Solution Description and Components
This section provides a high-level overview of the SafeNet IDPrime Virtual Server/Client solution.
Virtual Smart Cards emulate the functionality of physical smart cards. The SafeNet IDPrime Virtual (IDPV) solution offers comparable security benefits to physical smart cards by using client/server technology. To improve the solution’s security level, all Virtual Smart Card certificates are stored on a remote server located in a secured location and protected by a Hardware Security Module (HSM).
Today, most applications are cloud-based. With the multiplication of devices, you need a solution that can meet your security requirements and enable all use cases (VDI, BYOD, contractors, backup, and mobility) on selected device. IDPV Smart Card is available on a user’s device to be used in any PKI application.
With IDPV, users can carry out PKI-based operations on the selected device, without the need for a physical smart card or USB token. Virtual smart cards enable users to access apps that require PKI-based authentication – even on devices that don’t support PKI smart cards.
As part of the security design of the IDPV solution, logging into a virtual smart card from two different SafeNet Authentication Clients (SAC) causes the first smart card to log out from the SAC. Therefore, if it is required to update virtual smart card again from the first client, you must to re-insert the virtual smart card on the first client to refresh its state.
The following diagram illustrates the interactive overviwew of IDPV components:
SafeNet IDPrime Virtual solution provides the following components:
Server Components
-
IDPrime Virtual, Signature Server (Server): The component that manages the smart cards and the keys on the backend.
-
SafeNet IDPrime Virtual Server Supported Databases:
- MariaDB Database
- MSSQL Database
- MySQL Database
- PostgreSQL Database
- Oracle Database Enterprise and Express Edition
-
SafeNet IDPrime Virtual Server Supported HSMs:
- Protects SafeNet IDPrime Virtual Database
- SafeNet Luna 6/7.3/7.7 Support
- KeySecure
- DPoD
-
SafeNet IDPrime Virtual Server Supported Identity Providers:
- SafeNet Trusted Access
- PingFederate
- Okta
- Keycloak Agent for SAS PCE
- Keycloak Server
- DigiD
Client Components
- Safenet IDPrime Virtual Client (Smart card): The smart card present on the desktop (Windows and Linux) and mobile applications (Android).
- Middleware and Virtual Reader (SAC or Minidriver): The component that intereacts with the smart card.
Optional Components
- SafeNet IDPrime Virtual SDK: For developers who want to build proprietary apps
The following diagram illustrates the detailed interaction of IDPV key components:
The SafeNet IDPrime Virtual solution provides the following services: