NFC Connector – Use RFID or basic cards as smart cards to login to active directory

Download NFC Connector Light. Test the NFC Connector Enterprise (Video).

 Overview

NFC Connector is a solution to emulate cryptographic smart card functionalities for RFID tags or memory cards. With this solution, tags can virtually store certificates and be used in any smart card scenarios like login, signature or encryption. This solution is compatible with EIDAuthenticate or Active Directory for smart card logon. This solution do not rely on the user password at all.

Requirements

You can test the NFC reader and the tag using this procedure. If you are planning to buy RFID, please consider NFC smart card (like Smart Card HSM or GIDS) which do not need such emulation.

  • Windows XP SP3 or Windows 2003 SP2 or later.
  • A NFC PCSC card reader, like
  • A NFC Tag recognized by the card reader, like
  • Local admin rights to install the software and register the NFC tag driver
  • Domain administrator for NFC Connector Enterprise automatic provisioning

Demo

View NFC Connector Light Demo (configuration and login to active directory). Demo for NFC Connector Enterprise with configuration, card creation, login to active directory and audit.

Edition

NFC Connector has two editions :

  1. NFC Connector Light

The word “Light” implies that this edition has not been designed for Enterprise use cases, aka users which needs to use the NFC tags / RFID with the same certificate on multiple computers and with key usage audit. This edition is distributed freely but it has the following limitations :

  • Keys and certificates related to the RFID tag cannot be exported or used to another computer. This limitation has been set to prevent the unauthorized export of the cryptographic material.
  • There is no limits to the number of PIN attempts and no lockout mechanism.
  1. NFC Connector Enterprise

This edition allow any computers of a network to access a “shared repository” where the certificates are stored, provision automatically cards and perform audits. The private key cannot be exported from the software. This solution has been designed to incorporate existing access control tokens (badges) and can be used with the same process than badge provisioning.

Differences between NFC Connector Light and NFC Connector Enterprise:

ProductNFC Connector LightNFC Connector Enterprise
PriceFree15 euros excluding VAT per computer
Certificate storageLocallyOn a server
ProvisionningManuallyManually, automatic certificate deployment
rfid login active directory  with a card touchNo. An empty PIN must be enteredYes
Card compatibilityCards with UID (Mifare, phone with NFC emulation, …)Cards with UID (Mifare, phone with NFC emulation, …)PACS bits (badge HID Prox, Mifare)
ExtensibilityNonePlugins can be written to customize the smart card behavior or cryptographic storage
PIN EnforcementNoneLike a real smart card (PIN count, PIN reset, …)
Audit logsNoneYes, with computer IP, program, card ID, …

Use cases

Scenario 1: Use RFID as classic smart card (Light / Enterprise editions)

This use case allows to use any RFID card as a smart card. Requirements: None Difficulty : low Scalability : bad When the automatic registration of cards is enabled, the card are created on the fly but without any user information nor certificate. If a logon certificate has to be installed, the user has to request it (via the smart card manager or the certificate console) or a GPO has to be deployed. use case 1

Scenario 2: An administrator enroll the card (Enterprise edition only)

This use case relies on an administrator to create the card on behalf the user and configure the smart card logon. Requirements: An enrollment agent certificate Difficulty : Medium Scalability : Medium The card is created using the NFC Connector administration tool. The administrator, after having configured an enrollment certificate on the solution, requests the creation of the card and the service automatically installs a smart card logon certificate on behalf the user. NFC use case 2

Scenario 3: Automatic registration of smart card (Enterprise edition only)

This use case relies on a data source which contains both user references and card references and an enrollment agent certificate. No user / administrator interaction is required. Requirements: An enrollment agent certificate and a data source Difficulty : High Scalability : Good When an unknown card is presented to the solution, the software asks the data source for a user match. Then, it creates automatically the card and enroll a smart card logon certificate on behalf the user. NFC use case 3