Download - SmartCard Forum 2008 - Gemalto
May 22, 2008
SMART CARD FORUM 2008
Philippe Inserra
Central Europe Regional Manager
Nicolas Girardin
European Strategic Alliance Manager
Agenda
Gemalto company introduction1
Strong Authentication2
Gemalto .NET solution3
Gemalto worldwide: a global footprint to better
serve our customers €1.7 billion revenue 2006
Innovation investment:
11 R&D sites worldwide
1,300 engineers
Global footprint:
23 production sites
36 personalization centers
100 sales & marketing offices
Experienced team:
10,000 employees
90 nationalities
40 countries
Gemalto's secure, easy-to use solutions
Secure personal devices portable devices that securely store
applications and information specific
to the end-user:
– Microprocessor cards: e.g. wireless
SIM cards, EMV banking cards etc.
– e-passports, e-healthcare and
e-ID cards, driving licenses etc
Interfaces, readers, chipsets,
tokens, USB dongles and OTP devices
Software & services: Software, and server-based solutions
Services: personalization, data
management, file treatment,
post-issuance, packaging
Consulting, integration, project
management, training and support
Agenda
Gemalto company introduction1
Strong Authentication2
Gemalto .NET solution3
What is it exactly?
Smart-card
based user
authentication
devices
Token
Authentication
and customer
care server
Server
Self-service
user care portal
& browser plug-
in
User
3rd Party
solution/software
agents
Agent
Agents
Tokens
Server
Portal
A complete end-to-end solution
Tokens Server
UserAgents
What is the role of the Smart Card?
Hosts the application
Hosts the secret keys
Computes and generates the
one-time password (OTP)
Value added services Evolution to PKI
Email & file encryption
Digital signature
Smart logon
Connected mode
Connected Mode
Unconnected Mode
Token Options
Agenda
Gemalto company introduction1
Gemalto .NET solution3
Strong Authentication
Strong Authentication2
1010
2005
2001
2000
1996
Début du support
PC/SC CryptoAPI
CSPs Axalto & Gemplus
livrés avec Windows
2000 (OOB W98,Me,
NT4)
CSPs Axalto & Gemplus
livrés avec Windows XP
32- & 64-bit
Microsoft définit la nouvelle
architecture CSP & minidrivers
pour Windows Vista
2007
2002
Le minidriver Gemalto .NET est livré
avec Windows Vista & Windows
Update pour Windows 2000, XP &
Server 2003
Microsoft déploie la
carte Gemalto .NET
comme badge
d'entreprise
Gemalto et Microsoft
Gemalto livre à MSFT le
minidriver de la carte .NET pour
inclusion sous Vista
Gemalto commence le
développement d'une carte à
puce basée sur le framework
.NET
.net smart cards in different form factors
Badge
ISO form
OTP reader
USB device
USB (SIM form)
With OTP display
With Flash disk
– 1 / 2 Gb
– hardware based AES 256-bits encryption
Gemalto solutions for Microsoft Security
Platform
Strong Authentication
for desktop
Digital signature for Office files & encryption
for Outlook email
Card management & personalization
services
Client & Server OS
Right Management ServicesFederated Services
Smart card technology to
obtain RMS licensing
Confidential information protected
with encryption
Secure Identity Federation &
Application SS0 with smart cards
Strong authentication for network logon
Edge
Microsoft Windows Smart Card Framework
Microsoft Base Smart Card CSP vs. Vendor-Specific Monolithic CSP
(i.e., Smart Card Logon)
CAPI-based Crypto
Application
(i.e., Secure Email)
Microsoft Smart Card Base Cryptographic Service Provider(BaseCSP.DLL)
WinSCard API
(WinSCard.DLL)
Smart Card Resource Manager
Gemalto .NET 2.0
Smart Card Minidriver
Other Base CSP compliant
Smart Card Minidriver
Vendor-Specific CSP
Any CAPI-based
Crypto Application
Smart Card #1 Smart Card #3Gemalto .NET 2.0 Smart Card
CAPI-based Crypto
Application
The new Windows Smart Card Frameworkreplaces the traditional monolithic architecture for Smart Card Cryptographic Services.
The WSCF defines a Base Crypto Service Provider as a common interface for all WSCF compliant smart cards.
SC Vendors shall no longer provide a full blown proprietary middleware to support their smart cards on Windows OSs.
SC Vendors now shall only provide a small footprint dll, called smart card minidriver, to communicate with the Base CSP.
For Windows 2000, XP & Server 2003, The Smart Card Base CSP is an optional component available for download via Windows Update (KB909520).
The Gemalto .NET Minidriver (axaltoCM.dll) is included in the downloadable package.
On Windows Vista the Smart Card Crypto Service Provider is called Smart Card Key Storage Provider (KSP), and it is a core component of the OS.
The Gemalto .NET Minidriver is also a native component in Vista.
LE
VE
L O
F S
EC
UR
ITY
DEPLOYMENT COMPLEXITY & COST
Username
and Static
Password
3 factor
Authentication
OTP oncard assembly
+ Gemalto SA Server
2 step path to Secure Authentication
2 factor
Authentication
PKI Certificates +
MS Base CSP & ILM
REDUCE DEPLOYMENT
COMPLEXITY & COST
- Easy migration from OTP
based to stronger Certificate
based authentication
- Reuse already deployed
Smart Cards or Tokens
15
Gemalto .NET et Microsoft
Plug & Play on Vista
Gemalto services / integration
Expert support at the different project stages
Scope / Project definition
Security Procedure (Workflow, Policies, …)
POC / Pilot
Integration
Operation
Technology domains
Smart card integration
– Profile/Mapping, Application/Assembly/Applet, Contact/Contactless, …)
User Workstation integration
– Reader, middleware , Software (Encryption, Authentication, …)
Infrastructure integration
– ILM/CLM, PKI, ISA/IAG/Radius for OTP, …
– Issuance station
Microsoft and Gemalto
.net smart card for ILM evaluation kit
.net smart cards
USB card reader
ISO form factor
SIM form factor
OTP reader
Softwares
Resource CD
ILM
http://www.microsoft.com/windowsserver2003/technologies/idm/ilm.mspx
Ask for you evaluation kit ! ( [email protected] )
Online Resources
Gemalto www.gemalto.com/
.net smart card www.netsolutions.gemalto.com/
Forum: www.netsolutions.gemalto.com/forum
Utilities: www.netsolutions.gemalto.com/utilities.aspx
One Time Password www.protiva.gemalto.com/
SAS Demo Portal: www.strongauthdemo.gemalto.com
Microsoft Gemalto Extranet : www.msxtranet.gemalto.com
MSFT Base SC CSP Download:
http://support.microsoft.com/kb/909520
MSFT ILM:
http://www.microsoft.com/windowsserver2003/technologies/idm
/ilm.mspx
Thank you!