cancel
Showing results for 
Search instead for 
Did you mean: 
RangerZ
Level 4
105 60 1 2
Message 1 of 10
12,541
Flag Post

Solved!

Alcor Micro Smart Card Reader Driver -OR- Realtek USB and PCIe Media Card Reader Drivers

HP Recommended
Elitebook 840 G1
Microsoft Windows 7 (64-bit)

I have some Elitebook 840 G1 units, vintage 2013 or so. 

 

I am trying to update drivers and currently have the "Realtek PCI Card Reader" under "Memory Technology Driver" in device manager.  There is a year newer Alcor driver and I'm not sure if this is the same device or not. 

 

If it is a different device, how does one determine the hardware device installed?

 

SD Card Reader, Elitebook 840 G1

1 ACCEPTED SOLUTION

Accepted Solutions
Paul_Tikkanen
Level 21
Level 21
132,210 122,387 20,117 30,849
Message 2 of 10
Flag Post
HP Recommended

Hi:

 

The realtek SD card reader driver is for the sd card, and the Alcor driver is for a smart card, or CAC (Common Access Card) card as they are also called.

 

A CAC allows someone to log on to the PC.

 

 

View solution in original post

9 REPLIES 9
Paul_Tikkanen
Level 21
Level 21
132,210 122,387 20,117 30,849
Message 2 of 10
Flag Post
HP Recommended

Hi:

 

The realtek SD card reader driver is for the sd card, and the Alcor driver is for a smart card, or CAC (Common Access Card) card as they are also called.

 

A CAC allows someone to log on to the PC.

 

 

View solution in original post

RangerZ
Author
Level 4
105 60 1 2
Message 3 of 10
Flag Post
HP Recommended

Thanks for the clarification. I think this was one of those cases of reading what you want to see.  Smart card vs SD card.

 

So I see the device is enabled in the Ports section of the BIOS, but I do not see any errors in the device manager.  Not sure if I have already installed this, but not clear where it should show in device manager.  Can you help?

0 Kudos
Paul_Tikkanen
Level 21
Level 21
132,210 122,387 20,117 30,849
Message 4 of 10
Flag Post
HP Recommended

You're very welcome.

 

Unfortunately, I don't know where to look, and most of the time the device does not show up unless you insert a SD card or a CAC.

RangerZ
Author
Level 4
105 60 1 2
Message 5 of 10
Flag Post
HP Recommended

Actually your are right.  When I pull the SD card the device just goes away.

 

0 Kudos
David_J_W
Level 7
917 915 89 267
Message 6 of 10
Flag Post
HP Recommended

Common Access Card is a smart card issued by the US Department of Defence. The latest CACs - perhaps all current CACs - conform to the Personal Identity Verification (PIV; FIPS 201) standard.

 

There are other smart cards used in various systems. For example, you can use most built in smart card readers with a PGP card if you choose to carry PGP credentials in that format.

 

 

I carry my personal certificate for S/MIME e-mail and my PGP credentials in a Yubikey NEO; it is much more convenient for me to use a USB device rather than require smart card readers on all the systems I use. The Yubikey also supports U2F (the security key standard used by Google and other companies on the web), is a secure store for OTP credentials that are used for two-factor authentication on many web sites (the sort that are issued as a QR code and result in a 6 or 8 digit number) and has a proprietary one time password system used by web sites such as LastPass for two factor authentication.

 

 

There are relatively few private individuals who use smart cards with computers, though most bank cards are now smart cards.

 

 

As you rightly note, Paul, the various card readers tend to disconnect from the system when no card is inserted, so it is often necessary to insert a card to update the drivers.

RangerZ
Author
Level 4
105 60 1 2
Message 7 of 10
Flag Post
HP Recommended

David, your reply is extremly helpful and relevant (along with your reply to my other post). 

 

I am not a true IT person, but manage the computers for a small company(12) and have a small number working remote over VPN.  I am looking for a physical device that I can use that will basicly make the computer useless unless connected.  Unfortunaly I fear thier loss by the user.  

 

I have spent a few minutes reading up on the terms in your reply and have seen the YupiKey in the past.  Just got overwhelmed.  Maybe 2 questions please.

Is the PC useable without the key or is the key just storing passwords and credentials?

Does this have anything to do with encrypting the device? 

0 Kudos
David_J_W
Level 7
917 915 89 267
Message 8 of 10
Flag Post
HP Recommended

You can do so many different things with a YubiKey.

 

My applications for these devices are all about securing trusted credentials used once the system is up and running. However, you can use the smart card functionality of all the current YubiKeys other than the U2F only key (that's the 4 series, NEO and the FIPS range) to secure all manner of services and applications including VPN applications. You can also login to Windows via smart card if you have the right back-end infrastructure.

 

 

If you have a Windows Server, this has all the software you need to set up a local certificate authority and authentication infrastructure for certificate authentication of users (including authentication of other services using RADIUS - notably including login to Wi-Fi networks). However, this is a fairly complex thing to do correctly, especially when it comes to securing the root certificate of the certificate authority and ensuring the purposes of your certificate authority are appropriately constrained so as not to introduce security risks.

 

If you do not already have a Windows domain to which all devices authenticate by password, there are further steps to go through, including upgrading all devices with Windows 10 Home to Windows 10 Pro (domain join is unavailable in the Home version of Windows). If you want to be secure, you should be using Windows 10 Pro with BitLocker or another disk encryption solution in any event.

 

There are ways to do the server end of all this without a Windows Server, but these typically involve the use of open source software that is not easy to configure correctly, such as FreeRADIUS and Samba.

 

 

Creating user certificates on YubiKeys is definitely a good move as part of introducing certificate based authentication. The PIN that protects the certificate is kept on a secure element; after so many incorrect PIN entries, the certificate is put beyond use and a new one needs to be issued.

 

I wish it was as simple as buy a bunch of YubiKeys and hand them out. If you want an overview of what is involved, read Yubico's white paper on smart card deployment, though be aware that this assumes you already have - or know how to set up - a Windows Active Directory domain.

0 Kudos
RangerZ
Author
Level 4
105 60 1 2
Message 9 of 10
Flag Post
HP Recommended

Thanks for this info.

 

We do have R2008R2 and Win 7Pro, but I am hoping to upgrade all to 2016 And 10Pro or Ent in the spring.  At first glance, with my understanding and percieved depth, seems like I should roll these in together.

0 Kudos
David_J_W
Level 7
917 915 89 267
Message 10 of 10
Flag Post
HP Recommended

If it was me, I'd move to Windows Server 2016 (or whatever version is current come the Spring) and Windows 10 Pro on one client computer, then buy a couple of YubiKeys and experiment with certificate based authentication.

 

If you get all this right, it will solve a lot of headaches - though don't forget to make some provision for scenarios when the Windows Server is unavailable. One possibility is to use Azure and ADFS to give you a level of redundancy in the cloud; there are undoubtedly other approaches.

0 Kudos
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation