beautypg.com

4 choosing smart card middleware, Choosing smart card middleware – HID Crescendo C1150 Administration Guide User Manual

Page 12

background image

HID Global Crescendo C1150 – Administration Guide

Page 12 of 115

November 2013

© 2013 HID Global Corporation. All rights reserved.

4TRESS AAA Server adds one-time password services to Crescendo C1150 cards, enabling
support for legacy applications that are not PKI-enabled, such as many remote access and
VPN applications.

The card is managed by 4TRESS AAA Server via the ActivClient middleware.

The administrator initializes the Crescendo C1150 cards with 4TRESS AAA Server,
adding one-time password (OTP) capabilities to the cards.

Administrators or end users can download a certificate onto the card from the Microsoft
CA (or other CA), by selecting the ActivClient CSP.

If the card PIN is locked, you can unlock it with the challenge/response unlock code
managed by 4TRESS AAA Server.

The end user has ActivClient on his workstation; he can use certificates for standard
PKI services based on the CSP or PKCS#11 technologies.

He can also use the Crescendo C1150 for remote access/VPN services using one-time
passwords.

He can also use other ActivClient services for improved usability.

For further information, see section

8.0 Managing a Smart Card with 4TRESS AAA Server

on

page

97

.

2.3.6 Managed Mode with HID Global ActivID CMS and ActivID CMS Appliance

To deploy Crescendo cards with ActivID Card Management System (CMS), use the
Crescendo C1100 instead of the Crescendo C1150.

To deploy Crescendo cards with ActivID CMS Appliance, use the Crescendo C800 instead of
the Crescendo C1150.

2.4 Choosing Smart Card Middleware

You have a choice of Crescendo C1150 smart card middleware for end user workstations:

You can choose to deploy the Crescendo C1150 Mini Driver, which is available free of
charge.

You can choose to deploy the ActivClient software that provides enhanced capabilities.

This section presents the similarities and differences between the two options.

2.4.1 Services Available with Both Mini Driver and ActivClient

Both middleware options support the same applications for PKI services:

Windows Logon

Web authentication with Internet Explorer and Google Chrome

VPN authentication with Windows, Cisco, Juniper, etc.

Authentication to Citrix or Terminal Server sessions

Email signature and encryption with Microsoft Outlook and Exchange

See also other documents in the category HID Equipment: