May 22, 2008

SMART CARD FORUM 2008

Philippe Inserra

Central Europe Regional Manager

Philippe.Inserra@gemalto.com

Nicolas Girardin

European Strategic Alliance Manager

Nicolas.Girardin@Gemalto.com

Agenda

Gemalto company introduction1

Strong Authentication2

Gemalto .NET solution3

Gemalto worldwide: a global footprint to better

serve our customers €1.7 billion revenue 2006

Innovation investment:

11 R&D sites worldwide

1,300 engineers

Global footprint:

23 production sites

36 personalization centers

100 sales & marketing offices

Experienced team:

10,000 employees

90 nationalities

40 countries

Gemalto's secure, easy-to use solutions

Secure personal devices portable devices that securely store

applications and information specific

to the end-user:

– Microprocessor cards: e.g. wireless

SIM cards, EMV banking cards etc.

– e-passports, e-healthcare and

e-ID cards, driving licenses etc

Interfaces, readers, chipsets,

tokens, USB dongles and OTP devices

Software & services: Software, and server-based solutions

Services: personalization, data

management, file treatment,

post-issuance, packaging

Consulting, integration, project

management, training and support

Agenda

Gemalto company introduction1

Strong Authentication2

Gemalto .NET solution3

What is it exactly?

Smart-card

based user

authentication

devices

Token

Authentication

and customer

care server

Server

Self-service

user care portal

& browser plug-

in

User

3rd Party

solution/software

agents

Agent

Agents

Tokens

Server

Portal

A complete end-to-end solution

Tokens Server

UserAgents

What is the role of the Smart Card?

Hosts the application

Hosts the secret keys

Computes and generates the

one-time password (OTP)

Value added services Evolution to PKI

Email & file encryption

Digital signature

Smart logon

Connected mode

Connected Mode

Unconnected Mode

Token Options

Agenda

Gemalto company introduction1

Gemalto .NET solution3

Strong Authentication

Strong Authentication2

1010

2005

2001

2000

1996

Début du support

PC/SC CryptoAPI

CSPs Axalto & Gemplus

livrés avec Windows

2000 (OOB W98,Me,

NT4)

CSPs Axalto & Gemplus

livrés avec Windows XP

32- & 64-bit

Microsoft définit la nouvelle

architecture CSP & minidrivers

pour Windows Vista

2007

2002

Le minidriver Gemalto .NET est livré

avec Windows Vista & Windows

Update pour Windows 2000, XP &

Server 2003

Microsoft déploie la

carte Gemalto .NET

comme badge

d'entreprise

Gemalto et Microsoft

Gemalto livre à MSFT le

minidriver de la carte .NET pour

inclusion sous Vista

Gemalto commence le

développement d'une carte à

puce basée sur le framework

.NET

.net smart cards in different form factors

Badge

ISO form

OTP reader

USB device

USB (SIM form)

With OTP display

With Flash disk

– 1 / 2 Gb

– hardware based AES 256-bits encryption

Gemalto solutions for Microsoft Security

Platform

Strong Authentication

for desktop

Digital signature for Office files & encryption

for Outlook email

Card management & personalization

services

Client & Server OS

Right Management ServicesFederated Services

Smart card technology to

obtain RMS licensing

Confidential information protected

with encryption

Secure Identity Federation &

Application SS0 with smart cards

Strong authentication for network logon

Edge

Microsoft Windows Smart Card Framework

Microsoft Base Smart Card CSP vs. Vendor-Specific Monolithic CSP

(i.e., Smart Card Logon)

CAPI-based Crypto

Application

(i.e., Secure Email)

Microsoft Smart Card Base Cryptographic Service Provider(BaseCSP.DLL)

WinSCard API

(WinSCard.DLL)

Smart Card Resource Manager

Gemalto .NET 2.0

Smart Card Minidriver

Other Base CSP compliant

Smart Card Minidriver

Vendor-Specific CSP

Any CAPI-based

Crypto Application

Smart Card #1 Smart Card #3Gemalto .NET 2.0 Smart Card

CAPI-based Crypto

Application

The new Windows Smart Card Frameworkreplaces the traditional monolithic architecture for Smart Card Cryptographic Services.

The WSCF defines a Base Crypto Service Provider as a common interface for all WSCF compliant smart cards.

SC Vendors shall no longer provide a full blown proprietary middleware to support their smart cards on Windows OSs.

SC Vendors now shall only provide a small footprint dll, called smart card minidriver, to communicate with the Base CSP.

For Windows 2000, XP & Server 2003, The Smart Card Base CSP is an optional component available for download via Windows Update (KB909520).

The Gemalto .NET Minidriver (axaltoCM.dll) is included in the downloadable package.

On Windows Vista the Smart Card Crypto Service Provider is called Smart Card Key Storage Provider (KSP), and it is a core component of the OS.

The Gemalto .NET Minidriver is also a native component in Vista.

LE

VE

L O

F S

EC

UR

ITY

DEPLOYMENT COMPLEXITY & COST

Username

and Static

Password

3 factor

Authentication

OTP oncard assembly

+ Gemalto SA Server

2 step path to Secure Authentication

2 factor

Authentication

PKI Certificates +

MS Base CSP & ILM

REDUCE DEPLOYMENT

COMPLEXITY & COST

- Easy migration from OTP

based to stronger Certificate

based authentication

- Reuse already deployed

Smart Cards or Tokens

15

Gemalto .NET et Microsoft

Plug & Play on Vista

Gemalto services / integration

Expert support at the different project stages

Scope / Project definition

Security Procedure (Workflow, Policies, …)

POC / Pilot

Integration

Operation

Technology domains

Smart card integration

– Profile/Mapping, Application/Assembly/Applet, Contact/Contactless, …)

User Workstation integration

– Reader, middleware , Software (Encryption, Authentication, …)

Infrastructure integration

– ILM/CLM, PKI, ISA/IAG/Radius for OTP, …

– Issuance station

Microsoft and Gemalto

.net smart card for ILM evaluation kit

.net smart cards

USB card reader

ISO form factor

SIM form factor

OTP reader

Softwares

Resource CD

ILM

http://www.microsoft.com/windowsserver2003/technologies/idm/ilm.mspx

Ask for you evaluation kit ! ( Nicolas.Girardin@Gemalto.com )

Online Resources

Gemalto www.gemalto.com/

.net smart card www.netsolutions.gemalto.com/

Forum: www.netsolutions.gemalto.com/forum

Utilities: www.netsolutions.gemalto.com/utilities.aspx

One Time Password www.protiva.gemalto.com/

SAS Demo Portal: www.strongauthdemo.gemalto.com

Microsoft Gemalto Extranet : www.msxtranet.gemalto.com

MSFT Base SC CSP Download:

http://support.microsoft.com/kb/909520

MSFT ILM:

http://www.microsoft.com/windowsserver2003/technologies/idm

/ilm.mspx

Thank you!