CAC/PIV Card Reader: New Expansion Card Proposal

The U.S. Government and by extension U.S. contractors make use of CAC/PIV Smartcard X509 authentication to log into their machines and log into Government-controlled websites. Dell & HP laptops for years have included CAC/PIV SmartCard readers into their chassis. I would love to A/B a Framework 16 against my company-issued Dell chassis to see if the juice is worth the squeeze, running Framework laptops in our daily operations. One pain point I already know will come about, is the lack of inherent CAC/PIV SmartCard readers built into the chassis, which our current Dell laptops integrate. For those with multiple SmartCards (myself included), we’re already carrying around a “2nd” SmartCard USB-A reader to supplement the integrated reader within our chassis. It wouldn’t be a show-stopper, but would be an annoyance to have to carry 2 readers, instead of having integrated Framework expansion cards that could support SmartCard(s).

I understand the size of CAC/PIV cards is about the size of a credit card, making this expansion card larger than the default “width/height” of an in-line expansion card. I’m curious if there is a way to elevate the actual “reader” slot above the horizontal plane of the other expansion slots; similar to how @Daniel-L mentioned with Fujitsu’s low-profile RJ-45 connector riser on the “Low profile ethernet expansion card” thread.

Example of “riser” bringing the connector above the horizontal plane of the other expansions cards; if excessive width is an issue.

I can say personally, my company is investigating Framework laptops as a new solution for our personnel as right now we’re paying thousands of dollars over “norm” per laptop for Dell chassis that invariably have hardware issues that require invocation of the support contract. We’d much rather have easy to repair, functional laptops. If a PIV SmartCard reader expansion card became available, that would be a cherry on top of an already enticing Framework platform to move towards.

1 Like

Wouldn’t it be possible to create some card reader that slots into the expansion and sits under the laptop body? It would increase the thickness a little bit, but the contacts could possibly sit inside the expansion module space and the card would slot in underneath.

That could work as well. I’m not opposed to bringing the card reader slot “down” instead of above the horizontal plane. In fact that might be better ergonomically since it would only need to clear the “port” of the adjacent slot(s) and then not impinge on lid closure etc…

I mentioned this in while back in the new expansion card fourm. I like this idea of how to implement it. After getting my FW16 I didn’t realize just how small the expansion cards are. Bringing it above or below where the ports are would prevent the CAC/PIV from blocking other ports.

1 Like

As I understand it, the numpad/macro modules use a distinct set of USB contacts. Perhaps a low profile reader could be built into that form factor? I dont know enough about the technology but, if it only needs the card once to sign in, it could be something as simple as a recess with pogo pins.
This does mean it would only work with the 16 of course, which is a shame.
With the 16 there’s also the possibility to use the expansion bay, a lot more room to work with, could possibily fit 2 side by side, though the cards would protrude from the chassis.

1 Like

Context; I’m belgian and described experiences apply to the general area of belgium, but due to strong identification policy within the European Economic Area (EEA) they also apply to almost the whole of EEA.

My company enforces the existence of a piv card reader on laptops too. Private digital authorities (PKI) are here to stay, but processes are being replaced to make use of internal trusted platform modules (TPMs) instead. There are also other formfactor options like yubikeys being applied, due to their flexibility being multi-protocol and second-factor verification options, when there is lack of exact requirements and lack of external regulations. Taking this in consideration it seems the business case for my situation becomes a strong nice-to-have until PIV cards themselves are phased out.

Most countries in europe also provision PIV ID-cards to their citizens, those cards are used at least once per year (for taxes). It varies by country, and the penetration of digital service (SAAS) availability that replace physical id cards with digital device-local accounts (again making use of TPM-like hardware), to get an average number of uses for private citizen use cases. I’d guess the private uses per card per year on average is below 2. Also on that front there are changes being implemented as recent as 5 years; the digital identity cards started embedding NFC chips. Within another 5 years an inbuilt NFC reader will always have as much value to a private citizen as a physical card reader.