Smart Card

The following tasks detail the Smart Card middleware policy settings:

Important:

Restart Workstation

For the Smart Card policy changes to be applied, you must restart the workstation.

Turn on US Department of Defense configuration

Description:

For smart cards that comply with both the US government GSC-IS and PIV standards, defines which standard takes precedence for the middleware.

If this setting is enabled, GSC-IS takes precedence for the middleware.

If this setting is not configured or disabled, then the PIV standard takes precedence.

Possible Values:

  • Not Configured

  • Enabled

  • Disabled

A setup preference also exists for this setting, which might affect the behavior if this policy setting is not configured.

The goal of this setup preference is to enable you to install ActivClient with the US Department of Defense configuration option and automatically have access to the specified configuration, without having to configure additional policies.

  • If the US Department of Defense configuration option is selected in the ActivClient setup and if the Turn on US Department of Defense configuration policy is not configured or disabled, then GSC-IS is chosen as the preferred interface.

  • If the US Department of Defense configuration option is not selected in the ActivClient setup and if the Turn on US Department of Defense configuration policy is not configured or disabled, then PIV End Point is chosen as the preferred interface.

  • If the Turn on US Department of Defense configuration policy is Enabled, then it takes precedence over the preference set in the ActivClient setup, and GSC-IS is chosen as the preferred interface.

Disable smart card discovery information caching

It is recommended that you enable the caching of smart card discovery information (the default behavior) for most deployment configurations. Disabling this functionality is recommended only for issuance workstations where user smart cards are inserted only once – for the card issuance and personalization process.

Description:

Disables the smart card discovery information caching.

When this setting is not configured or disabled, performances are optimized by caching smart card discovery information. This smart card discovery process is repeated at each smart card insertion.

Note: Discovery information caching needs to be enabled if you use the Smart Card Auto-Update with ActivID CMS capability.

Configure ActivClient Minidriver as default PIV Minidriver

Description:

For smart cards that comply with PIV standards, configure ActivClient minidriver as default PIV minidriver.

When this setting is not configured or enabled, the ActivClient minidriver will be the default minidriver. When this setting is disabled, the user can set their own minidriver which complies with PIV standards.

Possible Values:

  • Not Configured

  • Enabled

  • Disabled

Note: The customer can set their own PIV minidriver through Setting NIST PIV registry (Identity Device (NIST SP 800-73 [PIV])).