Sophos SafeGuard - Token and Smartcard Support in SafeGuard Enterprise /SafeGuard Easy 5.60.x / 6.00.x

  • ID dell'articolo: 112781
  • Aggiornato: 11 apr 2014

Issue
Token and Smartcard Support in SafeGuard Enterprise /SafeGuard Easy 5.60.x / 6.00.x

Known to apply to the following Sophos product(s)

SafeGuard Easy 5.60.1
SafeGuard Easy 5.60.0
SafeGuard  Device Encryption 6.00.1
SafeGuard Device Encryption 6.0
SafeGuard Device Encryption 5.60.1
SafeGuard Device Encryption 5.60.0

For information about Smartcard and Token Support in SafeGuard 6.10 follow this link: KBA120506 


 

 

Smartcard Middleware tested in SafeGuard Device Encryption

Vendor

Middleware

Version

Windows
XP

Windows Vista

  Windows 7  

32bit

32bit

 64bit

 32bit

64bit 

ActiveIdentity

ActivClient PKI

6.2

x

x

x

x

x


ActivClient (PIV) 6.2

x

-

-

x

x

AET

SafeSign

3.0.45

x

x

x

x

x

Aladdin /SafeNet

Authentication Client

8.0 SP2

x

x

x

x

x

A-Trust

a.sign client

1.2.7.0

x

-

-

-

-

Charismathics Smart Security Interface 4.8.1

x

x

x

x

x

Estonian ID card <multiple> -

x

-

-

-

-

Gemalto .NET 2.1.3.1

x

x

x

x

x

Gemalto Access Client 5.6.4

x

x

x

x

x

Gemalto Classic Client 6.0

x

x

-

-

-

RSA Authentication Client
3.5.5

x

x**

x**

x

x

Atos / Siemens CardOS API 5.0

x

x

x

x

x

T-Systems NetKey 3.0

1.6.0.10 *

x

-

-

x

x

Unizeto proCertum 3.0.0.119

x

x

x

x

x

Please note: SafeGuard Easy only supports the non-cryptographic logon mode (user credentials stored on the token/smartcard) to perform an authentication to the system. The highlighted token/smartcard middleware cannot be used in combination with SafeGuard Easy but with SafeGuard Enterprise only.

* CSP Minidriver 1.6.0.10 + PKCS#11 module 1.3.0.4

** Supposed to work on Windows Vista but not explicitly tested.

  

Supported Smartcard Readers
Readers tested in SafeGuard Device Encryption Power-on Authentication (POA)
The smartcard readers below were tested by QualityAssurance (current and/or previous versions).
USB-CCID readers are supported on USB 1.x, USB 2.0 and on standard USB 3.0 ports, which are backward compatible according to the specification
 

Supported Smartcard Readers

Manufacturer

Card Reader

Interface

Comment

ACS

ACR 38U-CCID 

USB-CCID 

Requires firmware version >= v1.12c

ActiveIdentity

USB Reader 3.0 

USB-CCID

 


PCMCIA Reader

PC Card

SCR 243 OEM 

Broadcom

BCM 5880 

integrated (USB) 

 

Cherry ST-1044U USB-CCID

ST-2000 USB-CCID PIN pad for secure PIN entry is not supported

ST-4044 PC-Card CardMan 4040 OEM

G83-6644

USB-CCID Keyboards; secure PIN entry is not supported

G83-6733 USB-CCID

G83-6744 USB-CCID
Dell RT7D60 USB-CCID Keyboards

SK-3105 USB-CCID
Eutronsec SIM Pocket (incl. combo versions) USB-CCID SIM and standard size cards

Smart Pocket (incl. combo versions) USB-CCID
Fujitsu Siemens Smartcase SCR (USB) USB-CCID a.k.a. "Solo"
Gemalto GemPC Express ExpressCard

GemPC Twin USB-CCID

GemPC Key USB-CCID SIM size

Reflex USB v3 USB-CCID
HP SC Terminal (KUS0133) USB-CCID Keyboard

PC Smart Card Reader PC-Card SCR 243 OEM
Kobil KAAN Base USB-CCID

KAAN Advanced USB-CCID PIN pad for secure PIN entry is not supported
Lenovo Integrated Smart Card Reader integrated (USB) Reader might be replaced by another type - depending on market situation
O2micro Oz711series integrated (CardBus)

Oz776 integrated-CCID
Omnikey CardMan 3021 USB-CCID

CardMan 3121 USB-CCID

CardMan 4040 PC-Card

CardMan 4321 ExpressCard

CardMan 5125 USB-CCID contactless interface is not supported

CardMan 5321 USB-CCID

CardMan 6121 USB-CCID SIM size
Ricoh R/RL/5C476 integrated (CardBus)
SCM SCR 243 PC-Card

SCR 331 USB-ID Requires firmware version 5.18 or higher

SCR 335 USB-CCID

SCR 3310 USB-CCID

SCR 3311 USB-CCID

SCR 3320 USB-CCID SIM size

SCR 3340 ExpressCard

SDI 010 USB-CCID
Texas Instruments PCI 6515a integrated (CardBus) Generic support for PCI xx21 readers

PCI 7621 integrated (CardBus)

Readers supposed to work with SafeGuard Device Encryption Power ON Authentication
The smartcard readers below are integrated in SafeGuard Enterprise / SafeGuard Easy and should work according to vendor compatibility information.

Manufacturer

Card Reader

Interface

Comment

ACS ACR 38T
ACR 38U-BMC

ACR 38F
ACR 38K
ACR 100F
USB-CCID SIM size

ACR 122U
ACR 122T

Contactless interface is not supported
 Alcor Micro  AU9540  Integrated (USB)  as of SGN/SGE version 6.0
Cherry

G81-7040
G81-7043
G81-8040
G81-8043
G83-6610

USB-CCID Keyboards; secure PIN entry is not supported

G83-14200
G83-14400
G83-14600
USB-CID Biometric Keyboards; secure PIN entry and
biometric functions are not supported

ST-1210 USB-CCID

ST-1275 USB-CCID
Eutronsec SIM Reader (incl. combo versions) USB-CCID SIM size
Fujitsu Siemens SmartCase SCR (PC-Card) PC-Card CardMan 4040 OEM

Smartcase SCR (ExpressCard) ExpressCard SCR 3340 OEM
Gemalto Reflex 20 v3 PC-Card SCR 243 OEM
Ricoh R5C835 integrated

R5C853 integrated
SCM SPR 532 USB-CCID

PIN pad for secure PIN entry is not supported

Requires firmware version 5.10 and updated Windows drivers

Vasco DigiPass 905 USB-CCID

Hint: If more than one smartcard reader is present on a client, it is recommended to disable the ones that are not used to avoid unwanted side effects. For internal readers it can be necessary to disable the device in the BIOS.

 

 

Supported Smartcards
Supported Smartcards in SafeGuard Device Encryption Power-on Authentication (POA)

Supported Smartcards

Vendor

Card

Versions

Card Type

Data Format

ActivIdentity

SmartCard 64k

v2 (Oberthur)
v2c (Gemalto)

Java Card

ActivIdentity

AET*

G&D Sm@rtCafe

64k

Java Card

PKCS#15

 

G&D STARCOS SPK

2.3

ISO 7816 

PKCS#15 

 

 

3.0

ISO 7816

PKCS#15  


IBM JCOP 20 Java Card PKCS#15


31 Java Card PKCS#15


41 72k Java Card PKCS#15

Atos CardOS M4.3b ISO 7816 PKCS#15
Charismathics Atos CardOS M4.3b ISO 7816 CSSID
Gemalto .NET V2
V2+
.NET .NET

Cyberflex (Access TPC) 64k
e-gate 32k**
Java Card
Access
Atos / Siemens Atos CardOS M4.3b
M4.4
ISO 7816 PKCS#15
T-Systems TCOS 3.0 ISO 7816 NetKey
Unizeto StarCOS 3.2 ISO 7816 Unizeto

Tested national EID cards

Country/Type

Card

Versions

Card Type

Data Format

Austria*** AustriaCard ACOS 3.01 ISO 7816 A-Trust


4.0 ISO 7816
Estonia**** Orga Micardo V1 ISO 7816


V2 ISO 7816
USA PIV International
Java Card PIV
Smartcards supposed to work with SafeGuard Device Encryption Power ON Authentication
The smartcards below are integrated in SafeGuard Enterprise / SafeGuard Easy and should work according to vendor compatibility information.  

Vendor

Card

Versions

Card Type

Data Format

ActivIdentity

SmartCard 64k

GND (G&D)

Java Card

ActivIdentity

AET*

Aspects OS755

2.8

Java Card

PKCS#15

JC 2.2.1

Java Card

PKCS#15

 


Atmel ATOP36

Java Card

PKCS#15

Athena IDProtect

Java Card


Axalto Cyberflex

Developer

Java Card

PKCS#15

64Kv2

Java Card

PKCS#15

Palmera

Java Card

PKCS#15

64Kv1

Java Card

PKCS#15

Axalto eGate


Java Card

PKCS#15

G&D Sm@rtCafe

Expert 2.0

Java Card

PKCS#15

Expert 3.0

Java Card

PKCS#15

Expert 3.1

Java Card

PKCS#15

Expert 4.0

Java Card

PKCS#15

G&D STARCOS SPK

2.4

ISO 7816

PKCS#15

2.5DI

ISO 7816

PKCS#15

Gemalto GemXpresso

211 PK

Java Card

PKCS#15

Pro R4

Java Card

PKCS#15

Pro R4

Java Card

PKCS#15

Gemplus GemXplore

3G

PKCS#15

HID Crescendo

700

Java Card

PKCS#15

IBM JCOP

21id

Java Card

PKCS#15

21

Java Card

PKCS#15

30

Java Card

PKCS#15

31bio

Java Card

PKCS#15

KEBT KONA21T

Java Card

PKCS#15

Keycorp MULTOS

v4.2 48K

MULTOS

PKCS#15

v4.2 64K

MULTOS

PKCS#15

MartSoft Java Card

Java Card

PKCS#15

NXP JCOP

21

31

41

Oberthur CosmopollC

V4

Java Card

PKCS#15

Oberthur ID-One

Cosmo 32

Java Card

PKCS#15

Cosmo 64

Java Card

PKCS#15

ORGA JCOP

20

Java Card

PKCS#15

21

Java Card

PKCS#15

30

Java Card

PKCS#15

Sagem Orga J-ID Mark

64

Java Card

PKCS#15

Aladdin / Safenet

eToken Smart Card (Java Card)

Java Card

Gemalto

GemXpresso

V1 32k

Java Card

Classic

(Classic TPC)

V1 64k

(GemSafe)

Cryptoflex

32k

ISO 7816

Access

e-gate 32k

ISO 7816

Access


Please note: SafeGuard Easy only supports the non-cryptographic logon mode (user credentials stored on the token/smartcard) to perform an authentication to the system. The highlighted token/smartcard middleware cannot be used in combination with SafeGuard Easy but with SafeGuard Enterprise only.


* Please refer to AET SafeSign documentation for smartcard details (supported Java Card versions, card completions and configuration).

** Smartcard initialization required Gemalto Access Client 5.0

*** Support for A-Trust cards in SafeGuard Enterprise requires cards to be issued by A-Trust with Kerberos Windows logon extensions and installation of A-Trust middleware.

**** Support of Estonian EID cards requires:

   - Standard middleware: OpenSC PKCS#1 version 0.8.3 and the EstEID Card CSP
   - Additional software from JaJa Arendus OU (http://www.jaja.ee) (i.e, its additional ITLogon Csp) and its scripting tool to link the Estonian citizen ID with Active Directory users.

 


Supported USB Tokens

Supported USB Tokens in SafeGuard Device Encryption Power On Authentication (POA)


Supported USB Tokens

Vendor

USB Token

Middleware Supplier

Comment

ActivIdentity

ActivKey SIM

ActivIdentity

 

Aladdin / SafeNet
(CardOS)

eToken Pro
eToken NG-Flash

Aladdin / SafeNet

 


eToken NG-OTP Aladdin / SafeNet OTP function not supported

Aladdin / SafeNet
(Java)

eToken Pro
eToken NG-Flash

Aladdin / SafeNet

eToken NG-OTP Aladdin / SafeNet OTP function not supported
RSA

SecurID 800 REV D1*
Firmware v. 3.00

RSA
OTP function not supported.  
  SecurID 800 REV D1* 
Firmware v. 3.01 
RSA Supported as of SGN/SGE 6.0. OTP function not supported. 
  SecurID 800 REV D2*
Firmware v. 3.01 
RSA Supported as of SGN/SGE 6.0. OTP function not supported.  

  SecurID 800 REV D3*
Firmware v. 3.01 
RSA Supported as of SGN/SGE 6.0. OTP function not supported.  

*Single Sign On (SSO) not supported on Windows XP (hybrid/non-cryptographic logon mode). 

USB-Tokens supposed to work with SafeGuard Device Encryption Power ON Authentication
The smartcards below are integrated in SafeGuard Device Encrption and should work according to vendor compatibility information. 

Vendor

USB Token

Middleware Supplier

Comment

ActivIdentity

ActivKey Display

ActivIdentity

OTP function not supported

Charismathics OTP Sign Charismathics OTP function not supported

plug´n´crypt ID Charismathics
Eutronsec CryptoIdentity ITSEC-I Charismathics

CryptoIdentity ITSEC-P AET

OTP Sign Charismathics OTP function not supported
Gemalto Protiva SA .NET Key
Gemalto (.Net)


Protiva SA SEG
Gemalto (.Net)

Kobil mIDentity Light Atos Includes flash memory
MARX CrypToken AET
RSA
SecurID 800 REV A
RSA
OTP function not supported. Firmware >= 1.33 required.

SecurID 800 REV B
RSA
OTP function not supported

Please Note: The USB Tokens in bold were tested explicitly by Quality Assurance (current and/or in previous versions).

Hint: Using Smartcards/Tokens for authentication at OS level requires the installation of an additional middleware application (see column "Middleware Supplier")

 

Not supported USB Tokens 

These USB Tokens are not supported in the SafeGuard Device Encryption Power On Authentication (POA) 

Not supported USB Tokens 

Vendor

USB Token

Middleware Supplier

Comment

ActivIdentity

ActivKey
(AAK301, AUD200)

ActivIdentity

Not CCID compliant, outdated model types

Aladdin/Safenet eToken R2 Aladdin/Safenet Not CCID compliant, outdated model type

eToken "Anywhere" Aladdin/Safenet eTokens with "Anywhere" attribute,
cannot be used in Power On Authentication
G&D StarKey 100
StarKey 400
AET Not CCID compliant
Gemalto GemPC Combo
Gemalto 

Safenet iKey 1000 
iKey 2032
iKey 3000
iKey 4000
SafeNet, AET
RSA
Smart Key 6100 RSA
Not CCID compliant, outdated model type

Smart Key 6200
RSA
Not CCID compliant, outdated model type

 

Back to Sophos SafeGuard ReleaseNotes landing Page

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti