Issue Token and Smartcard Support in SafeGuard Enterprise /SafeGuard Easy 5.60.x / 6.00.x
Known to apply to the following Sophos product(s) SafeGuard Device Encryption 6.0SafeGuard Device Encryption 6.00.1SafeGuard Easy 5.60.0SafeGuard Easy 5.60.1SafeGuard Device Encryption 5.60.0SafeGuard Device Encryption 5.60.1
For information about Smartcard and Token Support in SafeGuard 6.10 follow this link: KBA120506
Smartcard Middleware tested in SafeGuard Device Encryption
Please note: SafeGuard Easy only supports the non-cryptographic logon mode (user credentials stored on the token/smartcard) to perform an authentication to the system. The highlighted token/smartcard middleware cannot be used in combination with SafeGuard Easy but with SafeGuard Enterprise only.
* CSP Minidriver 18.104.22.168 + PKCS#11 module 22.214.171.124
** Supposed to work on Windows Vista but not explicitly tested.
Supported Smartcard Readers
Requires firmware version >= v1.12c
USB Reader 3.0
SCR 243 OEM
Readers supposed to work with SafeGuard Device Encryption Power ON Authentication The smartcard readers below are integrated in SafeGuard Enterprise / SafeGuard Easy and should work according to vendor compatibility information.
G81-7040 G81-7043 G81-8040 G81-8043 G83-6610
PIN pad for secure PIN entry is not supported
Requires firmware version 5.10 and updated Windows drivers
Hint: If more than one smartcard reader is present on a client, it is recommended to disable the ones that are not used to avoid unwanted side effects. For internal readers it can be necessary to disable the device in the BIOS.
Supported Smartcards Supported Smartcards in SafeGuard Device Encryption Power-on Authentication (POA)
v2 (Oberthur) v2c (Gemalto)
G&D STARCOS SPK
Tested national EID cards
MartSoft Java Card
Sagem Orga J-ID Mark
Aladdin / Safenet
eToken Smart Card (Java Card)
Please note: SafeGuard Easy only supports the non-cryptographic logon mode (user credentials stored on the token/smartcard) to perform an authentication to the system. The highlighted token/smartcard middleware cannot be used in combination with SafeGuard Easy but with SafeGuard Enterprise only. * Please refer to AET SafeSign documentation for smartcard details (supported Java Card versions, card completions and configuration). ** Smartcard initialization required Gemalto Access Client 5.0 *** Support for A-Trust cards in SafeGuard Enterprise requires cards to be issued by A-Trust with Kerberos Windows logon extensions and installation of A-Trust middleware. **** Support of Estonian EID cards requires:
- Standard middleware: OpenSC PKCS#1 version 0.8.3 and the EstEID Card CSP - Additional software from JaJa Arendus OU (http://www.jaja.ee) (i.e, its additional ITLogon Csp) and its scripting tool to link the Estonian citizen ID with Active Directory users.
Supported USB Tokens Supported USB Tokens in SafeGuard Device Encryption Power On Authentication (POA)
Supported USB Tokens
Aladdin / SafeNet (CardOS)
eToken Pro eToken NG-Flash
Aladdin / SafeNet
Aladdin / SafeNet (Java)
SecurID 800 REV D1* Firmware v. 3.00
USB-Tokens supposed to work with SafeGuard Device Encryption Power ON Authentication The smartcards below are integrated in SafeGuard Device Encrption and should work according to vendor compatibility information.
OTP function not supported
Please Note: The USB Tokens in bold were tested explicitly by Quality Assurance (current and/or in previous versions). Hint: Using Smartcards/Tokens for authentication at OS level requires the installation of an additional middleware application (see column "Middleware Supplier")
Not supported USB Tokens
These USB Tokens are not supported in the SafeGuard Device Encryption Power On Authentication (POA)
Not supported USB Tokens
ActivKey (AAK301, AUD200)
Not CCID compliant, outdated model types
Back to Sophos SafeGuard ReleaseNotes landing Page
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.