Authentication by Smart cardRequirementsIntroductionTo use the authentication by smart card, the smart card and the smart card reader must complywith the following requirements:Requirements for the smart cardThe smart card is a PKI card compatible with MS Active Directory Certificates Services.Compatible smart cards• Gemalto IDPrime MD and Gemalto IDPrime .NET (formerly Cryptoflex .NET)• HID Global Corporation: Crescendo MiniDriver (formerly named Crescendo C1150)Smart card configurationThe smart card embeds:• The user valid certificates: all the root and intermediate CA certificates used in the certificatechain.'DER encoded binary X.509 (.CER)' and 'Base-64 encoded X.509 (.CER)' formats are supported.• The URL of a revocation server which checks the validity of the user certificate (using 'OnlineCertificate Status Protocol').In case the URL of the revocation server is not embedded into the smart card, you will have todeclare the URL in Océ Express WebTools (in the 'Security' - 'Trusted Certificates' - 'ForcedURL of OCSP responder' setting).• The PIN of the card, if needed.Compatible smart card readers• HID Global Corporation: OMNIKEY 5x2x products• Identive infrastructure (formerly SCM Microsystems Inc.): SCR33x products• Gemalto: IDBridge products (formerly GEMPC/GEMPLUS)• Advanced Card Systems Holdings Limited: ACR1281U product (contact support only)• HID Global Corporation: OMNIKEY 3x2x products** Only for Océ PlotWave 345/365/450/500 and Océ ColorWave 500/700 R4.1 and higher.Most of the smart card readers which are plug and play compatible with Windows 8 arecompliant.Additional information- Contact your Canon representative in case you want to use a smart card or a smart card readerwhich is not recorded in the above lists.- Plug the smart card reader into the USB port (contact your local Canon representative).- The only network communication performed during authentication with a smart card is the onewith the revocation server. The information on the smart card and the information on the ExpressWebTools settings are checked against the one which is stored in the revocation server.Authentication by Smart card176 Chapter 4 - Security on Océ PlotWave 345/365 and Océ PlotWave 450/550