The Windows smart card framework uses a smart card minidriver together with the Windows Smart Card Base CSP to enable the use of a smart card for authentication, logon and signing. However, Windows does not have a specific client application to easily troubleshoot when a smart card is not functioning as expected. This article reviews some ways to check that a minidriver smart card is set up and working correctly.
There are two aspects to checking that a minidriver is working for a specific smart card. The first is to check that it is recognized as a genuine smart card driver by Windows Plug and Play (PnP). The second is that the driver can be found by the cryptographic subsystem. This post focuses on first aspect, the PnP, and applies to Windows 7, 8 and Windows server 2008 and later OS versions.
When you insert a smart card into a Windows machine, the Plug and Play process is initiated. Windows tries to identify the smart card through a multi step process. To check if PnP has correctly installed the driver, open the Device Manager (type “Device Manager” into Windows search, or click Device Manager on the property pane of the Computer). If the smart card is correctly installed it will look like this:
If it is not recognized it is will look like this:
If it is not recognized, there are a number of reasons the minidriver may not be installed for the particular smart card. Check the following:
- Be certain the minidriver is supported for the card. Many older smart cards don’t use the Windows smart card framework, and instead use a smart card middle-ware application.
- Many smart card minidrivers are not downloadable by Plug & Play and instead have to be installed manually. If you have this problem with a Taglio C2 smart card, such as the C2 Series card or the uTrust MD Smart Card series, download and run the Minidriver installer application, and it will pre-install the drivers. The installer application can be downloaded from the Taglio Download Page or for the uTrust MD Smart Cardsavailable at the Identiv web site.
- PnP may be disabled. If your computer is managed (e.g. provided by an employer) this is quite likely.
It should be pointed out that it is not strictly required for the smart card to be recognized in the device manager for the smart card to actually work. Though that would be unusual, it is possible because the crypto subsystem does not require a PnP installation work. The minidriver can be placed into the correct folders and the registry files set up manually.