Activcard Usb Reader V2.0 Driver

  1. Activcard Usb Reader V2 0 Driver Download
  2. Activcard Smart Card Reader Driver

Driver download page for the Realtek USB 2.0 Card Reader by network. Windows7 32bit inbox driver. Windows7 32bit inbox driver. ActivCard SCR301 USB Smart Card Reader.

Подробнее о пакете драйверов:

Тип: драйвер
Имя: Microsoft Usbccid Smartcard Reader Drivers
Производитель: Microsoft
Версия драйвера (программы установщика):
6.1.7601.17514, 6.1.7600.16385, 6.3.9600.16384
Операционная система:
Windows 7, Windows 8, Windows 8.1
Разрядность ОС:
32-bit (x86), 64-bit (x64)
Размер файла: 0.06 mb
Дата выхода: 2020-10-15

Realtek usb 2 0 card reader driver 10 0 4 for windows 10 64 bit 64 bit drivers download - X 64-bit Download - x64-bit download - freeware, shareware and software downloads.


Microsoft Usbccid Smartcard Reader Drivers. Характеристики драйвера

Драйверы Microsoft для картридеров смарткарт. Предназначен для ручной установки.

Версии драйверов:

  • WUDFUsbccidDriver.inf, Windows 7/8 64 bits - v.6.1.7601.17514 от 21.06.2006
  • WUDFUsbccidDriver.inf, Windows 7/8 32 bits - v.6.1.7600.16385 от 21.06.2006
  • WUDFUsbccidDriver.inf, Windows 8.1 32 bits - v.6.3.9600.16384 от 21.06.2006

Поддерживаемые устройства:

  • Microsoft Usbccid Smartcard Reader (WUDF)
  • Microsoft Usbccid Smartcard Reader (O2 Micro OZ776/777)
  • Microsoft Usbccid Smartcard Reader (ActivCard SCR33x/V2)
  • Omnikey 3021
Внимание! Перед установкой драйвера Microsoft Usbccid Smartcard Reader Drivers рекомендутся удалить её старую версию. Удаление драйвера особенно необходимо - при замене оборудования или перед установкой новых версий драйверов для видеокарт. Узнать об этом подробнее можно в разделе FAQ.

Скриншот файлов архива

Файлы для скачивания (информация)

drv_microsoft_6.1.7601.17514x64.zip - Windows 7/8 64 bits (0.06 mb) v.6.1.7601.17514 от 21.06.2006

drv_microsoft_6.1.7600.16385_x86.zip - Windows 7/8 32 bits (0.04 mb) v.6.1.7600.16385 от 21.06.2006

drv_microsoft_6.3.9600.16384x86.zip - Windows 8.1 32 bits (0.04 mb) v.6.3.9600.16384 от 21.06.2006

Activcard cac reader

Поддерживаемые устройства (ID оборудований):

USBVID_0B97&PID_7762 O2 Micro, Inc.Oz776SmartCardReader
USBVID_0B97&PID_7772 O2 Micro, Inc.OZ776 CCIDSmartcardReader
USBVID_09C3&PID_0008 ActivCard, Inc.ZFG-9800-ACSmartCardReader
USBVID_04E6&PID_E001 SCM Microsystems, Inc.SCR331SmartCardReader
USBClass_0B&SubClass_00&Prot_00
USBClass_0B&SubClass_00&Prot_01
USBClass_0B&SubClass_00&Prot_02
USBClass_0B&SubClass_00
USBClass_0B

Другие драйверы от Other

Contents

  1. Basic PKI Authentication
  2. Applications
    1. Firefox
    2. Lock Gnome Screensaver on Card Removal
  3. Special considerations
  4. References

The Department of Defense (DoD) issues Common Access Cards (CACs) which are smart cards set up in a particular way. You can use these cards for Public Key Infrastructure (PKI) authentication and email. Overwhelmingly, the first thing most users need is PKI authentication.

Get a card reader

Obtain a compatible smart card reader. Known compatible readers are:

  • SCM Micro SCR3310 - Stand alone reader
  • O2 Micro OZ776 - Built-in laptop reader
  • Gemplus GemPC Card - PCMCIA card reader

  • ActivCard USB Reader 2.0 - Stand alone reader (outdated)

    • Note: Double check version number on bottom of device. You must flash the reader to the latest firmware. Currently, this must be done from a windows machine.

Note: If you have trouble with your reader, review device compatibility

Packages

You need middleware to access a smart card using the SCard API (PC/SC), and a PKCS#11 standard interface for smartcards connected to a PC/SC compliant reader. US government smartcards may also need support for the Government Smartcard Interoperability Specification (GSC-IS) v2.1 or newer. The pcsclite project provides the middleware layer. Ubuntu splits pcsclite into a few packages. As of this writing, the average user needs libpcsclite1 and pcscd. For the PKCS#11 interface, users can choose between coolkey and cackey. US Government users are probably better off with cackey instead of coolkey, so the coolkey package is omitted here. Since you're downloading packages, you may as well download pcsc-tools now too, as you'll want it soon enough, for testing.

Other items

You will need the DoD certificates.

You will almost certainly want want the cackey package instead of coolkey. Even if you prefer Chrome for your primary browser, you will probably want the DoD Configuration extension for Firefox, if for no other reason than testing.

Forge.mil hosts both cackey and the DoD Configuration extension, but it presents a chicken and egg problem: you need CAC authentication to get the packages. The easiest thing to do is just download them all at work and figure out how to get them to your Ubuntu machine (thumb drive, dropbox, etc). Here's your forge.mil shopping list:

  • the latest version of cackey

  • the latest version of the DoD Configuration extension for Firefox

Activcard Usb Reader V2 0 Driver Download

I recommend stashing these two on Dropbox somewhere, just to make sure you have access to them later, when that thumb drive gets lost in your car seat and you want to set this up for your buddy on a Saturday, or something like that. Trust me. Just do it.

pcsc_tools

Yes, grasshopper, we know you want Firefox. We're getting there. First, it's prudent to make sure your card reader is talking to the operating system. The pcsc_tools package provides an especially handy utility, pcsc_scan, which can help verify that your CAC reader really is talking to the OS, regardless of what any application is telling you:

It should output something like this:

If you see this instead:

You probably did not update your firmware properly. See symbolik's instructions to see how to update your firmware.

Firefox

To setup Firefox to authenticate with sites via SSL/PKI, you must:

  • download the DoD Certificates so that you can verify the server, and
  • setup firefox to read your client certificates from your CAC card.

As of Onereic, running Firefox 9.0.1, the DoD Configuation extension (version 1.3.6) sets all this up for you, assuming your card reader is interacting with Ubuntu. The following directions are mainly preserved for folks running older versions. YMMV.

DoD Certificates in Firefox

The DoD has created a hierarchy of certificates. The top level certificate signs the intermediate certificate and the intermediate certificate signs the site's certificate in most cases. If you import and trust the top most certificate, it saves you from having to install and trust a significantly higher number of certificates.

The original way to install DoD root certificates, even on Windows XP, was to visit http://dodpki.c3pki.chamb.disa.mil/rootca.html and just click on each one to install.

You may also download the certificates and install each one using the following procedure.

  1. Preferences Menu

  2. Advanced Section

  3. Encryption Tab

  4. View Certificates Button

  5. Authorities Tab

  6. Import Button

Places to download the certificates are:

  • https://crl.chamb.disa.mil/

  • http://dodpki.c3pki.chamb.disa.mil/rootca.html

  • https://eportal.ctnosc.army.mil/ (must have Army Knowledge Online [AKO] account)

Firefox Client Certificate Setup

  1. Insert CAC into reader - the green light should flash.
  2. Add CAC Module to Firefox as a Security Device

    1. Preferences Menu

    2. Advanced Section

    3. Encryption Tab

    4. Security Devices Button

    5. Load Button

    6. Enter CAC Module as the module name, and browse to /usr/lib/pkcs11/libcoolkeypk11.so for the module filename (or /usr/bin/libcackey.so or /usr/lib/libcackey.so if using the CACKey custom PKCS#11 library available from cackey).

NOTE: If you are updating from an existing install, or are having issues getting Firefox to play nice when trying to login in with CAC, you may need to remove all existing libcoolkeypk11.so modules and start from the beginning. For example: $ sudo updatedb, $ locate libcool, and delete all modules found.

Testing Firefox

You can test Firefox by going to https://teamware.dt.navy.mil/ and clicking on New Account at the top. If it works, you should be prompted to enter your PIN and the site should say Your PKI Certificate has been detected.

Google Chrome/Chromium Setup

For SSL certificate management, Google Chrome on Linux uses NSS. No UI is provided to install PKCS11 modules. It is important to complete the initial steps above for the CAC reader and Firefox setup prior to Google Chrome setup.

1. Install NSS tools

Debian/Ubuntu:

2. Add the 'CAC Module' pkcs11 library

2b. Close Chrome

3. Make sure you are in your home directory and your CAC card is inserted, Open a terminal window and enter this:

4. Check if the library was successfully added

5. You should see something like this:

Listing of PKCS #11 Modules

6. Now you can start using your certs in Chrome.

Evolution

The Evolution email client does not currently have a means to configure the security device (CAC reader) through the GUI as does Firefox or Thunderbird.

However, there is a fairly simple (but obscure) workaround that can be executed from the command line. Mozilla's certificate database can be imported into Evolution by copying three files within a terminal window:

Download

This appears to import in all the DoD certificates and security devices (CAC reader) previously configured in Firefox as outlined in the above instructions. Look under the 'U.S. Government' heading to confirm ('Edit/Preferences.../Certificates/Authorities tab'). You'll need to select each individual certificate (ie 'DOD CA-11'), click the 'Edit' button, and then select the boxes for both trust to ID sites, and trust to ID email users. Do this for all the certificates under the U.S. Government heading. This step is tedious, but you'll only need to do it once.

Next, select the appropriate certificate for signing and encrypting email. From 'Edit/Preferences', click on 'Mail Accounts', select your previously configured AKO/DKO account (either POP or IMAP), click the 'Edit' button, and then the 'Security' tab. Under the 'Secure MIME (S/MIME)' heading, select both the signing and encryption certificates, and any of the option check boxes desired.

When composing a new message, pull down the 'Security' menu and select 'S/MIME Sign' and/or 'S/MIME Encrypt' as appropriate.

Please note the author of the above section has not yet fully tested this functionality, but initial testing was successful. Nevertheless, implement with caution.

Note: There is currently no way to authenticate to the Exchange server though Evolution with a CaC and the above instructions are only to use the CaC for signing and encrypting the messages. This has been requested in Bug 253574 and may be implemented in version 2.23.x. The bug tracker has a patch for those wishing to recompile Evolution with untested code.

Machine and Screensaver login with CAC

With a little work you can also use your CAC card to log into Ubuntu or un-screenlock.

Note: If you are using cackey for CAC middleware, it's highly recommended to use cackey with CAC login. Using coolkey for login will most likely result in authentication conflict, resulting in CAC lockout.

Needed libraries:

Needed tools to build pam_pkcs11:

Get the latest version of pam_pkcs11 from https://github.com/OpenSC/pam_pkcs11.git and build pam_pkcs:

Activcard Smart Card Reader Driver

Make sure that the directories /usr/lib/pam_pkcs11 and /usr/share/pam are present and populated.

Although documentation states that make install should create a directory structure at /etc/pam_pkcs11 it doesn't seem to.

Create said directories:

Edit pam_pkcs11.conf for use with cackey:

Change the line that reads:

Reader

to be

Then directly after the aforementioned changed line:

Find and change the line:

to

Save. LDAP or other mappings will most likely be used in the future, but the above will work for now.

Information to unlock your system with your CAC can be obtained via the following:

Run:

Find where it says your name with the syntax LASTNAME.FIRSTNAME.MIDDLENAME.DODIDand take note of it.

Open /etc/pam_pkcs11/subject_mappping:

Add the line:

Edit to allow your system to use CAC authentication for unlocking:

Add the line:

to the top of the following files:

If you want to have your system try to use CAC authentication for everything including ssh, su, sudo, etc, add the line to the top of /etc/pam.d/common-auth.

Try rebooting and logging in with your CAC card. At the username prompt I had to just hit enter, then it asked me for my CAC PIN.

One thing to note. If you are using a Windows virtual machine under VMware Player or Server with CAC authentication in the virtual machine - the virtual machine will tie up the reader so Ubuntu can't get access to it. You'll get errors like token unavailable.

Lock Gnome Screensaver on Card Removal

The package pcsc-tools includes the tool pcsc_scan. This command line application will print the insertion and removal of a Smart Card to the stdout. Using this information, a script can be written to recognize this change. The following script requires the package inotify-tools.

After saving this script, you need to update line 13. Run pcsc_scan and look for the line that says 'ATR: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX'. This number is unique to your card. Update the XX's in the script with your unique line.

Make the script executable:

Add it to your Startup Applications.

This script will only unlock the screensaver if your CAC is inserted however, if you do not desire the unlock behavior, simply comment line 17: 'gnome-screensaver-command -d'.

Using CAs and CRLs

Surrender all hope, ye who enter here...

There seems to be a problem with pam_pkcs11 verifying the certificates with valid CAs and CRLs (the project has had little activity in the past few years.) For now, using the cert_policy = signature setting in pam_pkcs11.conf will work to log you in via CAC, but it won't actually be running checks to verify with the locally stored certificates.

If you want to try to experiment with getting certificates to work, use the CA and CRL instrutions below as a starting point, and set cert_policy = ca in pam_pkcs.conf.

CAs

With CAs, you're mostly on your own. You may be able to find what you need from here.If you get another x.509 format like .pfx, you can use openssl to change it to .pem.

Certificate Revocation Lists

ActivCard USB Reader v2.0

ActivCard USB Reader v2.0 P/N ZFG-9800-AD was flashed using the instructions at http://symbolik.wordpress.com/2007/02/26/scm-scr-331-usb-smartcard-reader-firmware-upgrade/. The rest of this guide was then followed without issue.

Gemplus GemPC Card (PCMCIA)

This card reader uses the ccid driver. Since it uses a serial port connection, you must tell pcscd where it is located. Before you begin, you need to install the software as shown in the next step. Once the apt-get procedure is completed, come back here to configure your reader.

First, determine which serial port on which it has loaded. Insert the card into the pc card slot and run dmesg in a terminal. You should get output similar to the following; note the tty.

Reader

Next, edit /etc/reader.conf.d/libccidtwin to add the following lines:

Then run sudo update-reader.conf, followed by sudo service pcscd restart. If everything worked correctly, you may proceed with the next step.

LPS

LPS-Public is a thin Linux LiveCD with a PIV/CAC-enabled Firefox browser that cannot mount the harddrive.It aims to open all DoD websites and OWA (webmail) clients. The developer at SAIC will roll custom versions on request, however, LPS is also very locked down. Experience suggests the typical user is far better off with Ubuntu (circa late 2011, early 2012).

Coolkey

Note that coolkey, a Red Hat project, does not always work on Ubuntu in a US government environment. One bug in coolkey can be tracked here

You can get coolkey from Fedora's BuildSystem. Its an RPM. Just extract the lib folder and copy to /usr/, overwriting existing files. Follow this procedure:

  1. $ wget http://kojipkgs.fedoraproject.org/packages/coolkey/1.1.0/17.fc15/i686/coolkey-1.1.0-17.fc15.i686.rpm

  2. $ sudo apt-get install rpm2cpio

  3. $ rpm2cpio coolkey-1.1.0-17.fc15.i686.rpm | sudo cpio -idmv

  4. $ sudo rsync -va ./usr/lib/ /usr/lib/

OpenSC

In rare cases, you may be the first to use a new card. In the path to diagnosing that and pushing the information upstream, you may find the OpenSC project helpful.

Big thanks to symbolik and his article Using DoD CAC and smartcard Readers on Linux

Department of Defense PKI Management https://crl.chamb.disa.mil/

Naval Research Laboratory DoD PKI Notes and accompanying PDF

Relevant Discussion Threads

  • http://ubuntuforums.org/showthread.php?t=457084

  • http://ubuntuforums.org/showthread.php?t=294200

  • http://ubuntuforums.org/showthread.php?t=454234

  • http://ubuntuforums.org/showthread.php?t=1221961