cryptovision SCinterface
Cryptovision SCinterface integrates credentials from smartcards, tokens, remote tokens and virtual smartcards into common IT environments
With increasing security concerns, using only usernames and passwords for login is no longer considered secure. Better options like smart cards and security tokens provide stronger security measures. Smart cards, extensively used in banking and electronic IDs, demonstrate reliable security technology, with recent improvements like VSC and RSC making them even more effective.
The cryptovision SCinterface middleware provides a robust solution that is platform-independent and supports over 100 different chip types, operating systems and profiles. Additionally, it employs standardized protocols and high-quality cryptographic procedures. With RSA and ECC algorithms, cryptovision SCinterface supports procedures recommended by IT security authorities worldwide, facilitating the utilization of credentials across a wide variety of security devices.
Supported crypto interfaces:
- Microsoft CSP and Minidriver (for Windows)
- Apple Crypto Token Driver (for macOS)
- PKCS#11 (for Linux derivatives, Windows and macOS)
Supports more than 100 different chip types, operating systems and profiles in different form factors.
PRODUCT ARCHITECTURE
Supported systems
Microsoft:
- Windows 8.1, 10, 11
- Windows Server 2012 R2, 2016, 2019 (32/64 bit)
Linux:
- RHEL 6, 7, 8, 9
- Ubuntu 18.04 / 20.04 / 22.04
- SLES 12/15, SLED 12/15
macOS:
-
Monterey (12.7)
-
Ventura (13.6)
-
Sonoma (14)
MODULES, BASICS, KEY FEATURES, COMPARISONS
-
- SCinterface manager: Provides all necessary management functions: initialization, profiling, PIN management and key generation.
- SCinterface utility: Provides card/token management functions typically needed by users (e.g., PIN change, fingerprint enrollment).
- Register Tool: Registers the stored digital certificates in the Windows operating system.
- CSP Module: Provides a Cryptographic Service Provider (CSP) for the Microsoft Crypto API on Windows.
- Smart Card Minidriver: Serves the Cryptographic API Next Generation of Windows.
- PKCS#11 Module: Serves the PKCS#11 interface (e.g. for Linux derivatives, macOS and numerous application programs). Card management systems use the PKCS#11 interface for initialization and personalization.
- Crypto Token Driver: Serves the CTK framework of macOS.
SCinterface
SCinterface is advanced smart credential middleware ideal for customers demanding a high security level without compromising flexibility. The flexibility SCinterface delivers allows for a single token to become a multipurpose device. SCinterface makes it easy to consolidate physical access with payment applications, secure website access, and digital form signing.
eIDAS compliance
SCinterface supports „Siegel“ tokens and signature cards compliant with the European digital signature regulation, eIDAS.
Platforms
SCinterface is available for Microsoft Windows, Linux, and macOS. A user can use the same smart card on different platforms.
Smart Card Types
SCinterface supports more than 100 card/token types and profiles, including the latest Java Card generations and cards supplied by Eviden, Infineon, NXP, Gemalto, G&D, Siemens, and Austria Card. All common smart card form factors are supported.
Plug-ins
The functionality of SCinterface can be extended with a plug-in that informs the user about soon-to-expire certificates and with another plug-in that automatically imports root certificates stored on the smart card.
Convenience Kit
Via add-ons (available in a convenience kit), SCinterface supports match-on-Card fingerprint authentication (SCinterface biometric), VSC support (SCinterface VSC), as well as secure PIN caching (SCinterface Cache).
Microsoft Virtual Smart Card
SCinterface supports Microsoft Virtual Smart Card (MS VSC), including initialization and personalization processes. Thus, SCinterface enables the use of existing infrastructure in the case of a (partial) migration to MS VSC.
Crypto Interfaces
SCinterface interoperates with virtually every application program on the market (e.g. Edge, Firefox, Outlook), supporting all major crypto interfaces: PKCS#11, CSP, Minidriver, and CTK.
eID Documents
Government eID projects with millions of cards issued require coverage of all common platforms for broad user acceptance. SCinterface covers all major operating systems and supports modern security protocol standards like PACE.
- Microsoft Virtual Smart Card (MS VSC) support, including initialization and personalization processes
- Support of an SCinterface-specific VSC extension, compatible with the Microsoft solution
- Virtual Desktop Infrastructure support
- Apple Crypto Token Driver
- Password Authenticated Connection Establishment (PACE)
- eIDAS-compliant „Siegel“ tokens
- Biometry (biometry edition)
- PIV support (PIV edition)
- Advanced signature profile
- Elliptic Curve Cryptography (ECC)
- Localization support via language files
- User-friendly and convenient
Solution | Powered | User engagemet Level | MITMA* | Usage | Security | Secure Lifetime |
Smart Cards | By their readers | Constant PIN | Safe | Authentication Encryption Signing |
|
Long lifetime |
OTP Tokens | By their battery (limited) | Different data entry for each login | Vulnerable | Authentication |
|
|
Passwords | Constant credential | Vulnerable | Authentication Encryption |
|
Changed frequently for security |
*MITMA: Man in the middle attack
FAQ
What is a middleware?
An identity check (authentication) is necessary for operating system login, VPN access and similar purposes. Passwords are still mostly used for this purpose, although they are neither secure nor user-friendly. An alternative is a security token with PIN or biometrics. A security token can generate, import or contain a secret key that can be used as a password alternative and others that are suitable for encryption and digital signing. To use a security token on a PC, middleware is mandatory. This is a software component that connects a credential with an application. The core of a middleware is a driver that provides a crypto interface to the application and maps this to elementary commands for the security token.
Since users often want to use the same security token on different platforms, a middleware must support different operating systems. In addition, there are dozens of types of security tokens, each with a different file structure, and different crypto-interfaces that must be operated.
Which crypto interfaces are supported?
The most important crypto interface is PKCS#11, which is manufacturer independent and supports Firefox, HCL Notes, Adobe Reader and Linux-based operating systems, among others. Microsoft has created its own interfaces for the same purpose: first the Microsoft Cryptographic API (MS-CAPI) for Windows 2000 and XP, and from Vista onwards the successor CNG (Cryptography API Next Generation). CNG provides in particular for so-called Smart Card Minidrivers – modules that enable easy addressing of smart cards through downloadable connectors. For macOS there is the CryptoTokenKit (CTK) Framework including the corresponding drivers (Crypto Token Driver). Cryptovision SCinterface supports all of these: PKCS#11, MS-CAPI and CNG (along with the Smart Card Minidrivers) as well as the CryptoTokenKit (including the Crypto Token Driver).
For which use cases can SCinterface be applied?
Among other things, SCinterface supports the following applications:
- disk encryption
- eID
- WWW login
- system login
- VPN login
- secure WiFi
- SSO
- secure e-mail
- document encryption and signature
What cards and tokens are supported?
- AET: AET profile
- Eviden CardOS: M4.01A / V4.2 / V4.2B / V4.2C / V4.3 / V4.3B / V4.4 / V5.0 / V5.3 / V5.4 / V5.5 /V6
- AustriaCard JCOP: 21 V2.2 / 21 V2.3.1 / 31 V2.2 / 31 V2.3.1 / 31/72 V2.3.1 / 31 / 72 V2.3.1 contactless / 41 V2.2.1 / 41 V2.3.1 / 41 V2.4
- D-Trust: D-Trust Card 3.1 / 3.4 / 4.1 / 4.4 (siegel card)
- E.ON: Card V1 / V2
- ePasslet-Suite 1.1/1.2 on JCOP V2.4.1R3 and on JCOP V2.4.1R3 with PACE Profile
- ePasslet-Suite 2.0 on JCOP V2.4.2R3 with PACE Profile
- ePasslet Suite 2.1 on JCOP V2.4.2R3 with PACE Profile
- ePasslet Suite 3.0 on JCOP V3.0 and on G&D Sm@rtCafé Expert 7.0 and on Infineon SLJ52 (Dolphin) with PACE Profile
- ePasslet Suite 3.5 on JCOP V4.0 and on Infineon Secora ID X with PACE profile
- Gemalto: TOP IM GX4, IDClassic 340
- G&D: Sm@rtCafé Expert 3.1 / 3.2 / 4.0 / 5.0 / 6.0 / 7.0
- G&D: STARCOS 3.0 / 3.1 / 3.2 / 3.4 / 3.4 (Swiss Health Card eGK) / 3.4 (Swiss Health Card VKplus G2) / 3.5 / 3.52
- G&D: StarSign CUT S Token (SCE 7.0)
- HID: Crescendo C700
- HID: iCLASS Px G8H
- Infineon: JCLX80 jTOP / SLJ52 (Dolphin/Trusted Logic), Secora
- MaskTech MTCOS Pro 2.5 with PACE (BSI TR-03110), EC and RSA, including “profile protection” (ISO 7816/15) via PACE-CAN
- Microsoft: Virtual Smart Card
- NXP: JCOP V 2.1 / V2.2 / V2.2.1 IDptoken 200 / V2.3.1 / V2.4 / V2.4.1 / V2.4.2 R1+R2+R3 / V2.4.2 R3 SCP 03 / V3.0 / V4.0 /V4.5
- Siemens: CardOS M4.01a / V4.3B / V4.4
- SwissSign: suisseID (CardOS M4.3B / M4.4)
- TCOS: Signature Card 1.0 / 2.0
- TU Dortmund: UniCard (SECCOS)
- Volkswagen: PKI Card (CardOS M4.3B /4.4)
Does SCinterface support Microsoft Virtual Smart Card (VSC)?
Virtual Smart Card (VSC) is a technology that enables the use of the Trusted Platform Module (TPM) for key storage via a smart-card-type interface. VSC was originally introduced by Microsoft, but the Micosoft implementation will be discontinued in the near future. SCinterface not only supports the Microsoft VSC but also features a VSC solution of its own (available in the product version SCinterface VSC), which is fully compatible and provides additional functionality. This means that with SCinterface not only cards and tokens can be used for storing keys, but also a Trusted Platform Module (TPM).