Certificate Authentication
The smartcards discussed here can hold digital certificates (x.509) and corresponding private keys. The private key cannot be read from the card, but it can be used by the card itself for signing and decryption of data.
Ths enables use of what is known as two-factor authentication: the user not only possesses the smartcard, he or she can also prove the knowledge of the smartcard PIN by signing data using the private key stored on the smartcard.
Smartcard Readers
Smartcards are accessed via smartcard readers, using either a contact or contactless interface. The IGEL Third Party Database lists the readers that are supported by the Linux firmware.
PC/SC Resource Manager
The PC/SC Resource Manager is a common Application Programming Interface (API) that is available on Windows and Linux operating systems. It provides a standardized way for applications to handle smartcards and readers.
The PC/SC Resource Manager is active by default in the Linux-based firmware and can be controlled via the Activate PC/SC Daemon parameter on IGEL Setup > Devices > Smartcard > PC/SC or IGEL Setup > Security > Smartcard > PC/SC or IGEL Setup > Security > Smartcard > Services (depending on the firmware version).
Smartcard Middleware
In order to provide a generalized interface to different types of smartcard hardware there is an additional software layer called smartcard middleware.
There are different types of middleware:
| Windows | Linux |
CSP, Cryptographic Service Provider | ✓ | |
PKCS#11, Public-Key Cryptographic Standards | ✓ | ✓ |
Some of the smartcard authentication methods require smartcard middleware to be installed on the thin client. The following modules are available as of IGEL Linux 10.04.100:
_____