I'm testing smart cards using ACR122U. However, when I put a card on it, Windows will automatically send APDU commands to it.
According to the question windows 8 disable smartcard plug and play, I disabled Smart Card Plug And Play. But I can still see the PIV selection which is called Winscard Discovery.
How can I disable this in Windows 10?
You have 3 solutions
1) Edit computer policies
Launch gpedit.msc
Section Computer Configuration --> Administrative Templates --> Windows Components --> Smart Card
Disable Smartcard driver popup:
Smart Card Plug and Play service: disable
Disable smartcard timeout on ISOB' card removing
Turn on certificate propagation from smartcard: disable
2) Disable smartcard filter (only to disable popup message)
To disable or enable the smartcard filter, use "DisableSCFilterWindows7.reg" and "EnableSCFilterWindows7.reg"
3) Install a dummy card provider
The dummy card provider will let the system to know the smartcards.Thus, it will not try to identify the card, sending commands,
and will not popup error message.
Sources: Notes from an ASK driver and https://support.microsoft.com/en-us/kb/976832
Related
I'm testing WebAuthn (https://webauthn.me) with the intent to implement it in a web portal. However, I need Windows users to be able to use Fingerprint sign in, not just USB Security Key.
When testing from Windows 10/Chrome (latest) I only get the option to use USB Security Key, even though the laptop has a built-in fingerprint reader that is connected to Windows Hello (I can sign into Windows with the fingerprint reader). Also PIN and Password are enabled in Windows hello.
I do not have a USB Security Key device, and have never had one setup with this computer.
However, when I test WebAuthn.me and click the Register button, I am prompted with the options "External security key or built-in sensor" and "Add a new Android phone". When I select the option "External security key or built-in sensor", Windows pops up a modal box asking me to set up my security key:
However, there is no option to use a fingerprint, PIN, or password instead.
Since the fingerprint reader and PIN/Password are integrated into Windows Hello, and actively working, why won't it let me choose any of those options instead of the physical USB Security Key? Is there a parameter in the WebAuthn request that I'm missing or possibly a registry change that needs to be made?
Note that WebAuthn.me works as expected on Android Chrome (option to use Lock Screen as the login method allows fingerprint, code, etc, to be used).
Thanks for any explanation of why Windows would hide the Fingerprint/PIN/Password options and only allow USB Security Key when Windows Hello already knows about the fingerprint reader, PIN and Password as legitimate ways to authenticate the user.
Windows Hello requires RS256 (alg: -257) to be added to the pubKeyCredParams array. Try using https://webauthn.me/debugger which enables this by default.
I'm trying to download a video rom the device portal I shot with the hololens app , but the file doesn't download when I select [save].
The state is similar to the example below but I am connected via wifi and connect to the device portal from the IP address of the hololens.
Is there another way to access Hololens LocalAppData other than the Windows Device Portal?
This is a known issue, and we're working hard to address these and have root caused most of them, with fixes being prepared for a device OS update. Besides, Firefox will work for some people, but it is not a reliable workaround.
You can try to download your video via Webbrowser or via the software Microsoft Hololens.
This is from the known issue. This worked for me on Chrome.
Workaround
This workaround, which applies equally to Wi-Fi and UsbNcm, is to disable the "required" option under "SSL Connection". To do so, navigate to Device Portal, System, and select the Preferences page. In the Device Security section, locate SSL Connection, and uncheck to disable Required.
The user should then go to http://, not https:// (IP address) and features like file upload and download will work.
I am trying to test my capsule from my device.
steps taken to test it:
Privately published capsule on Bixby studio (accepted)
Linked Samsung account to Bixby team
Enabled developer options on phone (Samsung galaxy 9)
Enabled On device testing + entered revision ID as it appears on Bixby Studio
Entered command "test" to which my capsule should respond
When "test" has been entered Bixby responds with "I couldn't understand that. Here are some Capsules your can try." Unfortunately, it does NOT show me capsules I can try neither given me the expected response.
Important note (maybe): I live and try to test in an European country where the Bixby marketplace is not available yet. VPN to US does not help either.
Can I still test my capsule on my phone?
To do on-device testing from Europe, you need to provision Bixby in the US for the phone you want to do testing on.
Go to Settings -> Apps -> Bixby Voice -> Storage Clear Data
Same as(1) but for Bixby Service Plug in a US-based SIM card
If you don't have a US-based SIM card, you can pull the SIM out and
connect device via VPN to a US-based server.
Start Bixby to start new provisioning process
It should be ok to do on-device testing.
Make sure you only sync one capsule during submission.
There is an easy way to test: you can load the revision number using IDE simulator's revision override feature. See attachment.
I have the following user agent, picked up from a website log:
Mozilla/5.0+(Linux;+Android+4.4.4;+Nexus+5+Build/KTU84P)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/37.0.2062.117+Mobile+Safari/537.36
How do I know which device/browser - Both android and Apple are mentioned.
Browsers - both Chrome and Safari are mentioned here!
thanks
It specifically mentions Nexus 5. Seems pretty clear that's Android. You got lucky, the device name was in the string.
The reason it mentions all of those is for compatibility purposes. If developers target specific devices by looking at the user agent string, then if you want your device to have all those features, you have to include the string so that it knows your device is also capable of the features of those devices.
For more info, see Why “Mozilla” string is present on all browser's User Agent?.
I am working with a c#.net application right now where I have smartcard authentication working properly, by allowing users to pick their digital certificate and enter their pin. However I want to do away with allowing the user to pick their certificate and have one of their certificates picked for them automatically(every user has the same certificates). This would make it so that when a user tries to enter the site, they are simply presented with a pin prompt. Any ideas on how to go about doing this? All the users I work with use Internet Explorer 7 and have workstations with ActivIdentity and Tumbleweed.
Write a Java applet to do the job at client side using PKCS#11 wrapper or, if you can restrict your users to use IE, create and use an ActiveX. I have already done both. For ActiveX you have to have it digitally signed to declare it as a safe ActiveX.
It is not straight forward task but I found Java applet easier to implement. The downside is that JRE (Java Runtime Environment) should already be installed at client side and plays nice with the browser. User also has to grant permission to the applet to connect to his smart card at first run.