cryptovision SCinterface VSC
NEW: Cryptovision SCinterface integrates credentials from smartcards, tokens, remote tokens and virtual smartcards into common IT environments. Cryptovision SCinterface supports more than 100 different chip types, operating systems and profiles in different form factors. Useful features include configurable PIN caching, biometry, and PACE support.
Anyone who logs on to a computer usually uses a password in addition to the user name – this is an insecure method. Alternatively, a two-factor authentication is recommended – for example, using a smartcard or a security token and a corresponding PIN. Smartcards have proven themselves for decades – whether as bank cards or in the form of electronic ID cards , but also through more recent evolutionary steps as virtual or remote credentials.
The success of such a project depends on the software used to address the credential – the middleware. In today‘s heterogeneous IT world, a middleware must not be limited to one chip type or a specific operating system. Instead, it should be platform independent and support as many applications as possible. In addition, standardized protocols and high-quality cryptographic procedures should be used. Cryptovision SCinterface is a powerful middleware that enables the use of credentials in a wide variety of security devices. Cryptovision SCinterface supports all relevant interfaces on all major platforms: Microsoft CSP and Minidriver (for Windows), Apple Crypto Token Driver (for macOS) and PKCS#11 (for Linux derivatives, Windows and macOS). As more than 100 different chip types, operating systems and profiles can be connected in different form factors, cryptovision SCinterface prevents dependency on a specific manufacturer and offers unrivalled independence. With RSA and ECC algorithms, cryptovision SCinterface supports procedures recommended by IT security authorities worldwide. Product features such as platform independence, a modular architecture, the implementation of all major standards, support for (Microsoft) Virtual Smart Card and biometrics make cryptovision SCinterface one of the most diverse and innovative solutions of its kind.
What is a middleware?
An identity check (authentication) is necessary for operating system login, VPN access and similar purposes. Passwords are still mostly used for this purpose, although they are neither secure nor user-friendly. An alternative is a security token with PIN or biometrics. A security token can generate, import or contain a secret key that can be used as a password alternative and others that are suitable for encryption and digital signing. To use a security token on a PC, middleware is mandatory. This is a software component that connects a credential with an application. The core of a middleware is a driver that provides a crypto interface to the application and maps this to elementary commands for the security token.
Since users often want to use the same security token on different platforms, a middleware must support different operating systems. In addition, there are dozens of types of security tokens, each with a different file structure, and different crypto-interfaces that must be operated.
Which crypto interfaces are supported?
The most important crypto interface is PKCS#11, which is manufacturer independent and supports Firefox, HCL Notes, Adobe Reader and Linux-based operating systems, among others. Microsoft has created its own interfaces for the same purpose: first the Microsoft Cryptographic API (MS-CAPI) for Windows 2000 and XP, and from Vista onwards the successor CNG (Cryptography API Next Generation). CNG provides in particular for so-called Smart Card Minidrivers – modules that enable easy addressing of smart cards through downloadable connectors. For macOS there is the CryptoTokenKit (CTK) Framework including the corresponding drivers (Crypto Token Driver). Cryptovision SCinterface supports all of these: PKCS#11, MS-CAPI and CNG (along with the Smart Card Minidrivers) as well as the CryptoTokenKit (including the Crypto Token Driver).
What applications can I realize with SCinterface?
Among other things, SCinterface supports the following applications:
- disk encryption
- WWW login
- system login
- VPN login
- secure WiFi
- secure e-mail
- document encryption and signature
What cards and tokens are supported?
- AET: AET profile
- ATOS CardOS: M4.01A / V4.2 / V4.2B / V4.2C / V4.3 / V4.3B / V4.4 / V5.0 / V5.3 / V5.4 / V5.5
- AustriaCard JCOP: 21 V2.2 / 21 V2.3.1 / 31 V2.2 / 31 V2.3.1 / 31/72 V2.3.1 / 31 / 72 V2.3.1 contactless / 41 V2.2.1 / 41 V2.3.1 / 41 V2.4
- D-Trust: D-Trust Card 3.1 / 3.4 / 4.1 / 4.4 (siegel card)
- E.ON: Card V1 / V2
- ePasslet-Suite 1.1/1.2 on JCOP V2.4.1R3 and on JCOP V2.4.1R3 with PACE Profile
- ePasslet-Suite 2.0 on JCOP V2.4.2R3 with PACE Profile
- ePasslet Suite 2.1 on JCOP V2.4.2R3 with PACE Profile
- ePasslet Suite 3.0 on JCOP V3.0 and on G&D Sm@rtCafé Expert 7.0 and on Infineon SLJ52 (Dolphin) with PACE Profile
- ePasslet Suite 3.5 on JCOP V4.0 and on Infineon Secora ID X with PACE profile
- Gemalto: TOP IM GX4, IDClassic 340
- G&D: Sm@rtCafé Expert 3.1 / 3.2 / 4.0 / 5.0 / 6.0 / 7.0
- G&D: STARCOS 3.0 / 3.1 / 3.2 / 3.4 / 3.4 (Swiss Health Card eGK) / 3.4 (Swiss Health Card VKplus G2) / 3.5 / 3.52
- G&D: StarSign CUT S Token (SCE 7.0)
- HID: Crescendo C700
- HID: iCLASS Px G8H
- Infineon: JCLX80 jTOP / SLJ52 (Dolphin/Trusted Logic), Secora
- MaskTech MTCOS Pro 2.5 with PACE (BSI TR-03110), EC and RSA, including “profile protection” (ISO 7816/15) via PACE-CAN
- Microsoft: Virtual Smart Card
- NXP: JCOP V 2.1 / V2.2 / V2.2.1 IDptoken 200 / V2.3.1 / V2.4 / V2.4.1 / V2.4.2 R1+R2+R3 / V2.4.2 R3 SCP 03 / V3.0 / V4.0
- Siemens: CardOS M4.01a / V4.3B / V4.4
- SwissSign: suisseID (CardOS M4.3B / M4.4)
- TCOS: Signature Card 1.0 / 2.0
- TU Dortmund: UniCard (SECCOS)
- Volkswagen: PKI Card (CardOS M4.3B /4.4)
Does SCinterface support Microsoft Virtual Smart Card (VSC)?
Virtual Smart Card (VSC) is a technology that enables the use of the Trusted Platform Module (TPM) for key storage via a smart-card-type interface. VSC was originally introduced by Microsoft, but the Micosoft implementation will be discontinued in the near future. SCinterface not only supports the Microsoft VSC but also features a VSC solution of its own (available in the product version SCinterface VSC), which is fully compatible and provides additional functionality. This means that with SCinterface not only cards and tokens can be used for storing keys, but also a Trusted Platform Module (TPM).
- Windows 8.1, 10
- Windows Server 2012 R2, 2016, 2019 (32/64 bit)
- RHEL 6, 7, 8
- Ubuntu 16.04 / 18.04 / 20.04
- SLES 12/15, SLED 12/15
- Mojave (10.14)
- Catalina (10.15)
- Big Sur (11)
MODULES, BASICS, KEY FEATURES, COMPARISONS
- SCinterface manager: Provides all necessary management functions: initialization, profiling, PIN management and key generation.
- SCinterface utility: Provides card/token management functions typically needed by users (e.g., PIN change, fingerprint enrollment).
- Register Tool: Registers the stored digital certificates in the Windows operating system.
- CSP Module: Provides a Cryptographic Service Provider (CSP) for the Microsoft Crypto API on Windows.
- Smart Card Minidriver: Serves the Cryptographic API Next Generation of Windows.
- PKCS#11 Module: Serves the PKCS#11 interface (e.g. for Linux derivatives, macOS and numerous application programs). Card management systems use the PKCS#11 interface for initialization and personalization.
- Crypto Token Driver: Serves the CTK framework of macOS.
SCinterface is advanced smart credential middleware ideal for customers demanding a high security level without compromising flexibility. The flexibility SCinterface delivers allows for a single token to become a multipurpose device. SCinterface makes it easy to consolidate physical access with payment applications, secure website access, and digital form signing.
SCinterface supports „Siegel“ tokens and signature cards compliant with the European digital signature regulation, eIDAS.
SCinterface is available for Microsoft Windows, Linux, and macOS. A user can use the same smart card on different platforms.
Smart Card Types
SCinterface supports more than 90 card/token types and profiles, including the latest Java Card generations and cards supplied by Atos, Infineon, NXP, Gemalto, G&D, Siemens, and Austria Card. All common smart card form factors are supported.
The functionality of SCinterface can be extended with a plug-in that informs the user about soon-to-expire certificates and with another plug-in that automatically imports root certificates stored on the smart card.
Via add-ons (available in a convenience kit), SCinterface supports match-on-Card fingerprint authentication (SCinterface biometric) as well as secure PIN caching (SCinterface Cache).
Microsoft Virtual Smart Card
SCinterface supports Microsoft Virtual Smart Card (MS VSC), including initialization and personalization processes. Thus, SCinterface enables the use of existing infrastructure in the case of a (partial) migration to MS VSC.
SCinterface interoperates with virtually every application program on the market (e.g. Edge, Firefox, Outlook), supporting all major crypto interfaces: PKCS#11, CSP, Minidriver, and CTK.
Government eID projects with millions of cards issued require coverage of all common platforms for broad user acceptance. SCinterface covers all major operating systems and supports modern security protocol standards like PACE.
- Microsoft Virtual Smart Card (MS VSC) support, including initialization and personalization processes
- Support of an SCinterface-specific VSC extension, compatible with the Microsoft solution
- Virtual Desktop Infrastructure support
- Apple Crypto Token Driver
- Password Authenticated Connection Establishment (PACE)
- eIDAS-compliant „Siegel“ tokens
- Biometry (biometry edition)
- PIV support (PIV edition)
- Advanced signature profile
- Elliptic Curve Cryptography (ECC)
- Localization support via language files
- User-friendly and convenient