Skip to main content

Middleware

Middleware is the communications link between applications on your computer and the specialised computer code located on the smartcard chip.

Page contents

Oberthur

All smartcard users must have Oberthur middleware installed on their devices. This transition allows us to deprecate Gemalto middleware and Gemplus smartcards, while also upgrading our Electronic Prescription Signing algorithm from SHA1 to SHA256, enhancing security. 

Note: the latest version contains no functional or feature enhancements and is targeted at trusts experiencing installation issues due to an expired certificate affecting Windows security. 

SR1 and SR5 are no longer supported or available and have been withdrawn.

You must remove any existing Oberthur middleware package before installing the latest version, as this is not an in-place upgrade but a like-for-like direct replacement.

Downloads

Download Oberthur middleware (64-bit).

The latest version of Oberthur middleware has been updated to resolve issues with the installer and support installation without pre-requisites. This allows the software to be deployed without the need for prior certificate publication.

Idemia (PIV)

PIV Middleware is essential for any interaction with PIV smartcards, including series 9 and, from late Spring 2026, series 10.

When a smartcard is inserted, if automatic driver updates are enabled through Windows Update, the middleware will install automatically. If they are not, you should download the PIV Minidriver and follow the installation instructions.

Download

Standalone Series 9 only (32-bit/64-bit)
Standalone Combined Series 9 & 10 (64-bit)

If you are using PIV smartcards (series 9 and 10) on remote infrastructure, like virtual platforms including VDI (Virtual Desktop Infrastructure), it is mandatory for the PIV middleware to be installed both on the local device and the remote infrastructure.

Note: if you already have the standalone series 9 version installed, you will need to uninstall it (no reboot required) before installing the combined version. After you've installed the new combined version, you'll need to reboot your system for the changes to take effect.

Gemalto

Gemalto middleware is being retired, alongside series 4, 5 and 6 smartcards. You must make sure you have the latest version of Oberthur middleware installed on all machines to enable series 8 smartcards to work.

Read more about the deprecation of series 4, 5 and 6 smartcards.

Known issues with Gemalto middleware

1. Known security vulnerability in Gemalto middleware allowing for search order hijacking

Mandatory post-installation change: use Group Policy to add speech marks to a specific value in the Windows registry and then reboot the system. 

Registry key 

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GemSAFE Card Server 

Registry value name 

  • ImagePath 

Example: for the default installation location: 

  • ImagePath value with vulnerability addressed: 

  • “C:\Program Files (x86)\Gemalto\Classic Client\BIN\GCardSrvNT.exe” 

2. Unable to enable Memory and Code Integrity on Windows 11 Devices 

To enable this, you need to enforce it through the registry by following these steps:  

  • Open the Run dialog box by pressing Windows + R. 

  • Type regedit in the box and press Enter to open the Registry Editor. 

  • Head to the following path when Registry Editor opens: 
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    \Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity 

  • Double-click the Enabled key on the right. 

  • Type 1 in the Value data field and select OK. 

  • Close Registry Editor. 

  • Restart your PC by opening the Start menu, selecting the Power icon, and choosing Restart. 

Trusts can publish this via Group Policy to their wider estate. 

Last edited: 6 November 2025 12:08 pm