Welcome to the Taglio Help desk!
The Identiv uTrust MD Smart Card uses a minidriver module to interface with the Windows Crypto system, allowing digital certificates and keys to be created and stored on the smart cards. The uTrust Minidriver module used by the uTrust MD Smart Cards is powered by the C2 Minidriver by Taglio. The articles on the C2 Minidriver on the Helpdesk are therefore applicable to the uTrust MD Smart Cards as well.
Be certain you have the uTrust Minidriver installed. The C2 Minidriver needs to be installed on all client computers or servers where the smart card certificates are used. The Minidriver module is Plug and Play with Windows. For computers that do not support Plug and Play, the minidriver can be installed manually using the uTrust MD installer, available from the Identiv web site.
Install the minidriver on every system where the smart card(s) will be used.
Enrolling Certificates for Logical Access
The uTrust MD Smart Cards store digital certificates. These certificates are most often used for things such as logon, digital signatures, and encryption. Certificates are requested from, and issued by, a Certificate Authority (CA).
The uTrust MD Smart Cards are designed to be set up on a Windows system. They support any Windows compatible Card Management System or can be set up directly using the Microsoft Windows Certificate Authority. That set of articles outlines how to create the Certificate Templates and request certificates to be loaded onto the smart cards. It is assumed that these requirements are already met in your environment.
The uTrust MD Smart Cards can be used with other Certificate Authorities and certificates can be imported onto the smart card via the command line Windows utility “certutil”. The smart cards can also be used for standalone computer logon.
Changing user PIN and Admin Key
Finally, changing the user PIN and Admin Key are important measures to be taken before deploying the smart cards for use. You can change the user PIN and the Admin Key with the VSEC_CMS_K2.0 utility that can be downloaded from the Taglio download page. An end user can customize the user PIN via Windows. The user PIN should be 4-14 digits.
The Admin Key can also be changed using vSEC_CMS. Keep the Admin Key recorded in a secure location if you want the option to unblock the user PIN in the future. For maximum security, randomize the Admin Key (the vSEC_CMS utility provides a randomize option) and do not store it at all.
Check out more articles on our Help Desk and feel free to contact us with questions!
The Identiv uTrust MD Smart Cards combine logical access with physical access capabilities. For support and questions for physical access applications please see the Identiv webiste here.