cryptovision SCinterface
Cryptovision SCinterface integrates credentials from smartcards, tokens, remote tokens and virtual smartcards into common IT environments
The cryptovision SCinterface middleware provides a robust solution that is platform-independent and supports over 100 different chip types, operating systems and profiles. Additionally, it employs standardized protocols and high-quality cryptographic procedures. With RSA and ECC algorithms, cryptovision SCinterface supports procedures recommended by IT security authorities worldwide, facilitating the utilization of credentials across a wide variety of security devices.
Supported crypto interfaces:
- Microsoft CSP and Minidriver (for Windows)
- Apple Crypto Token Driver (for macOS)
- PKCS#11 (for Linux derivatives, Windows and macOS)
Unrivaled flexibility
SCinterface supports more than 100 different chip types, operating systems and profiles in different form factors
cryptovision SCinterface Extensions
The SCinterface extensions extend the functionality of the tried-and-tested middleware specifically for modern usage scenarios. Whether virtual, remote, mobile or with single sign-on – each extension offers smart solutions for maximum security and efficiency.
SCinterface VSC enables a smooth transition from physical smartcards to TPM-based virtual smartcards. With strong two-factor authentication, flexible operating modes and broad compatibility, SCinterface VSC offers a future-proof solution for modern IT security requirements.
SCinterface Remote replaces physical smartcards with centrally stored keys in the HSM-based backend. This gives users secure access, signature and encryption functions – without the need for a card. Ideal for modern IT environments with centralized key management and low administrative effort.
SCinterface Cache accelerates PKI-based authentication with secure PIN caching for single sign-on. A single entry eliminates the need for repeated PIN entry for web logins, VPN, data decryption and more. Efficient, easy to use and fully integrated into the SCinterface platform.
SCinterface Mobile turns smartphones and tablets into secure smart card alternatives. Cryptographic keys are stored directly on the mobile device and connected to the desktop via BLE – without the need for a card reader. Maximum security, easy handling and lower costs: the mobile future of authentication.
PRODUCT ARCHITECTURE
Supported systems
- Windows 11
- Windows Server 2016, 2019, 2022
- RHEL 8, 9
- Ubuntu 24.04
- SLES/SLED 15
- Sonoma (14.7.2)
- Sequoia (15)
- Tahoe (26)
Product Sheet
Technical Data Sheet
Whitepaper
MODULES, BASICS, KEY FEATURES, COMPARISONS
-
- SCinterface manager: Provides all necessary management functions: initialization, profiling, PIN management and key generation.
- SCinterface utility: Provides card/token management functions typically needed by users (e.g., PIN change, fingerprint enrollment).
- Register Tool: Registers the stored digital certificates in the Windows operating system.
- CSP Module: Provides a Cryptographic Service Provider (CSP) for the Microsoft Crypto API on Windows.
- Smart Card Minidriver: Serves the Cryptographic API Next Generation of Windows.
- PKCS#11 Module: Serves the PKCS#11 interface (e.g. for Linux derivatives, macOS and numerous application programs). Card management systems use the PKCS#11 interface for initialization and personalization.
- Crypto Token Driver: Serves the CTK framework of macOS.
SCinterface is advanced smart credential middleware ideal for customers demanding a high security level without compromising flexibility. The flexibility SCinterface delivers allows for a single token to become a multipurpose device. SCinterface makes it easy to consolidate physical access with payment applications, secure website access, and digital form signing.
eIDAS compliance
SCinterface supports „Siegel“ tokens and signature cards compliant with the European digital signature regulation, eIDAS.
Platforms
SCinterface is available for Microsoft Windows, Linux, and macOS. A user can use the same smart card on different platforms.
Smart Card Types
SCinterface supports more than 100 card/token types and profiles, including the latest Java Card generations and cards supplied by Eviden, Infineon, NXP, Gemalto, G&D, Siemens, and Austria Card. All common smart card form factors are supported.
Plug-ins
The functionality of SCinterface can be extended with a plug-in that informs the user about soon-to-expire certificates and with another plug-in that automatically imports root certificates stored on the smart card.
Convenience Kit
Via add-ons (available in a convenience kit), SCinterface supports match-on-Card fingerprint authentication (SCinterface biometric), VSC support (SCinterface VSC), as well as secure PIN caching (SCinterface Cache).
Microsoft Virtual Smart Card
SCinterface supports Microsoft Virtual Smart Card (MS VSC), including initialization and personalization processes. Thus, SCinterface enables the use of existing infrastructure in the case of a (partial) migration to MS VSC.
Crypto Interfaces
SCinterface interoperates with virtually every application program on the market (e.g. Edge, Firefox, Outlook), supporting all major crypto interfaces: PKCS#11, CSP, Minidriver, and CTK.
eID Documents
Government eID projects with millions of cards issued require coverage of all common platforms for broad user acceptance. SCinterface covers all major operating systems and supports modern security protocol standards like PACE.
- Microsoft Virtual Smart Card (MS VSC) support, including initialization and personalization processes
- Support of an SCinterface-specific VSC extension, compatible with the Microsoft solution
- Virtual Desktop Infrastructure support
- Apple Crypto Token Driver
- Password Authenticated Connection Establishment (PACE)
- eIDAS-compliant „Siegel“ tokens
- Biometry (biometry edition)
- PIV support (PIV edition)
- Advanced signature profile
- Elliptic Curve Cryptography (ECC)
- Localization support via language files
- User-friendly and convenient
| Solution | Powered | User engagemet Level | MITMA* | Usage | Security | Secure Lifetime |
| Smart Cards | By their readers | Constant PIN | Safe | Authentication Encryption Signing |
|
Long lifetime |
| OTP Tokens | By their battery (limited) | Different data entry for each login | Vulnerable | Authentication |
|
|
| Passwords | Constant credential | Vulnerable | Authentication Encryption |
|
Changed frequently for security |
*MITMA: Man in the middle attack
References
FAQ
What is a middleware?
Since users often want to use the same security token on different platforms, a middleware must support different operating systems. In addition, there are dozens of types of security tokens, each with a different file structure, and different crypto-interfaces that must be operated.
Which crypto interfaces are supported?
For which use cases can SCinterface be applied?
- disk encryption
- eID
- WWW login
- system login
- VPN login
- secure WiFi
- SSO
- secure e-mail
- document encryption and signature
What cards and tokens are supported?
- AET: AET profile
- Eviden CardOS: M4.01A / V4.2 / V4.2B / V4.2C / V4.3 / V4.3B / V4.4 / V5.0 / V5.3 / V5.4 / V5.5 /V6
- AustriaCard JCOP: 21 V2.2 / 21 V2.3.1 / 31 V2.2 / 31 V2.3.1 / 31/72 V2.3.1 / 31 / 72 V2.3.1 contactless / 41 V2.2.1 / 41 V2.3.1 / 41 V2.4
- D-Trust: D-Trust Card 3.1 / 3.4 / 4.1 / 4.4 (siegel card) / 5.1 / 5.4
- E.ON: Card V1 / V2
- ePasslet-Suite 1.1/1.2 on JCOP V2.4.1R3 and on JCOP V2.4.1R3 with PACE Profile
- ePasslet-Suite 2.0 on JCOP V2.4.2R3 with PACE Profile
- ePasslet Suite 2.1 on JCOP V2.4.2R3 with PACE Profile
- ePasslet Suite 3.0 on JCOP V3.0 and on G&D Sm@rtCafé Expert 7.0 and on Infineon SLJ52 (Dolphin) with PACE Profile
- ePasslet Suite 3.5 on JCOP V4.0 and on Infineon Secora ID X with PACE profile
- Gemalto: TOP IM GX4, IDClassic 340
- G&D: Sm@rtCafé Expert 3.1 / 3.2 / 4.0 / 5.0 / 6.0 / 7.0 / 8.0
- G&D: STARCOS 3.0 / 3.1 / 3.2 / 3.4 / 3.4 (Swiss Health Card eGK) / 3.4 (Swiss Health Card VKplus G2) / 3.5 / 3.52
- G&D: StarSign CUT S Token (SCE 7.0)
- HID: Crescendo C700
- HID: iCLASS Px G8H
- Infineon: JCLX80 jTOP / SLJ52 (Dolphin/Trusted Logic), Secora
- MaskTech MTCOS Pro 2.5 with PACE (BSI TR-03110), EC and RSA, including “profile protection” (ISO 7816/15) via PACE-CAN
- Microsoft: Virtual Smart Card
- NXP: JCOP V 2.1 / V2.2 / V2.2.1 IDptoken 200 / V2.3.1 / V2.4 / V2.4.1 / V2.4.2 R1+R2+R3 / V2.4.2 R3 SCP 03 / V3.0 / V4.0 /V4.5
- Siemens: CardOS M4.01a / V4.3B / V4.4
- SwissSign: suisseID (CardOS M4.3B / M4.4)
- TCOS: Signature Card 1.0 / 2.0
- TU Dortmund: UniCard (SECCOS)
- Volkswagen: PKI Card (CardOS M4.3B /4.4)