

  • FIM CM Bulk Smart Card Issuance Client and Printing Smart Cards

    Hi,
    From what we are reading, the Bulk Smart Card Issuance Client can be used to Issue and Print Smart Cards - what does MS mean by 'print smart cards'?
    Do they mean 'print on smart cards' like for instance users photo's?
    Or would we still need to utilize something like ID Works Software?
    Thanks

    With FIM-CM you are limited to which software Middleware and printers you can use (at least the version I am running FIM 2010).
    We are running ID Works Enterprise Edition 5.1 on a windows 7 x32 workstation.
    CM now supports ID Works Enterprise Edition 6.51 which supposedly can work on an x64 system but we haven’t tried it.
    One thing to note is the cm software patch.  The CM Update allows the bulk client to be installed on windows 7.  But you can't install the client on windows 7 to apply the patch that lets it run on 7.  The work around is the Microsoft released
    a copy of the bulk client with the patch already applied.  This worked fine for the install.  But we got errors when we tried to connect to the CM Servers.  It couldn't find the templates.  Turns out the dlls in the patched bulk client
    were newer than the .dlls on the CM server, and this was breaking the notification.  We patched the CM server, and everything was good. 
    For Printers we got 2 SP75 plus Datacard printers.  We wanted the higher capacity, and the ability to laminate both sides of the card.  We got two for coverage so we will have one when we have to send one in for repair.  (Not saying that the
    printers are "bad” but they take a lot of abuse printing, and need a lot of care).
    Although the Plus printers aren’t listed in the supported printers, we got confirmation from MS that the Plus worked (they replaced the older ones), but that the newer 95's probably wouldn't.  (I think they are a different kind of printer).
    One more data point to add.  Work out your Pin Policy before you buy your cards.
    We got our cards first, and then figured out our PIN policy.  If we knew our PIN Policy at purchase time, the manufacture (Gemalto) could have set it.   We have been working on ways to set it using CM.  But have finally given up. 
    We figured out how to set the PIN policy using APDU commands, and CM can do application management via APDU commands.  But it looks like it can only do that for Java Cards, and not the .net cards (yet, we keep hoping).  So we are going to set the
    Pin Policy before we bulk print.  And when we order our next set of cards, we will order them with the PIN policy set.
    Over all I am very happy with CM.  and there is a lot more information on setting it up now than there was a two years ago (thanks a lot to Paul Adare and Brian Komar,  who I am beginning to think are the same person.  Has anyone actually
    seen both of them at the same time? 

  • Authenticate to the Domain using a Smart Card

    Hi,
    I'm trying to get authenticated using the Smart Card but got the following error messages:
    On the Windows XP client, we inserted the PIV card, entered the PIN but received an error message “The system could not log you on.  The server authenticating you reported an error (0xC00000BB).”
    On the Windows 7 client, we received an error message “The system could not log you on.  You cannot use a smart card to log on because smart card logon is not supported for your user account.”
    Here is our environment:
    -          Domain:  Windows 2008 R2
    -          Client:  Windows XP SP3 and Windows 7
    -          Smart Card:  USAccess issued PIV card
    -          Care Reader:  SCR3310
    -          Middleware:  ActiveClient
    Here is what I have already done:
    -          Imported the following Entrust certificates from http://sspweb.managed.entrust.com/EMSPKIFSSPCACertificateInformation.html into the Domain under the Trusted Root Certification Authorities
    o   Common Policy CA Certificate
    o   Common Policy to EMSPKI trust certificate
    o   Federal Root CA Expires 06/01/2012
    o   Federal SSP CA Expires 05/31/2012
    o   Federal Root CA Expires 05/09/2019
    o   Federal SSP CA Expires 05/08/2019
    -          Added the certificates to the NTAuth store in the Domain
    -          Posted Domain controller certificate (issued by NIST internal CA) in the NTAuth store
    -          Updated my UPN on the domain to match with the Subject Alternative Name on the card “[email protected]
    -          Domain policy pushed down the Entrust certificates and Domain Controller certificate to the client computer
    -          Made PIV Card certificates available to the Windows via ActiveClient middleware
    Am I missing some steps or configuration? 
    Thank you,

    To solve one of the issues related to:
    "The system could not log you on. You cannot use a smart card to log on because smart card login is not supported for your user account. Contact
    your system administrator to ensure that smart card logon is configured for your organization."
    On the client side.
    Ensure that the Certificate is assigned the Client Authentication function.
    You can do this on Internet Explorer:
    Tools -> Internet Options -> Content -> Certificates
    Then select the certificate
    Click the ‘Advanced’ button, this opens the Advanced Options dialog box.
    Under ‘Certificate purposes:’ box check:
    |X| Client Authentication

  • Smart card door locks ?

    Hi
    Doe's anybody know about a door lock system using smart cards (or magnetic stripe cards) which may be programmed with java ?
    Most vendors only sell their door lock with software, useless in my case is I want to programm the smart card my self via internet using normal card readers.
    Thanks
    Marc

    The scenario is, you have a door that requires an authentication. Behind the door is a workstation that is attached to a server/db.
    A user scans or inserts their smart card and the firmware in the reader will prompt the user for their authentication. This can be a biometric or a PIN. The authentication is used for the card's access NOT the door. Once the authentication is successful, the proper identification will be retrieved from the card, probably an ID certificate. The workstation will query the server/db with that ID certificate to see if the person is authorized to this area, and unlock the door. ( I've omitted a few steps to simplify the example )
    I say this because there's nothing to gain deploying that solution in Java. There's no multiple platform issues, and the companies doing it are so financially strapped, that C/C++ on Windows/DOS is easier and cheaper. Also most of the clients want a cheap solution and are running Windows/DOS as well.
    I'm not saying you can't do it in Java, just you won't find many or any clients running the middleware on different platform workstations.

  • Government Smart Card Interoperability Spec

    Hi all,
    I have recently been reading up on standards in smart card systems and specifically Java Card and Global Platform. I was beginning to think that these two standards were enough to create a secure smart card system but now I come across the Government Smart Card Interoperability Specification from NIST...Can anyone briefly tell me what role this spec would play in a multi-app, post-issuance smart card system?
    Thanks in advance,
    Ann

    The GSCIS is a seperate specification that is geared for Government. It's written to use file based cards or Java Cards. There are two portions of the GSCIS spec, card edge, and off card. The off card API's borrows from PCSC. It's not necessary to use PCSC and you can use proprietary libraries.
    The card edge defines APDUs that the off card would use.
    Using GSCIS doesn't replace Global Platform. The defacto standard for governement deployment is Java Cards/Global Platform and GSCIS applets.
    To deploy to the government, the middleware must be able conformant in the sense that it must know how to read a GSCIS applet. This can be done by calling the card edge APDU's or the off card, known as the Basic Service Interface.
    Need more info ?

  • Problem with CertificateRequest when using a smart card

    Hello,
    I have used the ssl debug statement to determine that ssl server is sending a CertificateRequest and a list of CAs. The smart card is opened via a password and I think X509KeyManagerImpl compares the Issuer of the smart card certificates with the server sent CAs. However since the issuer is an intermediate CA and only the root CA is in this list, the smartcard certificates are rejected. I CAN'T have the intermediate CA place in the ssl server list.
    Using SSLConnect (KeyManager, X509TrustManager, null). The KeyManager is using NSS and the TrustManager is using opensc-pkcs11 via SunPKCS11. The OS is Linux, kernel 2.6.35.10-74.fc14.i686.
    The intermediate CA is in the local cert store.
    The application being used is DavMail.
    Am I correct in stating that the the smart card certificates are checked against the server sent CAs?
    Does anyone know how to get Java to use he local cert store to find the intermediate CA and then verify it against the Root CA in the server sent list?

    Placed in wrong forum. Moved it to Security Java Secure Socket Extension (JSSE)

  • RDS Gateway + Smart Card Error [ The specified user name does not exist.]

    I have the following Windows Server 2008 R2 servers:
    addsdc.contoso.com, AD DS Domain Controller for contoso.com
    adcsca.contoso.com, AD CS Enterprise CA, CDPs/AIAs published externally.
    fileserver.contoso.com, RDS Session Host for Administration enabled
    rdsgateway.contoso.com, RDS Gateway enabled
    tmgserver.contoso.com, 'Publishing' rdsgateway.contoso.com but with pass-through authentication
    And the following Windows 7 PCs:
    internalclient.contoso.com
    externalclient.fabrikam.com
    There's no trust between the domains, the external client is completely separate on the internet but the CA certificate for contoso.com has been installed in the trusted Root CA store. All servers have certificates for secure RDP.
    I enrolled for a custom 'Smart Card Authentication' certificate with Client Authentication and Smart Card Logon EKUs from the CA, stored on my new Gemalto smart card using the Microsoft Base Smart Card CSP.
    From internalclient.contoso.com, I can RDP to fileserver.contoso.com
    using the smart card just fine with no certificate errors.
    From externalclient.fabrikam.com, I can RDP to fileserver.contoso.com
    via rdsgateway.contoso.com using a username and password just fine with no certificate errors.
    From externalclient.fabrikam.com, I can RDP to fileserver.contoso.com
    via rdsgateway.contoso.com using the smart card to authenticate to the gateway, and a username and password to authenticate to the end server, just fine.
    BUT from when using a smart card to authenticate to the end server via the gateway, it fails with:
         The specified user name does not exist. Verify the username and try logging in again. If the problem continues, contact your system administrator or technical support. 
    When I move the client into the internal network and try the connection again (still via the RDS Gateway), it works fine - the only thing I can think of is being outside the network and not being able to contact the AD DS DC for Kerberos is causing the issue
    - but I'm pretty sure this is a supported scenario?
    The smart card works fine internally, the subject of the certificate is the user's common name (John Smith) and the only SAN is
    [email protected] which matches the UPN of the user account as it was auto-enrolled.
    Does anyone have any ideas?

    I had a similar issue where I am using a smart card through a Remote Desktop Gateway. I had to disable Network Level Authentication (NLA) on the destination Remote Desktop Server. If anyone has another way around this, I'd appreciate hearing it. I'd prefer
    to use NLA.

  • How to include the user as a recipient of the email generated when a smart card certificate is issued by an Enrollment Agent on behalf of a user.

    How can I add the requester name in the To: field of the email generated when a Smart Card certificate is issued on his behalf.
    I want to address the possibility of someone (Enrollment Agent) issuing a Smart Card certificate on behalf of a user, assign a PIN and use it without the user's knowledge.
    There doesn't seem to be a way in the registry to define a variable to be used in a manner similar to the TitleArg & TitleFormat way of using %1.
    Jamal Saket OSFI Canada

    Hi,
    Thank you for your question.  
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. 
    Thank you for your understanding and support.
    TechNet Subscriber Support
    If you are
    TechNet Subscription
    user and have any feedback on our support quality, please send your feedback
    here.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • How to use Smart Card API's (OCF) in Web Application

    Hi frnds,
    For our new smart card based project, i have few queries,
    1. Can we choose web based application for smart card based projects?
    2. How servlet will communicate with opencard CTListener class?
    3. While the card insertion and remove how the event will be reflet the servlet?
    4. For that is it needed to design the client UI by using Swing?
    5. Without Swing will servlet give all solution for smart card connection and events?
    Rgrds,
    dhaya.

    I am also looking for smart card Authentication using web. Any info really appreciated

  • How to load the .cap file in a Smart Card?

    Dear All,
    Hello..!!
    I am using JCDK 2.2 and have used Eclipse JCDK.
    I have written a simple read/write applet and created a .cap file using Eclipse's Converter Java Card tool.
    What is the next step to be done?
    I have a smart card device and have installed its drivers.
    When do the APDU commands come into picture?
    Expecting help.
    Thanks a lot.
    Regards,
    Suril

    Suril Sarvaiya wrote:
    Hi Shane....
    Thnx a lot....
    I have downloaded GP-Shell 1.4.4
    When I open its application and write any command and press enter ; the app window closes immendiately.
    Can you please help me on this?
    One more thing Shane......
    I'm writig a java class using javax.smartcardio
    I have installed drivers of Omnikey 3021
    but the TerminalFactory is not detecting it?
    Any idea on that?
    Thanks again...
    Regards,
    SurilHi all,
    Is Mr. thread starter has solved his problem?
    I profit this thread to post my question. I'm working with new environment and I have problem loading cap file into my smartcard.
    specification come first :-)
    - My smartcard is said to be JC2.2.1 and GP2.1.1 compatible
    - My code (for testing) is written in Java under eclipse Helios service 2 with JavaCard plugin (for JC2.2.2)
    I compile my code with JDK 1.3 (for compatible version) and using the JC plugin to generate cap file (along with exp and jca).
    My problem is exactly the same as one that was posted in this forum about 2 years ago but is not answered :-)
    [Problem Loading Application to Card |http://forums.oracle.com/forums/thread.jspa?threadID=1749334&tstart=420]
    + I successfully authenticate with smartcard
    + APDU command Install for Load is executed successfully
    + BUT the APDU command LOAD file fails with returned status word is 6424
    For details, I post here my javacard applet code and APDU command executed with my tool:
    package mksAuthSys;
    import javacard.framework.APDU;
    import javacard.framework.Applet;
    import javacard.framework.ISO7816;
    import javacard.framework.ISOException;
    import javacard.framework.OwnerPIN;
    public class Jcardlet extends Applet {
         private final static byte[] myPIN = { (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04};
         final static byte Jcardlet_CLA =(byte)0xB0;
         final static byte VERIFY = (byte) 0x20;
         final static byte PIN_TRY_LIMIT =(byte)0x03;
         final static byte MAX_PIN_SIZE =(byte)0x08;
         final static short SW_VERIFICATION_FAILED = 0x6300;
         OwnerPIN pin;
         private Jcardlet() {
              pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
              pin.update(myPIN, (byte) 0, (byte) 4 );
             register();
         public static void install(byte bArray[], short bOffset, byte bLength)
                   throws ISOException {
              new Jcardlet().register();
         public boolean select() {
              if ( pin.getTriesRemaining() == 0 ) return false;
             return true;     
         public void deselect(){
              pin.reset();
         //@Override
         public void process(APDU apdu) throws ISOException {
              // TODO Auto-generated method stub
              byte[] buffer = apdu.getBuffer();
              if ((buffer[ISO7816.OFFSET_CLA] == 0) &&
                      (buffer[ISO7816.OFFSET_INS] == (byte)(0xA4))) return;          
              if (buffer[ISO7816.OFFSET_CLA] != Jcardlet_CLA)
                    ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);          
              switch (buffer[ISO7816.OFFSET_INS]) {
               case VERIFY: verify(apdu);
                 return;
               default: ISOException.throwIt (ISO7816.SW_INS_NOT_SUPPORTED);
         private void verify(APDU apdu) {
              // TODO Auto-generated method stub
             byte[] buffer = apdu.getBuffer();
             // retrieve the PIN data for validation.
             byte byteRead = (byte)(apdu.setIncomingAndReceive());
             // check pin
             // the PIN data is read into the APDU buffer
             // at the offset ISO7816.OFFSET_CDATA
             // the PIN data length = byteRead
             if ( pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead) == false )
               ISOException.throwIt(SW_VERIFICATION_FAILED);          
    }And my APDU command:
    Loading "D:\mksAuthSys.cap" ...
    T - 80F28000024F00
    C - 08A000000003000000079E9000
    ISD AID : A000000003000000
    T - 80E602001508F23412345610000008A00000000300000000000000
    C - 009000
    T - 80E80000C8C482018B010012DECAFFED010204000108F23412345610000002001F0012001F000C001500420012009D0011001C0000009F00020001000402010004001502030107A0000000620101000107A000000062000103000C0108F234123456100001002306001200800301000104040000003DFFFF0030004507009D000510188C0003188F00013D0610088C00028700AD007B000403078B0005188B00067A02308F00073D8C00088B00067A0110AD008B00096104037804780110AD008B000A7A0221198B000B2D1A0300
    C - 6424
    Stopped loading due to unexpected status words.Urgently look forward to hearing from you.
    Thanks a bunch in advance
    Best Regards,
    JDL

  • Remote desktop and smart cards

    I frequently work from home using my mac to access my windows based desktop at the office. I use the microsoft remote desktop v. 1.0.3. for MAC. Now that my agency is moving to smart card identification requirements for access I need to be able to use the smart card at home to sign onto the office desktop.
    The RDC for MAC does not have an option for smart card readers (as opposed to the RDC for windows version). Is there alternative software that would be simple to install on my MAC (I am not an IT sophisticate) that will give me smart card access?

    Microsoft Remote Desktop Connection (RDC) for Mac and Apple Remote Desktop (ARD) are two completely different tools with marginally similar capabilities. Unfortunately, as you've already discovered, neither offers Smart Card capabilities to allow you to authenticate to your Windows computer at work.
    If your Mac is an Intel Mac then you could probably run Windows using Parallels or Boot Camp on your home computer and use the Windows RDC client to make your connection. I don't suggest trying to use VirtualPC if you have a PowerPC Mac simply because your Smart Card reader will most likely be USB and VirtualPC has a bad track record with USB devices.
    Hope this helps!
    bill
      Mac OS X (10.4.10)   1 GHz Powerbook G4

Maybe you are looking for