MFA Guides

Types of Cards

The following FAQs discuss the different types of cards and their authentication abilities.

What is a Smart Card?

A smart card is a plastic card with an embedded microprocessor and the required contact interface is read by an internal or external smart card reader. Smart cards follow several technology standards, however, there are three primary types supported by RapidIdentity. Java smart cards provide a high level of interoperability between different operating systems. Cards of this type require a third party middleware to provide integration with Windows operating systems.

Mini-driver and .NET type cards are designed primarily for Windows environments and function without a middleware, requiring only a Plug-and-Play driver. Windows 7 and newer operating systems provide enhanced functionality with .NET and mini-driver cards and have become the preferred standard for simplicity and simple integration into a Windows environment. All smart cards may be used as a secure, tamper-resistant credential on which to store digital certificates, create and store encryption, and signing keys.

Smart cards and RapidIdentity Server are designed to integrate with a Microsoft Certification Authority for credential issuance and management of PKI credentials. Smart cards are protected by a user or administrator-assigned PIN which is used to access the secure materials stored on the card when performing authentication or any function that may require a private key stored on the card.

What is a Contactless Card?

Contactless cards do not require physical contact between the card and the reader. Various types of contactless cards exist and are supported by RapidIdentity Server, which includes read-only, cards with read and write capabilities, and cards integrating each of these functionalities.

In many organizations, contactless cards are used for securing physical access to interior and exterior doors within a building or campus. Virtually all cards operate on one of two RF frequencies, 13.56 MHz or 125 kHz. RapidIdentity Server supports both frequencies and can provide hardware to support one or even both frequencies in a single deployment.

RapidIdentity Server allows these cards to be leveraged for logical access as well as physical access without the need to issue new badges for each employee.

The following is a non-exhaustive list of contactless cards supported by RapidIdentity Server.

  • MIFARE 13.56 MHz read/write

  • DESFire 13.56 MHz read/write

  • HID iCLASS 13.56 MHz read/write

  • HID PROX and PROX II 125 kHz read only

  • AWID

  • CASI-RUSCO

  • Indala

  • Legic

  • HiTag

  • GE Security

What is a Hybrid or Dual Interface Card?

Hybrid and Dual Interface (DI) are two interchangeable terms to refer to cards combining the microprocessor elements which support PKI and its associated features over a contactless 13.56 MHz contactless interface.

Most of the smart card technologies are supported using this method (e.g. Java and mini-driver cards) and hybrid cards are readily available in HID iCLASS and MIFARE contactless formats. RapidIdentity Server supports hybrid cards to allow for strong authentication, SSO, and other functions requiring access to digital credentials. RapidIdentity Server delivers all of the benefits of the high-security of a PKI smart card but adds the simplicity and enhanced usability of allowing a contactless solution.

What is a mini-driver smart card?

Mini-driver smart cards are specifically designed to integrate more easily with the Microsoft Cryptographic Service provider and do not require special middleware. Most mini-drivers are WHQL certified and may be obtained by Windows Update using the Windows Plug-and-Play feature. Certain card types may require specific drivers that are available from the manufacturer or from Identity Automation.

Mini-driver cards do not require 3rd party middleware; they only require the driver. Mini-driver smart cards are easier to manage, provide a smaller software footprint, and integrate with Windows 7 and later operating systems to provide self-service utilities such as offline PIN unblock at the Credential Provider, which requires no connectivity to the RapidIdentity Server for remote PIN unblock.