I) Serves as a Plug-In (SIM-Sized) Smart Card Reader: The ACR100F SIMFlash is a reliable and cost-effective smart card reader for security-related applications. It is a plug-in SIM-sized smart card reader that, with the paired mass storage, enables you to do more than simply back up and manage your SIM card information on the PC. This package installs the software (SmartCard Reader Driver) to enable the following device. (New) Added support for Microsoft Windows 10 64-bit. Important Added support for Microsoft Windows 8.1 32-bit.

-->

This section describes the tasks that you must complete before you test a smart card reader by using the Windows Hardware Lab Kit (Windows HLK):

Hardware requirements

The following hardware is required for testing a smart card reader. You might need additional hardware if the test device offers other features. To determine whether additional hardware requirements apply, see the test description for each test that appears for the device in Windows HLK Studio.

• One test computer. The test computer must meet the Windows HLK requirements. For more information, see Windows HLK Prerequisites.

• The smart card reader that you want to test.

  Note

  If the device supports universal serial bus (USB), you must have two test devices to run the USB Serial Number test. For more information, see USB Serial Number.

• One Personal Computer / Smart Card (PC/SC) workgroup test card (from card set 2).

  This card set can be purchased from the PC/SC website. Test the product by using the smart cards that the PC/SC workgroup test card set includes. Do not include these smart cards with your test submission.

  Lirik lagu dan chord. Banyak lagu ADISTA yang bisa kamu dengarkan disini. Bebas instal aplikasi, pilih lagu yang Anda sukai dan mainkan.

• One of the following, depending on the type of connection that the smart card reader implements:

  • A USB 2.0 hub (if the card reader connects through a USB connection).

  • An IEEE 1394 controller (if the card reader connects through a 1394 connection).

Note

To certify your product for use on servers, the test computer must support four processors and a minimum of 1 GB of RAM. These system capabilities are required to test the Rebalance, D3 State, and Multiple Processor Group functionality of the device and driver. You do not need a computer that actually has more than 64 processors to test your device. Additionally, the server system(s) being used for device or driver testing must have Server Core installed prior to testing. For more information see Windows Server Installation Options.

If you use a pool of test computers to test devices, at least one computer in the pool must contain four processors and a minimum of 1 GB of RAM. Additionally, that computer must contain the device and the driver that you want to test. As long as the driver is the same on all the computers in the pool, the system creates a schedule to run against all test computers.

For tests that do not include a driver to test, such as hard disk drive tests, the Windows HLK scheduler constrains the tests that validate the device's and driver's Rebalance, D3 State and Multiple Processor Groups functionality to run on the default test computer. You must manually configure this computer to have multiple processor groups. The default computer is the first test computer in the list. Test personnel must make sure that the first test computer in the list meets the minimum hardware requirements.

Note

Except for para-virtualization drivers (as defined by the WHCP Policies and Processes document), you may not use any form of virtualization when you test physical devices and their associated drivers for server certification or signature. All virtualization products do not support the underlying functionality that is required to pass the tests that relate to multiple processor groups, device power management, device PCI functionality, and other tests.

Note

Multiple Processor Groups SettingYou must set the value for the processor group size for Hardware Lab Kit testing of Windows Server 2008 R2 and later device drivers for certification. This is done by running bcdedit in an elevated command prompt window, using the /set option. Hindi song aashiqon mein jiska title titanic mp3.

The commands for adding the group settings and restarting are as follows:

The commands for removing the group settings and rebooting are as follows:

Note

Code Integrity Setting

The Virtualization Based Security feature (VBS) of Windows Server 2016 must be enabled using Server Manager first.

Once that has occurred, the following Registry key must be created and set:

Software requirements

The following software is required for testing a smart card reader:

• The drivers for the test device.

• The latest Windows HLK filters or updates.

Test computer configuration

To configure the test computer for your test device, follow these steps:

1. Install the appropriate Windows operating system on the test computer, and then configure the computer for your test network. The test network is the network that contains Windows HLK Studio and Windows HLK Controller.

2. If the reader is an internal device, install the smart card reader in the computer. If the reader is an external device, attach a controller to the test computer, and then attach the reader to the external controller.

   If the test device is connected through the USB port, connect the USB 2.0 controller to the high-speed USB 2.0 hub, and then connect the test device to the downstream port of the high-speed USB 2.0 hub.

   Note

   Do not connect the USB test device directly to the root hub of the USB 2.0 controller.

3. If you have to install the manufacturer-supplied device driver on the test computer, do this now.

4. Verify that the smart card reader functions correctly on the test computer.

5. Install the Windows HLK client application on the test computer.

6. Use Windows HLK Studio to create a machine pool, and then move the test computer to that pool.

Make sure that the test computer is in the ready state before you begin your testing. If a test requires parameters to be set before it is run, a dialog box will be displayed for that test. Review the specific test topic for more information.

Some Windows HLK tests require user intervention. When running tests for a submission, it is a best practice to run the automated tests in a block separately from manual tests. This prevents a manual test from interrupting completion of an automated test.

This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.

Enable smart card-only login

Make sure that you carefully follow these steps to ensure that users will be able to log in to the computer.

1. Pair a smart card to an admin user account or configure Attribute Matching.
2. If you’ve enabled strict certificate checks, install any root certificates or intermediates that are required.
3. Confirm that you can log in to an administrator account using a smart card.
4. Install a smart-card configuration profile that includes '<key>enforceSmartCard</key><true/>,' as shown in the smart card-only configuration profile below.
5. Confirm that you can still log in using a smart card.

For more information about smart card payload settings, see the Apple Configuration Profile Reference.

For more information about using smart card services, see the macOS Deployment Guide or open Terminal and enter man SmartCardServices.

Disable smart card-only authentication

If you manually manage the profiles that are installed on the computer, you can remove the smart card-only profile in two ways. You can use the Profiles pane of System Preferences, or you can use the /usr/bin/profiles command-line tool. For more information, open Terminal and enter man profiles.

If your client computers are enrolled in Mobile Device Management (MDM), you can restore password-based authentication. To do this, remove the smart card configuration profile that enables the smart card-only restriction from the client computers.

To prevent users from being locked out of their account, remove the enforceSmartCard profile before you unpair a smart card or disable attribute matching. If a user is locked out of their account, remove the configuration profile to fix the issue.

If you apply the smart card-only policy before you enable smart card-only authentication, a user can get locked out of their computer. To fix this issue, remove the smart card-only policy:

1. Turn on your Mac, then immediately press and hold Command-R to start up from macOS Recovery. Release the keys when you see the Apple logo, a spinning globe, or a prompt for a firmware password.
   
2. Select Disk Utility from the Utilities window, then click Continue.
   
3. From the Disk Utility sidebar, select the volume that you're using, then choose File > Mount from the menu bar. (If the volume is already mounted, this option is dimmed.) Then enter your administrator password when prompted.
4. Quit Disk Utility.
5. Choose Terminal from the Utilities menu in the menu bar.
6. Delete the Configuration Profile Repository. To do this, open Terminal and enter the following commands.
   In these commands, replace <volumename> with the name of the macOS volume where the profile settings were installed.
   rm /Volumes/<volumename>/var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Settings/.profilesAreInstalled
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Store/ConfigProfiles.binary
rm /Volumes/<volumename>/var/db/ConfigurationProfiles/Setup/.profileSetupDone
7. When done, choose Apple () menu > Restart.
8. Reinstall all the configuration profiles that existed before you enabled smart card-only authentication.

Configure Secure Shell Daemon (SSHD) to support smart card-only authentication

Users can use their smart card to authenticate over SSH to the local computer or to remote computers that are correctly configured. Follow these steps to configure SSHD on a computer so that it supports smart card authentication.

Update the /etc/ssh/sshd_config file:

1. Use the following command to back up the sshd_config file:
   sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup_`date '+%Y-%m-%d_%H:%M'`
   
2. In the sshd_config file, change '#ChallengeResponseAuthentication yes' to 'ChallengeResponseAuthentication no' and change '#PasswordAuthentication yes' to '#PasswordAuthentication no.'

Then, use the following commands to restart SSHD:

sudo launchctl stop com.openssh.sshd

sudo launchctl start com.openssh.sshd

If a user wants to authenticate SSH sessions using a smart card, have them follow these steps:

1. Use the following command to export the public key from their smart card:
   ssh-keygen -D /usr/lib/ssh-keychain.dylib
2. Add the public key from the previous step to the ~/.ssh/authorized_keys file on the target computer.
3. Use the following command to back up the ssh_config file:
   sudo cp /etc/ssh/ssh_config /etc/ssh/ssh_config_backup_`date '+%Y-%m-%d_%H:%M'`
4. In the/etc/ssh/ssh_config file, add the line 'PKCS11Provider=/usr/lib/ssh-keychain.dylib.'
   

If the user wants to, they can also use the following command to add the private key to their ssh-agent:

ssh-add -s /usr/lib/ssh-keychain.dylib

Enable smart card-only for the SUDO command

Use the following command to back up the /etc/pam.d/sudo file:

sudo cp /etc/pam.d/sudo /etc/pam.d/sudo_backup_`date '+%Y-%m-%d_%H:%M'`

Then, replace all of the contents of the /etc/pam.d/sudo file with the following text:

Enable smart card-only for the LOGIN command

Use the following command to back up the /etc/pam.d/login file:

sudo cp /etc/pam.d/login /etc/pam.d/login_backup_`date '+%Y-%m-%d_%H:%M'`

Then, replace all of the contents of the/etc/pam.d/login file with the following text:

Enable smart card-only for the SU command

Use the following command to back up the /etc/pam.d/su file:

sudo cp /etc/pam.d/su /etc/pam.d/su_backup_`date '+%Y-%m-%d_%H:%M'`

Then, replace all of the contents of the/etc/pam.d/su file with the following text:

Sample smart card-only configuration profile

Here’s a sample smart card-only configuration profile. You can use it to see the kinds of keys and strings that this type of profile includes.