IDPrime MD 8840 and IDCore 8030

Download Report

Transcript IDPrime MD 8840 and IDCore 8030 

Identity and Access
IDPrime MD 8840 and IDCore 8030
MicroSD cards
Didier Bonnet
February 2015
MicroSD slots deployment
As of today, MicroSD cards are compatible with most of the
Android and Windows platforms, but not the iOS ones
2
Gemalto MicroSD cards range
8 GB or 16 GB
Flash Memory
Microcontroller
IDPrime
MD Secure
Chip
Secure MicroSD cards embedding the same secure
chip as the Gemalto IDPrime MD smart cards
IDPrime MD 8840 – 8GB or 16GB:
IDCore 8030 – 8GB or 16GB:
PKI enabled
Pure Java platform
3
IDCore 8030 features
Secure MicroSD equipped with 8 or 16 GB Flash memory
Compliant with the SD Association specifications and the ASSD protocol
Java platform compliant with Java Card v2.2.2 and Global Platform v2.1.1
Secure chip EAL5+ certified, memory size of 80 KB (standard) or 160 KB
(option)
Support of all the most recent cryptographic algorithms including RSA
2048 and Elliptic Curves
High security level certifications on request: FIPS140-2 Level 3 or
Common Criteria EAL5+
Gemalto Java applets in option: OTP-OATH, MPCOS
Drivers for Android, Windows 7 / 8.x, Linux and BlackBerry OS
More details
4
IDPrime MD 8840 features
Secure MicroSD equipped with 8 or 16 GB Flash memory
Compliant with the SD Association specifications and the ASSD protocol
PKI applet: Same features as the Gemalto IDPrime MD smart cards
Support of all the most recent cryptographic algorithms including RSA 2048
and Elliptic Curves
Certification Common Criteria EAL5+ / PP SSCD for Qualified Signature
or FIPS 140-2 Level 3. FIPS140-2 Level 3 certification on request.
OTP- OATH applet in standard, MPCOS applet in option
Easy connection to a Windows PC through a PC/SC driver
Supported by the IDGo 800 middleware on Android and Windows 7 / 8.x
Linux on request
More details
5
Marking specifications
Standard marking
2
Marking customization:
On request
6
6
Packaging specifications
Standard packaging: Stuck in a
white ISO format plastic card.
50 units per box.
Option: Graphical customization of
the plastic card
Option: JEDEC 4 x 16 units trays
7
Common features with the IDPrime MD
card srange
IDGo 800 middleware and SDK
3rd party client applications
Test tools
Middleware
PKI Crypto Layer API
SDK
OTP API
PC-SC like API
USB OTG (*)
driver
NFC driver
Other reader
drivers
Other Secure
Elements
TEE (*)
IDPrime cards
(*) OTG: On-The-Go = USB Master
TEE: Trusted Execution Environment
9
IDPrime cards positioning statement
Gemalto helps organizations protect and manage their
logical, physical, and cloud-based data assets. Our
strong multi-factor authentication solutions support a
range of form factors and authentication methods
providing the highest level of protection.
Minidriver
enabled PKI
Cards
1
0
IDPrime
10
IDPrime cards range
A common set of features
Key Product Features
IDPrime .NET
510
IDPrime .NET
5500
IDPrime MD
3810
Released !
IDPrime MD
830
Released !
IDPrime MD
3840
Released !
IDPrime MD
840
Released !
Base CSP






PKCS#11





RSA






On board PIN Policy






Multi PIN support







Biometry support

Dual interface
(contact / contactless & NFC support)
FIPS 140 -2 Level 3 certif.
(platform + PKI applet)
FIPS 140-2 Level 2 certif
(platform + PKI , OTP & MPCOS app)
Platform
only
Platform only


CC EAL5+ / Javacard &
CC EAL5+ / PP SSCD (Java+applet)
Elliptic Curves
OTP OATH option
MPCOS applet option















11
Value Proposition: IDPrime MD as Corporate Badge
WE TARGET
Enterprises, Universities & Governments who need
to secure the access to their data, network & cloudbased assets from both PCs and mobile devices
THE
SOLUTION
The IDPrime MD offers all the services of a smart
card based Corporate Badge plus the full
compatibility with the NFC interface of smartphones
and tablets.
BENEFITS
IDPrime MD allows card holders to securely and
easily access all their applications whatever their
location.
DIFFERENTIATOR
The IDPrime MD, associated with the IDGo 800
middleware suite, is the only Corporate Badge
operating on any OS, Plug & Play under Windows,
and via NFC with mobile devices.
12
12
IDPrime MD key benefits
1/2
Plug & Play PKI smart cards
 Native support on Windows up to 8.1
 IDGo 800 middleware suite: Minidriver, PKCS#11, Credential Provider, tools
Ready for Mobile Security
 Dual interface capability ISO 14443 and NFC compliant)
Security level even beyond Digital Signature regulations
 FIPS 140-2 Level 3
 CC EAL5+ / PP SSCD
Various form factors and authentication methods
 Contact / dual / hybrid smartcard or token
 Both PKI and OTP authentication are available
13
IDPrime MD key benefits
2/2
Enhanced cryptographic support
 PKI services with both RSA and Elliptic curves
E-purse option with MPCOS applet
Flexible security policy
 Extended on-board PIN Policy
 Optional Microsoft Secure Key Injection service
Wide eco-system integration
14
Digital Signature regulations
IDPrime MD security level is even beyond requirements for Digital
Signature regulations
FIPS140-2 Level 3 certified OS and PKI applet
 IDPrime MD 830
 FIPS 140-2 Level 2 is required by US regulations
CC EAL5+ / PPSSCD certified OS and PKI applet
 IDPrime MD 840 and IDPrime MD 3840
 CC EAL4+ / PPSSCD required by European Digital Signature law
All the IDPrime MD card chips are certified CC EAL5+ or EAL6+
All IDPrime MD cards embed the most advanced security
countermeasures
15
15
Enhanced cryptography
IDPrime MD is ready for the future, since it supports all
the crypto. algorithms for immediate and future
deployments
IDPrime MD supports both RSA and Elliptic Curves
•
•
•
•
RSA up to 2048, RSA OAEP & PSS
Elliptic Curves up to P-521
SHA1, SHA 256, SHA-384, SHA-512
AES up to 256, 3DES
ECC (Elliptic Curves) computation is faster than RSA
• Apart for signature verification – which is not performed by the card
anyway
• Improved performances are becoming important with large key lengths
16
Various authentication methods
PKI authentication
 PIN based
 Multi PIN option
OTP authentication





17
OATH standard
Event based
Batch, Self or Live provisioning
With or without PIN entry (same PIN as PKI)
Proposed as an option
17
Optelio Contactless MicroSD card
Optelio Contactless Micro SD
A contactless MicroSD card with an integrated antenna, turning any handset
into a contactless MIFARE Classic, MIFARE + and DESFire EV1 card
Dual Secure Element running contactless applets
Active contactless
front end and
specific RF antenna
architecture to boost
RF performance: A
unique Gemalto
design.
A technological breakthrough
The result of Gemalto’s unique RF and hardware integration expertise.
19
Value Proposition for Enterprises
For Physical Access Control and private
epurse use cases
Makes any mobile phone equipped with a
MicroSD slot ready to use
20
Qualified Android handsets – Oct 2014
2
21
Thank you!