FCR Form - Gemalto
Download
Report
Transcript FCR Form - Gemalto
IDPrime MD 8840 and IDCore 8030
MicroSD cards
Didier Bonnet
May 2015
MicroSD Slots Deployment
As of today, MicroSD cards are compatible with most of the
Android and Windows platforms, but not the iOS ones
2
Secure MicroSD Cards Range
MicroSD cards embedding the same secure chip as the IDPrime MD cards
IDPrime MD 8840 – 8GB or 16GB
IDCore 8030 – 8GB or 16GB
= PKI enabled
= Pure Java platform
Use Cases
All PKI and OTP use cases
Android, Windows 7/8 and Linux
Supported by IDGo Secure Email and any
other 3rd party application based on IDGo 800
for PCs or Mobiles
Value proposition
Form factor: Small size and semi detachable
Can be personalized on PCs using standard Card Management Systems (CMS)
Flash memory for personal or professional usages
Well suited for low volumes / short term projects, OR for projects requiring Flash
memory
3
IDCore 8030 Features
Secure MicroSD equipped with 8 or 16 GB Flash memory
Compliant with the SD Association specifications and the ASSD protocol
Java platform compliant with Java Card v2.2.2 and Global Platform v2.1.1
Secure chip EAL5+ certified, memory size of 80 KB (standard) or 160 KB
(option)
Support of all the most recent cryptographic algorithms including RSA
2048 and Elliptic Curves
High security level certifications on request: FIPS140-2 Level 3 or
Common Criteria EAL5+
Gemalto Java applets in option: OTP-OATH, MPCOS
Drivers for Android, Windows 7 / 8.x, Linux and BlackBerry OS
More details
4
IDPrime MD 8840 Features
Secure MicroSD equipped with 8 or 16 GB Flash memory
Compliant with the SD Association specifications and the ASSD protocol
PKI applet: Same features as the Gemalto IDPrime MD smart cards
Support of all the most recent cryptographic algorithms including RSA 2048
and Elliptic Curves
Certification Common Criteria EAL5+ / PP SSCD for Qualified Signature
or FIPS 140-2 Level 3. FIPS140-2 Level 3 certification on request.
OTP- OATH applet in standard, MPCOS applet in option
Easy connection to a Windows PC through a PC/SC driver
Supported by the IDGo 800 middleware on Android and Windows 7 / 8.x
Linux on request
More details
5
Main Features
IDCore
8030
IDPrime
8840
On
request
On going
Secure MicroSD equipped with 8 or 16 GB Flash memory
Java platform OS compliant with Java Card v2.2.2 and Global
Platform v2.1.1
Compliant with the SD Association specifications and the
ASSD protocol
Support of all the recent cryptographic algorithms including
RSA 2048 and Elliptic Curve
Certification: CC EAL5+ & PP SSCD for Qualified Signature
FIPS140-2 Level 3
OTP-OATH applet
On request
Option
PC/SC emulation driver for Windows 7 / 8
Driver for Linux
Driver for Android
Libraries
Libraries
IDGo800
6
Packaging and Marking Specifications
• Packaging specifications
- Standard :
JEDEC 4 x 16 units trays
- Option:
MicroSD card stuck in a white ISO format plastic card
80 units per box
• Marking specifications
- Standard: Gemalto logo
- Option: Customisation of the marking,
Q > 10 KU, 2.5 K€ fee
- Option: Customisation of the ISO plastic card, Q > 1 KU, 2.5 K€ fee
7
Sales Conditions
Price list available
IDPrime MD 8840 – 8 GB available
on the internal and Partner
webstores
Product sold through the Direct
and Indirect Channels
Beside the webstore, MoQ = 3 KU
Standard delivery time = 10 weeks
Requires the IDGo 800 for Android
middleware
IDGo 800 for Android architecture
Can be provided externally only after the
signature of a Software Evaluation
Agreement
8
More Details on our Webpage
9
Marking specifications
Standard marking
2
Marking customization:
On request
1
0
10
Common Features with the IDPrime MD
cards range
IDPrime cards positioning statement
Gemalto helps organizations protect and manage their
logical, physical, and cloud-based data assets. Our
strong multi-factor authentication solutions support a
range of form factors and authentication methods
providing the highest level of protection.
Minidriver
enabled PKI
Cards
IDPrime
12
IDPrime family
IDPrime
Minidriver enabled
PKI cards
A common set of features
Product Features
IDPrime .NET
510
IDPrime .NET
5500
IDPrime MD
3810
IDPrime MD
830
IDPrime MD
3840
IDPrime MD
840
Base CSP
PKCS#11
RSA
On board PIN Policy
Multi PIN support
Biometry support
Dual interface
(contact / contactless & NFC support)
FIPS 140 -2 Level 3 certif.
(platform + PKI applet)
FIPS 140-2 Level 2 certif
(platform + PKI , OTP & MPCOS app)
CC EAL5+ / Javacard &
CC EAL5+ / PP SSCD (Java+applet)
Elliptic Curves
OTP OATH option
MPCOS applet option
13
IDPrime family
IDPrime
Minidriver enabled
PKI cards
Other features
Product Features
IDPrime .NET
510
IDPrime .NET
5500
IDPrime MD
3810
IDPrime MD
830
IDPrime MD
3840
IDPrime MD
840
Dynamic profile update
Secure Key injection (Windows)
Option (Dec 14)
RSA OAEP algo
RSA PSS algo
Option (Dec14)
Option (Feb 15)
Dedicated Signature PIN for CC
certified (Sign only) keys
Dedicated PUK to unblock the
Signature PIN
PIN Policy SSO
PAC options
ICP Brazil certification
Option (Q2 15)
Mifare Classic emulation
Hybrid
Hybrid
Option
Hybrid
Option (Q2 15)
Hybrid
DESFire emulation
Hybrid
Hybrid
Option (Feb 15)
Hybrid
Option (Q2 15)
Hybrid
Legic Advant compatibility
Hybrid
Hybrid
Option (Dec 14)
Hybrid
Option
Hybrid
14
Value Proposition: IDPrime MD as Corporate Badge
WE TARGET
Enterprises, Universities & Governments who need
to secure the access to their data, network & cloudbased assets from both PCs and mobile devices
THE
SOLUTION
The IDPrime MD offers all the services of a smart
card based Corporate Badge plus the full
compatibility with the NFC interface of smartphones
and tablets.
BENEFITS
IDPrime MD allows card holders to securely and
easily access all their applications whatever their
location.
DIFFERENTIATOR
The IDPrime MD, associated with the IDGo 800
middleware suite, is the only Corporate Badge
operating on any OS, Plug & Play under Windows,
and via NFC with mobile devices.
15
IDPrime MD key benefits
1/2
Plug & Play PKI smart cards
Native support on Windows up to 8.1
IDGo 800 middleware suite: Minidriver, PKCS#11, Credential Provider, tools
Ready for Mobile Security
Dual interface capability ISO 14443 and NFC compliant)
Security level even beyond Digital Signature regulations
FIPS 140-2 Level 3
CC EAL5+ / PP SSCD
Various form factors and authentication methods
Contact / dual / hybrid smartcard or token
Both PKI and OTP authentication are available
16
IDPrime MD key benefits
2/2
Enhanced cryptographic support
PKI services with both RSA and Elliptic curves
E-purse option with MPCOS applet
Flexible security policy
Extended on-board PIN Policy
Optional Microsoft Secure Key Injection service
Wide eco-system integration
17
Digital Signature regulations
IDPrime MD security level is even beyond requirements for Digital
Signature regulations
FIPS140-2 Level 3 certified OS and PKI applet
IDPrime MD 830
FIPS 140-2 Level 2 is required by US regulations
CC EAL5+ / PPSSCD certified OS and PKI applet
IDPrime MD 840 and IDPrime MD 3840
CC EAL4+ / PPSSCD required by European Digital Signature law
All the IDPrime MD card chips are certified CC EAL5+ or EAL6+
All IDPrime MD cards embed the most advanced security
countermeasures
18
Enhanced cryptography
IDPrime MD is ready for the future, since it supports all
the crypto. algorithms for immediate and future
deployments
IDPrime MD supports both RSA and Elliptic Curves
•
•
•
•
RSA up to 2048, RSA OAEP & PSS
Elliptic Curves up to P-521
SHA1, SHA 256, SHA-384, SHA-512
AES up to 256, 3DES
ECC (Elliptic Curves) computation is faster than RSA
• Apart for signature verification – which is not performed by the card
anyway
• Improved performances are becoming important with large key lengths
19
Various authentication methods
PKI authentication
PIN based
Multi PIN option
OTP authentication
OATH standard
Event based
Batch, Self or Live provisioning
With or without PIN entry (same PIN as PKI)
Proposed as an option
20
Thank you!