SEFIROT Smart Card PKI Bio Logon for Citrix® XenApp TM

The unique Sefirot Smart Card PKI Bio Logon solution comprises a number of components and services that leave nothing wanted in terms of security, data protection, robustness and ease of handling.

Strong Two-Factor Authentication

An excellent authentication solution – two factors – for every business. With Smart Card and Fingerprint that is to say – materially and physically – the advantages of strong PKI-based smart card authentication are finally made available for you.

Product Highlights

  • Citrix XenApp TM support
  • Strong PKI-based two-factor Authentication
  • Single Sign-On aware
  • Storage and check of the fingerprints on the smart card
  • No central storage of fingerprints in a data base
  • Rapid and reliable thanks to thoroughly developed hard- and software components

Data Protection

The smart card is the secure storage of your fingerprints; the checking of a finger positioned is done also on the smart card itself. MegaMatcher On Card, the on-card finger recognition routine, employed worldwide with all major projects, is an integral part of the Sefirot Smart Card PKI Bio Logon solution.


The critical components of a secure access protection (secure logon), namely an appropriate Public Key Infrastructure and Smart Cards, are employed with all Sefirot Logon solutions.

Given a successful Match-On-Card a key- and certificate-based authentication (PKI) will be initiated and executed. The smart card holds the keys and certificates required for this.

Waiving the Public Key Infrastructure (PKI) would – after a successful Match-On-Card – accept a non-secure user password from the card and hand it over to the Logon dialogue. This is contrary to the design intentions. As the example shows: a secure logon depends fully on Smart Card and PKI.

Single Sign-On (SSO)

The Smart Card PKI Bio Logon injected ahead of a Single Sign-On step is the ideal protection for an SSO process. Once the strong two- factor authentication is executed the less secure SSO can now – without concern – be employed, automated and password-protected access of one’s applications preserved.

The Smart Card PKI Bio Logon can be applied without concerns with known SSO solutions. With the SEFIROT Single Sign-On there is an efficient and powerful SSO solution available.

Personalization / Card Roll Out

The personalization (with contact, contactless, optical) and issuance of smart cards can sovereignly be controlled by the SCLM – the Sefirot Smart Card Life Cycle Manager. All events in the card personalization/-admin context have been perfectly well arranged. Every card issued can simply be pursued over its whole life cycle.