Loading...

Knowledge Center


Supported tokens for authentication in Drive Encryption
Technical Articles ID:   KB79787
Last Modified:  3/22/2019
Rated:


Environment

McAfee Drive Encryption (DE) 7.2.x, 7.1.x

For DE supported environments, see KB79422.

Summary

Recent updates to this article:
 
Date Update
March 22, 2019 Updates to SafeNet eToken 5110 entry. Clarification on what is and is not supported.
March 13, 2019 Added support for SafeNet eToken 5110 (Non-Fips).
January 9, 2019 Removed support for SafeNet eToken 5110 because of changes by the manufacturer.
December 18, 2018 Added support for Yubico (Yubikey 4 series).
November 16, 2018 Added "Important" note to "Supported tokens with DE" section. Other minor format updates.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.


Contents:
Click to expand the section you want to view:


Connection
Value Description
USB The token connects via a USB port.
Smart Card The token is a Smart Card that you must insert in a supported reader for DE to read it.
Biometric A biometric reader, such as a fingerprint reader:
  • Biometric readers are only supported on certain PC platforms. See the DE Supported Readers article for a list of supported platforms. For details, see KB79788.
  • Biometric tokens work in single user mode which means that a biometric user is associated with an individual computer. A separate UserID is required for each computer that a user with biometric tokens needs to access.


Integration Type
Value Description
Stored Value The information is needed to authenticate that a user is stored on the token itself.
PKI The certificate can be found in a PKI store (such as Active Directory) and used to initialize the token by the ePO extension.
Self-Init The certificate is not located in a PKI store. The product initializes the token when the user presents the Smart Card to the preboot environment during authentication. The ePO extension has not seen the card or certificate before it is used for the first time.


Token/Smart Card Standards
Value Description
CAC The Common Access Card (CAC) is a United States Department of Defense (DoD) Smart Card issued as standard identification for:
  • Active duty military personnel
  • Reserve personnel
  • Civilian employees
  • Other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel.
PIV Federal Information Processing Standard Publication 201 (FIPS 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for federal employees and contractors.
How to configure and use tokens with DE
See the DE Product Guide for details about how to configure and use tokens.


DE known issues with tokens
To view known issues with tokens, see KB84502.
NOTES:
  • The table below identifies the tokens supported with DE. The "Support Included" column identifies the minimum version of DE required for each token. All DE versions later than the minimum version, support the token unless stated otherwise.
  • Regarding UEFI Smart Card Reader Support, if you plan to run DE on a client operating in native UEFI mode, see the UEFI section of the DE Supported Environments article KB79422.
IMPORTANT: Although the Drive Encryption Product Guide lists steps for usage with the UPEK biometric token, this use required third-party software that is no longer available. So, Drive Encryption no longer supports the UPEK biometric token for authentication at PBA.
 
Brand Type Connection Integration Type Notes/Token Type from Policy Minimum
Supported
Version
A-Trust 1
  A.sign premium A04 Smart Card PKI A-Trust PKI Smart Card DE 7.1.0
ATOS (Siemens)
  CardOS M4.01a Smart Card PKI Siemens CardOS PKI Smart Card DE 7.1.0
CardOS 4.3b Smart Card PKI
Self-Init
Siemens CardOS PKI Smart Card DE 7.1.0
CardOS 4.4 Smart Card PKI
Self-Init
Siemens CardOS PKI Smart Card DE 7.1.0
CardOS 5.3 Smart Card
 
PKI
Self-Init
Siemens CardOS PKI Smart Card DE 7.2.2
Sm@rtCafe
  G&D Sm@rtcafe Expert 64 V2
Standard (SafeSign Applets)
Smart Card PKI SafeSign Generic PKI Smart Card 3 DE 7.1.1
Gemalto
  64K v2 Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
Classic TPC IM CC Smart Card PKI NHS PKI Smart Card DE 7.1.0
Classic TPC IM Smart Card PKI NHS PKI Smart Card DE 7.1.0
Classic TCP IS v2 (v1 applet) Smart Card PKI NHS PKI Smart Card DE 7.1.0
Classic TCP IS v2 (rev B) Smart Card PKI NHS PKI Smart Card DE 7.1.0
CyberFlex Access 64K v1 SM 4.1 Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
CyberFlex Access 64K v2c Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
CyberFlex Access 2 Smart Card PKI Gemalto .NET PKI Smart Card DE 7.1.0
GCX4 72K D1 - CAC Smart Card PKI
Self-Init
Common Access Card PKI Smart Card DE 7.1.0
IDPrime .Net 510 Smart Card PKI Gemalto .NET PKI Smart Card DE 7.1.0
LuxTrust GemP15-1 (V2 Applet) Smart Card PKI LuxTrust PKI Smart Card DE 7.1.0
.NET v2+ Smart Card PKI
Self-Init
Gemalto .NET PKI Smart Card DE 7.1.0
.NET Smart Card PKI Gemalto .NET PKI Smart Card DE 7.1.0
MD830 6 Smart Card PKI Gemalto IDPrime MD PKI Smart Card 6 DE 7.2.0
TOP DL GX4 FIPS 144K - CAC Smart Card PKI
Self-Init
Common Access Card PKI Smart Card DE 7.1.0
HID Global 4
  Crescendo C1300 Smart Card PKI
PIV
CAC PKI
Smart Card
DE 7.2.5
Crescendo C1150 Smart Card PKI
PIV
CAC PKI
Smart Card
DE 7.2.5
Crescendo 144K FIPS Smart Card PKI
PIV
PIV PKI
Smart Card
DE 7.2.5
ActivIdentity - 64K V1S1 Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
ActivIdentity - USB Key v3.0 ZFG-48001-A
CyberFlex Access 64K v2c
USB PKI
Stored Value
ActivIdentity/CAC PKI Smart Card DE 7.1.0
Axalto - Access 64K Smart card PKI ActivityIdentity/CAC PKI Smart Card DE 7.1.0
CyberFlex Access 64K v2c Smart Card PKI
Stored Value
- -
IBM
  JCOP41 Smart Card PKI NHS PKI Smart Card DE 7.1.0
JCOP21 (SafeSign Applets) Smart Card PKI SafeSign Generic PKI Smart Card DE 7.1.1 3
Imprimerie Nationale
  IAS ECC 6–36761 Smart Card PKI Gixel PKI Smart Card DE 7.1 3 5
Monet+
  CryptoPlus ProID Smart Card PKI Monet PKI Smart Card DE 7.1.0
Oberthur
  72K v5.2 Dual - CAC Smart Card PKI
Self-Init
Common Access Card PKI Smart Card DE 7.1.0
CS PIV (2048 bit) Smart Card PKI PIV PKI Smart Card DE 7.1.0
Cosmopol IC 64K v5.2 Fast ATR Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
Cosmo v7.0-n (v3.22) USB
Smart Card
PKI Oberthur Authentic PKI Smart Card DE 7.1.0
ID-One Cosmo 128K D v5.5 - CAC Smart Card PKI
Self-Init
Common Access Card PKI Smart Card DE 7.1.0
ID-One Cosmo 64 v5.2 D Fast ATR - PIV Smart Card PKI
Self-Init
PIV PKI Smart Card DE 7.1.0
ID-One Cosmo 128K D v5.5 - CAC Smart Card PKI
Self-Init
Common Access Card PKI Smart Card DE 7.1.0
ID-One Cosmo v7.0 128k (AuthentIC22) Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
ID-One Cosmo V7 Smart Card PKI
Self-Init
ActivIdentity/CAC PKI Smart Card DE 7.1.0
ID ONE v5.2 Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
ID ONE v5.2 Dual Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
ID-One Cosmo v7.0n (v2.32)
[PIV (Type A) Large D (NIST SP 800-73 [PIV])]
Smart Card PKI PIV PKI Smart Card DE 7.1.0
RSA
  SID800 v2 USB PKI
Stored Value
RSA PKI Smart Card
RSA Stored Value Smart Card
utility/RSA security centre
DE 7.1.0
SID800 Rev D3 USB PKI
Stored Value
RSA PKI Smart Card, RSA Stored Value
Smart Card, utility/RSA security centre
DE 7.1.0
SID800 Rev D1 USB PKI
Stored Value
RSA PKI Smart Card, RSA Stored Value
Smart Card, utility/RSA security centre
DE 7.1.0
SafeNet 2
  eToken Pro 32K
- CardOS 4.2, 4.2b, 4.0.1
USB
Smart Card
PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
eToken Pro 64K
- CardOS 4.2, 4.2b, 4.0.1
USB
Smart Card
PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
eToken Java 72k USB
Smart Card
PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
eToken 5110 (non-FIPS)

NOTE:  eToken 5110 FIPS and 5110 CC (Common Criteria) are not supported.
USB PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
eToken 5105 USB PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
eToken 5100 USB PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
iKey 2032 Smart Card PKI ikey PKI Smart Card DE 7.1.0
  NG-OTP USB PKI
Stored Value
eToken PKI Smart Card
eToken Smart Card
DE 7.1.0
SafeSign
  Evonik Smart Card PKI SafeSign PKI Smart Card DE 7.1.0
Multiple Tokens 3 Smart Card PKI SafeSign Generic PKI Smart Card 3 DE 7.1.1
Schlumberger
  CAC Access 32K v2 Smart Card PKI ActivIdentity/CAC PKI Smart Card DE 7.1.0
StarCos
  3.1 Smart Card Stored Value Starcos Smart Card DE 7.1.0
TeleSec
  Telesec Smart Card 2.0 Smart Card PKI TeleSec PKI Smart Card DE 7.1.0
Telesec Smart Card 3.0 Smart Card PKI TeleSec PKI Smart Card DE 7.1.0
Telesec Netkey 3.0 TCOS 3.0 Smart Card PKI TeleSec PKI Smart Card DE 7.1.0
Telia
  Setec Telia Sonera PKI [Net ID - SetCOS 4 (Telia EID IP2s)] Smart Card PKI Setec PKI Smart Card DE 7.1.0
Setec Telia Sonera PKI [Net ID - SetCOS 5 (Telia EID IP5a)] Smart Card PKI Setec Access PKI Smart Card DE 7.1.0
Setec Telia Sonera PKI [Net ID - SetCOS 5 (Telia EID IP9)] Smart Card PKI Setec Access PKI Smart Card DE 7.1.0
Validity
  Fingerprint Reader Biometric SV Validity Fingerprint Reader DE 7.1.0
Vasco
  DigiPass Key 101 (SafeSign Applets) Smart Card PKI SafeSign Generic PKI Smart Card 3 DE 7.1.1
Yubico
  Yubikey 4 series USB Key
Nano USB key
PIV PIV PKI Smart Card DE 7.2.7
1 The A-Trust token only accepts numeric card PINs.  
2 SafeNet was formerly known as Aladdin.  
3 SafeSign provides a generic Smart Card Interface to which several Smart Card vendors conform. Drive Encryption supports this interface. Smart Cards/Tokens that we have tested with DE have been included in this table.
IMPORTANT: To function, the Smart Card/token must have an installed SafeSign Identity Client applet.
 
4 HID Global was formerly known as ActivIdentity.  
5 IAS-ECC cards comply with the Advanced Electronic Signature EU Directive 1999/93/EC and the European Citizen Card specification created by CEN in June 2007 to ensure interoperability of e-Services cards throughout Europe.  
6 Support is limited to the Gemalto IDPrime MD830 L2 PKI cards. The latest L3 self-initializing PKI cards are not yet supported. Submit a product enhancement request. See the Related Information section for details.  

Back to top
What version of middleware is required?
With the removal of the Require Endpoint Encryption Logon policy setting, DE no longer needs the middleware. But, customers who want to use the Smart Card at the Windows logon are still required to install the middleware for Windows to support the Smart Card in use. Because of the Windows and Smart Card interaction, DE does not need to specify the version of middleware.

If my token is not in the list, is it still supported?
Usually, if a token is not listed in this document, it is unsupported. But, a token might work without being in the list.
  • A working token is a token that has been tested and verified as working by a third party, but not by the Drive Encryption QA team. You can use a working token in your environment and use the product. If used, you accept that although everything is working, McAfee has not officially tested the token. You also accept that McAfee does not support the token because it has not been fully validated as working as expected with DE.
  • If you require a new reader to be supported, submit a Product Enhancement Request (PER) (see the PER Process section below). PER requests are directed to Product Management.
  • If a combination of a supported reader and a supported token is not working as expected, contact Technical Support to investigate.

What happens if my token is in the supported list but the token does not work?
Contact Technical Support and open a Service Request for the issue. McAfee reviews the way your environment is configured and conducts further research to investigate the issue if your environment matches the required settings. One possible outcome is that McAfee might request that you submit a PER (see the PER Process section below).

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.