Symantec Endpoint Encryption Smart Card Support for preboot authentication

book

Article ID: 160823

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Symantec Endpoint Encryption 11.x typically supports any generic USB CCID-compatible readers that you connect to a USB 2.0 port, although not all readers are guaranteed to work, or are officially supported.  Before deploying to production, ensure the card readers are thoroughly tested to ensure they will work in the production environment. USB 3.0 is supported starting in Symantec Endpoint Encryption 11.1.3 for UEFI systems only.

Smart Cards are supported for BIOS systems beginning with Symantec Endpoint Encryption version 11.0.0 and above, while support for Smart Cards on UEFI systems was added with Symantec Endpoint Encryption version 11.0.1 and above. Current versions of the product support both BIOS and UEFI systems.

Resolution

Symantec Endpoint Encryption 11.x supports the following Personal Identity Verification (PIV) cards and Answer to Reset (ATR) numbers:

  • Gemalto Cyberflex Access 64K v2c
    ATR - 3b 95 95 40 ff ae 01 03 00 00
     
  • Gemalto ID Prime .NET
    ATR - 3b 16 96 41 73 74 72 69 64
     
  • G&D [email protected]é Expert 80K DI v3.2
    ATR - 3b 7a 18 00 00 73 66 74 65 2d 63 64 30 38 30
     
  • G&D [email protected]é Expert 144K DI v3.2
    ATR - 3b 7a 18 00 00 73 66 74 65 20 63 64 31 34 34
     
  • Gemalto TOP DL GX4 144K FIPS
    ATR - 3b 7d 96 00 00 80 31 80 65 b0 83 11 11 ac 83 00 90 00
     
  • HID Global Crescendo JCOP 21 version 2.4.1 R2 64K
    ATR - 3b d9 96 ff 81 31 fe 45 43 52 45 53 43 45 4e 44 4f ff
     
  • Oberthur 64K CosmopolIC v5.2
    ATR - 3b 7b 18 00 00 00 31 c0 64 77 e3 03 00 82 90 00
     
  • Oberthur CS PIV End Point v1.08 FIPS201 Certified
    ATR - 3b db 96 00 81 b1 fe 45 1f 03 80 f9 a0 00 00 03 08 00 00 10 00 18
     
  • Oberthur ID-One Cosmos v7.0
    ATR - 3b df 96 00 81 b1 fe 45 1f 83 80 73 cc 91 cb f9 a0 00 00 03 08 00 00 10 00 79
     
  • Oberthur ID-One 128 v5.5 Dual
    ATR - 3b db 96 00 80 1f 03 00 31 c0 64 b0 f3 10 00 0f 90 00 88
    ATR - 3b db 96 00 80 1f 03 00 31 c0 64 b0 f3 10 00 07 90 00 80

As of version 11.1.2, Symantec Endpoint Encryption supports the following PIV CAC v2 smart cards on systems runnning in BIOS mode:

  • G&D SmartCafe Expert 144K DI v3.2
    ATR - 3b 7a 18 00 00 73 66 74 65 20 63 64 31 34 34
     
  • Oberthur C128K v5.5 Dual
    ATR - 3b db 96 00 80 1f 03 00 31 c0 64 b0 f3 10 00 07 90 00 80
     
  • Gemalto TOP DL GX4 144K FIPS
    ATR -  3b 7d 96 00 00 80 31 80 65 b0 83 11 17 d6 83 00 90 00

As of version 11.2.0, Symantec Endpoint Encryption supports the following PIV CAC v2 smart cards:

  • G&D SmartCafe Expert v7.0 144K DI
    ATR: 3B F9 96 00 00 80 31 FE 45 53 43 45 37 20 03 00 20 46 42
     
  • Oberthur ID-One Cosmo v8.0 128K with PIV 2.4.0
    ATR: 3B D6 97 00 81 B1 FE 45 1F 87 80 31 C1 52 21 19 48

For more information about the latest Symantec Endpoint Encryption system requirements, see the following articles: