Issue Token and Smartcard Support in SafeGuard Device Encryption 6.10
Known to apply to the following Sophos product(s)
SafeGuard Device Encryption 6.10.0SafeGuard Easy 6.10.0
Smartcard Middleware tested in SafeGuard Device Encryption
Windows 8 / 8.1
Please note: SafeGuard Easy only supports the non-cryptographic logon mode (user credentials stored on the token/smartcard) to perform an authentication to the system. The highlighted token/smartcard middleware cannot be used in combination with SafeGuard Easy but with SafeGuard Enterprise only.
On systems which are encrypted using BitLocker there is no SmartCard / Token logon support at Pre-Boot level.In this case that only possible at Operating System level (Credential Provider).
* CSP Minidriver 22.214.171.124 + PKCS#11 module 126.96.36.199
Supported Smartcard Readers
Requires firmware version >= v1.12c
USB Reader 3.0
SCR 243 OEM
Readers supposed to work with SafeGuard Device Encryption Power ON Authentication The smartcard readers below are integrated in SafeGuard Enterprise / SafeGuard Easy and should work according to vendor compatibility information.
G81-7040 G81-7043 G81-8040 G81-8043 G83-6610
PIN pad for secure PIN entry is not supported
Requires firmware version 5.10 and updated Windows drivers
Hint: If more than one smartcard reader is present on a client, it is recommended to disable the ones that are not used to avoid unwanted side effects. For internal readers it can be necessary to disable the device in the BIOS.
Supported Smartcards Supported Smartcards in SafeGuard Device Encryption Power-on Authentication (POA) and SafeGuard Credential Provider
v2 (Oberthur) v2c (Gemalto)
G&D STARCOS SPK
M4.3b M4.4 5.0
Tested national EID cards
MartSoft Java Card
Sagem Orga J-ID Mark
Aladdin / Safenet
eToken Smart Card (Java Card)
Please note: SafeGuard Easy only supports the non-cryptographic logon mode (user credentials stored on the token/smartcard) to perform an authentication to the system. The highlighted token/smartcard middleware cannot be used in combination with SafeGuard Easy but with SafeGuard Enterprise only. * Please refer to AET SafeSign documentation for smartcard details (supported Java Card versions, card completions and configuration). ** Smartcard initialization requires Gemalto Access Client 5.0
Supported USB Tokens Supported USB Tokens in SafeGuard Device Encryption Power On Authentication (POA) and SafeGuard Credential Provider
Supported USB Tokens
Aladdin / SafeNet (CardOS)
eToken Pro eToken NG-Flash
Aladdin / SafeNet
Aladdin / SafeNet (Java)
SecurID 800 REV D1 Firmware v. 3.00
USB-Tokens supposed to work with SafeGuard Device Encryption Power ON Authentication The smartcards below are integrated in SafeGuard Device Encrption and should work according to vendor compatibility information.
OTP function not supported
Please Note: The USB Tokens in bold were tested explicitly by Quality Assurance (current and/or in previous versions). Hint: Using Smartcards/Tokens for authentication at OS level requires the installation of an additional middleware application (see column "Middleware Supplier")
Not supported USB Tokens
These USB Tokens are not supported in the SafeGuard Device Encryption Power On Authentication (POA)
Not supported USB Tokens
ActivKey (AAK301, AUD200)
Not CCID compliant, outdated model types
Back to Sophos SafeGuard ReleaseNotes landing Page
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.