Skip to main content

Middleware

Middleware is the communications link between applications on your computer and the specialised computer code located on the smartcard chip.

Page contents

Oberthur

All smartcard users must have Oberthur middleware installed on their devices. This transition allows us to deprecate Gemalto middleware and Gemplus smartcards, while also upgrading our Electronic Prescription Signing algorithm from SHA1 to SHA256, enhancing security. 

Note: the latest version contains no functional or feature enhancements and is targeted at trusts experiencing installation issues due to an expired certificate affecting Windows security. 

SR1 and SR5 are no longer supported or available and have been withdrawn.

You must remove any existing Oberthur middleware package before installing the latest version, as this is not an in-place upgrade but a like-for-like direct replacement.

Downloads

Download Oberthur middleware (64-bit).

The latest version of Oberthur middleware has been updated to resolve issues with the installer and support installation without pre-requisites. This allows the software to be deployed without the need for prior certificate publication.

Idemia (PIV)

The PIV middleware is essential for any interaction with series 9 smartcards. 

The middleware should already be present if automatic Windows updates are enabled. If it's not present, you should download the PIV mini driver and follow the installation instructions.

Download

Download Idemia PIV middleware (32-bit/64-bit) 

Please note that if you are using series 9 smartcards on remote infrastructure such virtual platforms including VDI (Virtual Desktop Infrastructure) you must install the PIV middleware on both the local device and the remote infrastructure.

Gemalto

Gemalto middleware is being retired, alongside series 4, 5 and 6 smartcards. You must make sure you have the latest version of Oberthur middleware installed on all machines to enable series 8 smartcards to work.

Read more about the deprecation of series 4, 5 and 6 smartcards.

Known issues with Gemalto middleware

1. Known security vulnerability in Gemalto middleware allowing for search order hijacking

Mandatory post-installation change: use Group Policy to add speech marks to a specific value in the Windows registry and then reboot the system. 

Registry key 

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GemSAFE Card Server 

Registry value name 

  • ImagePath 

Example: for the default installation location: 

  • ImagePath value with vulnerability addressed: 

  • “C:\Program Files (x86)\Gemalto\Classic Client\BIN\GCardSrvNT.exe” 

2. Unable to enable Memory and Code Integrity on Windows 11 Devices 

To enable this, you need to enforce it through the registry by following these steps:  

  • Open the Run dialog box by pressing Windows + R. 

  • Type regedit in the box and press Enter to open the Registry Editor. 

  • Head to the following path when Registry Editor opens: 
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    \Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity 

  • Double-click the Enabled key on the right. 

  • Type 1 in the Value data field and select OK. 

  • Close Registry Editor. 

  • Restart your PC by opening the Start menu, selecting the Power icon, and choosing Restart. 

Trusts can publish this via Group Policy to their wider estate. 

Last edited: 6 June 2025 2:41 pm