Name: CRYPTAS it-Security
Address: Franzosengraben 8, 1030 Vienna, Austria


CAVE is server-based smart card middleware without a client: clientless smart card communication. This technology is being implemented in more and more projects – especially through online services with a requirement of secure authentication and digital signature.

CAVE is a system to use tokens and devices like a smart card for authentication and signature processes without the need of client side middleware or software installation. It offers also the usage of server side virtual smart cards in combination with other authentication mechanisms like one time passwords (OTP).

When operating a system for a many users in a heterogeneous environment, the costs increase dramatically with the number of components needed on the unmanaged clients.

CAVE removes the complexity from the client to get the following advantages:

  • No extra support for different client platforms
  • No influence of different middleware in multi-card environments
  • No dependency of client configurations (applications, firewalls, antivirus ..)
  • No client side updates, enhancements are immediately for all available
  • Functionality:

The CAVE system has a server-based middleware which has implemented the drivers for different tokens and profiles. There are the necessary commands created and transferred via standard web technology to the client. On the client side these commands have only to be transmitted to the token which is done by base libraries available on nearly every operating system.

Cryptas CAVE

One of the key advantages is that the place where the commands are generated is moved to an environment which can be well protected. By using mechanism like secure messaging a direct secure channel can be established from this environment direct to the token.

Additional mechanisms in a kind of virtual tokens can be used in combination with other authentication methods in case the tokens are not available.

On the backend multiple systems can be interfaced like federated identity management (FIM), mobile device management (MDM), business applications (e.g. OWA) and others.

  • Category: Strong Authentication
  • Type: Server component that can be hosted online or integrated in an environment
  • Availability:

The platform is available online for testing purposes.


Technical requirements:
To evaluate token based authentication a supported device like a smart card is needed. Please get in contact with Cryptas directly.

  • Interfaces & Protocols:

CAVE supports standard authentication protocols like RADUIS but can also be directly interface by its own authentication API for custom integration. It is also designed to be integrated in identity providers as the authentication module to support the SAML protocol.

  • Terms & Conditions of use:

The CAVE platform is free to evaluate but has to be licensed for productive use.

  • Additional information:

CAVE can be used to enrich Web portals with strong authentication, signature and encryption.

For custom applications and especially mobile applications an API is offered for easy integration.