Citrix Receiver with BAI CAC reader

Citrix Receiver now supports Android smart-card authentication

Many federal agencies have taken steps to begin implementing mobile work environments, though security remains a concern. When GCN last year reviewed the Citrix Receiver software, we found it had good security for in-transit data, but did nothing for securing the endpoint — the mobile device being used by the mobile employee.

That should change now that Citrix has announced that Citrix Receiver supports the Biometric Associates baiMobile 3000MP Bluetooth Smart Card Reader and the baiMobile 301 USB Smart Card reader. It will enable Common Access Card and Personal Identity Verification holding users to access Citrix applications and virtual desktops via compatible Android devices.

The baiMobile 3000MP Bluetooth Smart Card Reader has been approved by the Defense Information Systems Agency for use in the Defense Department and meets both the National Security Agency and DISA requirements for secure Bluetooth communications. 

After the card reader pairs to an Android smart phone or tablet via Bluetooth, Citrix Receiver can communicate through the stack to pass the credentials to a Citrix XenDesktop or Citrix XenApp back-end framework and securely authenticate a user via his CAC credentials to a session running safely in the data center. When coupled with Citrix Netscaler to provide FIPS 140-2 Level 2 hardware encryption, every user session is secure, and no resident data remains on the Android device that could potentially compromise security.

“Today’s focus is largely about enabling mobility for the defense sector, and we are in the midst of a powerful convergence of necessity, the need for the defense sector to do more with less and a growing consumer demand for anytime-anywhere connectivity,” said Tom Simmons, area vice president of public sector for Citrix.  “These realities, fueled by important defense policy drivers, such as the DOD Mobile Strategy, are driving new mobile requirements.”

Citrix Receiver can also now be used with other solutions, such as Citrix XenMobile and Citrix CloudGateway, as part of an Enterprise Mobility Management strategy, and feds can gain additional benefits such as enabling mobile thin client computing. When coupled with XenMobile, defense agencies can deploy this Citrix Receiver capability automatically to all Androids in a department with a just a few clicks. It also can fully wipe Citrix Receiver from a “bring your own device” Android should an employee and/or contractor leave the agency. 

Users can also connect to remote virtual desktops and applications, while accessing native Android applications from an agency application store when using CloudGateway. That means that CloudGateway can elevate Citrix Receiver from an independent computing architecture client to a comprehensive solution with secure access to native applications, Web, and software-as-a-service applications, and with follow-me data through ShareFile.

As agencies move to mobile computing, CAC and PIV authentication of smart phones and other mobile devices becomes more important. In 2012, Thursby Software released the PKard Reader, the first smart-card authentication reader for iOS devices. The reader, and a free app, are FIPS 140-2 validated, work with CAC, PIV, PIV-Interoperable and Commercial Identity Verification cards, and have been put to use in agencies across government.

Reader Comments

Fri, Jun 27, 2014 Jeff Scott Washington, DC

I would like to make mention that the full line of Tactivo smart card readers are also supported in the new Citrix releases. Tactivo supports the full line of iOS devices through slick, light-weight, certified and made in the USA readers.

Tue, Jun 25, 2013 Faisal Iqbal

The Bluetooth connection is fully encrypted for secure FIPS 201 credential transmission and has been approved by DISA for CAC use. Additionally BAI also has direct connect readers which can also be leveraged for this solution.

Mon, Jun 24, 2013 manjunatha K.E Bangalore

Good

Thu, Jun 20, 2013 Tyler

Yes you can read the specs on their website, but if it's really a concern the 301 is a 10-pin connector that will connect to several android devices and would aliviate the security issues. I'm still waiting to see if anyone has actually gotten one of these to work on an android phone or tablet. At half the cost for the reader and half the cost for the annual maintenance fee I think the wired version is a lot more attractive. Before I spend that much though I definately want to see it work with the new enterprise mail.

Tue, May 28, 2013 DC Fed Washington DC

The card reader is reported as connecting to the android phone via bluetooth. bluetooth is a limited range, broadcast service. Does anyone know if the connection between the phone and the reader is encrypted and is also secure? Might like this better if it was using the phone's wifi with a WEP/WAP or WPS security scheme.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above