Authentication By Smart Card - Canon Oce PlotWave 300 Administration Manual

Authentication by Smart card

Authentication by Smart card
Requirements
Introduction
To use the authentication by smart card, the smart card and the smart card reader must comply
with the following requirements:
Requirements for the smart card
The smart card is a PKI card compatible with MS Active Directory Certificates Services.
Compatible smart cards
• Gemalto IDPrime MD and Gemalto IDPrime .NET (formerly Cryptoflex .NET)
• HID Global Corporation: Crescendo MiniDriver (formerly named Crescendo C1150)
Smart card configuration
The smart card embeds:
• The user valid certificates: all the root and intermediate CA certificates used in the certificate
chain.
'DER encoded binary X.509 (.CER)' and 'Base-64 encoded X.509 (.CER)' formats are supported.
• The URL of a revocation server which checks the validity of the user certificate (using 'Online
Certificate Status Protocol').
In case the URL of the revocation server is not embedded into the smart card, you will have to
declare the URL in Océ Express WebTools (in the 'Security' - 'Trusted Certificates' - 'Forced
URL of OCSP responder' setting).
• The PIN of the card, if needed.
Compatible smart card readers
• HID Global Corporation: OMNIKEY 5x2x products
• Identive infrastructure (formerly SCM Microsystems Inc.): SCR33x products
• Gemalto: IDBridge products (formerly GEMPC/GEMPLUS)
• Advanced Card Systems Holdings Limited: ACR1281U product (contact support only)
• HID Global Corporation: OMNIKEY 3x2x products*
* Only for Océ PlotWave 345/365/450/500 and Océ ColorWave 500/700 R4.1 and higher.
Most of the smart card readers which are plug and play compatible with Windows 8 are
compliant.
Additional information
- Contact your Canon representative in case you want to use a smart card or a smart card reader
which is not recorded in the above lists.
- Plug the smart card reader into the USB port (contact your local Canon representative).
- The only network communication performed during authentication with a smart card is the one
with the revocation server. The information on the smart card and the information on the Express
WebTools settings are checked against the one which is stored in the revocation server.
328 Chapter 6 - Security on Océ ColorWave 500 and Océ ColorWave 700