Discussion:
Minidriver enabled smart cards and PIN caching
(too old to reply)
blaz.malnersic@crea.si
2010-03-24 18:13:02 UTC
Permalink
Hi,

our company is providing Gemalto .NET (Minidriver) to the market as Gemalto
partner in region. We recently got an email from one of the application
developer regarding use of Minidriver smart cards and PIN "caching". The
problem they faced in their application is, that the user is prompted to
enter PIN code for multiple times if the use Minidriver smart card and only
promted once if they use "proprietary" smart card like ActivIdentity
ActivClient (middlware for this card implements own PIN caching mechanism).
Their aim is to use Minidriver card with only one prompt for PIN code.

Here is what they say:
We use .NET framework in Windows 7. User case is as follows:
1. User selects the certificate (standard certificate select window as in IE).
2. XML document is signed with the selected certificate (user is prompted
for PIN).
3. SSL session is established with server - mutual authentication with
selected certificate (user is again prompted for PIN).
4. On next instance of XML document signing, user is again prompted for PIN,
after that everything works as it should - no PIN prompts.

We use following standard .NET functions:
- select certificate:
System.Security.Cryptography.X509Certificates.X509CertificateUI
- sign XML document: System.Security.Cryptography.Xml.SignedXml
- establish SSL: System.Net.Security.SslStream

What change of application is required in order to achieve that user is
prompted for a PIN only once? Can you provide an example or link to relevant
document?

Best regards,

Blaz Malnersic
CREA d.o.o.
Rae
2010-06-02 22:07:02 UTC
Permalink
Blaz,

You could use the SSO feature of the .NET card. .NET V2+ card that has the
minidriver version 7 and later comes with the PIN policy on card, which
includes the SSO feature. When the SSO parameter is enabled, the minidriver
will implement a SSO behavior for VISTA SP1 and later.

For more details, I suggest contacting a Gemalto representative.

Loading...