identity and access idprime md 8840 and idcore 8030 microsd cards didier bonnet april 2015
TRANSCRIPT
Identity and Access
IDPrime MD 8840 and IDCore 8030MicroSD cards
Didier BonnetApril 2015
MicroSD Slots Deployment
2
As of today, MicroSD cards are compatible with most of the Android and Windows platforms, but not the iOS ones
Secure MicroSD Cards Range
3
MicroSD cards embedding the same secure chip as the IDPrime MD cardsIDPrime MD 8840 – 8GB or 16GB = PKI enabled
IDCore 8030 – 8GB or 16GB = Pure Java platform
Use CasesAll PKI and OTP use casesAndroid, Windows 7/8 and LinuxSupported by IDGo Secure Email, IDProve 300 and any other 3rd party application based on IDGo 800 for PCs or Mobiles
Value propositionForm factor: Small size and semi detachableCan be personalized on PCs using standard Card Management Systems (CMS)Flash memory for personal or professional usagesWell suited for low volumes / short term projects, OR for projects requiring Flash memory
IDCore 8030 Features
Secure MicroSD equipped with 8 or 16 GB Flash memory
Compliant with the SD Association specifications and the ASSD protocol
Java platform compliant with Java Card v2.2.2 and Global Platform v2.1.1
Secure chip EAL5+ certified, memory size of 80 KB (standard) or 160 KB (option)
Support of all the most recent cryptographic algorithms including RSA 2048 and Elliptic Curves
High security level certifications on request: FIPS140-2 Level 3 or Common Criteria EAL5+
Gemalto Java applets in option: OTP-OATH, MPCOS
Drivers for Android, Windows 7 / 8.x, Linux and BlackBerry OS
4More details
IDPrime MD 8840 Features
Secure MicroSD equipped with 8 or 16 GB Flash memory
Compliant with the SD Association specifications and the ASSD protocol
PKI applet: Same features as the Gemalto IDPrime MD smart cards
Support of all the most recent cryptographic algorithms including RSA 2048 and Elliptic Curves
Certification Common Criteria EAL5+ / PP SSCD for Qualified Signature or FIPS 140-2 Level 3. FIPS140-2 Level 3 certification on request.
OTP- OATH applet in standard, MPCOS applet in option
Easy connection to a Windows PC through a PC/SC driver
Supported by the IDGo 800 middleware on Android and Windows 7 / 8.xLinux on request
5More details
Main Features
IDCore 8030
IDPrime 8840
Secure MicroSD equipped with 8 or 16 GB Flash memory
Java platform OS compliant with Java Card v2.2.2 and Global Platform v2.1.1
Compliant with the SD Association specifications and the ASSD protocol
Support of all the recent cryptographic algorithms including RSA 2048 and Elliptic Curve
Certification: CC EAL5+ & PP SSCD for Qualified Signature On
requestOn going
FIPS140-2 Level 3 On request
OTP-OATH applet Option
PC/SC emulation driver for Windows 7 / 8
Driver for Linux Libraries
Driver for Android Libraries IDGo800
6
Packaging and Marking Specifications
• Packaging specifications- Standard : MicroSD stuck in a white ISO format plastic card
80 units per box- Option: JEDEC 4 x 16 units trays
• Marking specifications- Standard: Gemalto logo- Option: Customisation of the marking, Q > 10 KU, 2.5 K€ fee- Option: Customisation of the ISO plastic card, Q > 1 KU, 2.5 K€ fee
7
Sales Conditions
IDPrime MD 8840 – 8 GB available on the BtoB webstore
Q = 1400 units available in stock
Product sold through the Direct and Indirect Channels
Beside the webstore, MoQ = 3 KU
Standard delivery time = 10 weeks
Usually requires the IDGo 800 for Android middleware
Please refer to the IDGo 800 Legal process
Please contact the Gemalto TCs for demonstrationsIDGo 800 for Android architecture
8
More Details on our Webpage
9
Common Features with the IDPrime MD cards range
IDPrime cards positioning statement
Gemalto helps organizations protect and manage their logical, physical, and cloud-based data assets. Our strong multi-factor authentication solutions support a range of form factors and authentication methods providing the highest level of protection.
IDPrime
Minidriver enabled PKI
Cards
11
IDPrime family
Product Features IDPrime .NET 510
IDPrime .NET 5500
IDPrime MD 3810
IDPrime MD 830
IDPrime MD 3840
IDPrime MD
840
Base CSP PKCS#11 RSA On board PIN Policy Multi PIN support Biometry support Dual interface (contact / contactless & NFC support) FIPS 140 -2 Level 3 certif.(platform + PKI applet) FIPS 140-2 Level 2 certif(platform + PKI , OTP & MPCOS app)
CC EAL5+ / Javacard &CC EAL5+ / PP SSCD (Java+applet) Elliptic Curves OTP OATH option MPCOS applet option
A common set of features
IDPrimeMinidriver enabled
PKI cards
IDPrimeMinidriver enabled
PKI cards
12
IDPrime family
Product Features IDPrime .NET 510
IDPrime .NET 5500
IDPrime MD 3810
IDPrime MD 830
IDPrime MD 3840
IDPrime MD
840
Dynamic profile update Secure Key injection (Windows) Option (Dec 14) RSA OAEP algo RSA PSS algo PIN Policy SSO Option (Dec14) Option (Feb 15)
ICP Brazil certification Option (Q2 15)
Dedicated Signature PIN for CC certified (Sign only) keys Dedicated PUK to unblock the Signature PIN Mifare Classic emulation Hybrid Hybrid Option Hybrid Option (Q2 15) Hybrid
DESFire emulation Hybrid Hybrid Option (Feb 15) Hybrid Option (Q2 15) Hybrid
Legic Advant compatibility Hybrid Hybrid Option (Dec 14) Hybrid Option Hybrid
Other features
IDPrimeMinidriver enabled
PKI cards
IDPrimeMinidriver enabled
PKI cards
PA
C o
ptio
ns
13
Value Proposition: IDPrime MD as Corporate Badge
Enterprises, Universities & Governments who need to secure the access to their data, network & cloud-based assets from both PCs and mobile devices
The IDPrime MD offers all the services of a smart card based Corporate Badge plus the full compatibility with the NFC interface of smartphones and tablets.
IDPrime MD allows card holders to securely and easily access all their applications whatever their location.
The IDPrime MD, associated with the IDGo 800 middleware suite, is the only Corporate Badge operating on any OS, Plug & Play under Windows, and via NFC with mobile devices.
WE TARGETWE TARGET
THE SOLUTIONTHE SOLUTION
BENEFITSBENEFITS
DIFFERENTIATORDIFFERENTIATOR
14
IDPrime MD key benefits 1/2
Plug & Play PKI smart cards Native support on Windows up to 8.1 IDGo 800 middleware suite: Minidriver, PKCS#11, Credential Provider, tools
Ready for Mobile Security Dual interface capability ISO 14443 and NFC compliant)
Security level even beyond Digital Signature regulations FIPS 140-2 Level 3 CC EAL5+ / PP SSCD
Various form factors and authentication methods Contact / dual / hybrid smartcard or token Both PKI and OTP authentication are available
15
IDPrime MD key benefits 2/2
Enhanced cryptographic support PKI services with both RSA and Elliptic curves
E-purse option with MPCOS applet
Flexible security policy Extended on-board PIN Policy Optional Microsoft Secure Key Injection service
Wide eco-system integration
16
IDPrime MD security level is even beyond requirements for Digital Signature regulations
FIPS140-2 Level 3 certified OS and PKI applet IDPrime MD 830 FIPS 140-2 Level 2 is required by US regulations
CC EAL5+ / PPSSCD certified OS and PKI applet IDPrime MD 840 and IDPrime MD 3840 CC EAL4+ / PPSSCD required by European Digital Signature law
All the IDPrime MD card chips are certified CC EAL5+ or EAL6+
All IDPrime MD cards embed the most advanced security countermeasures
Digital Signature regulations
17
IDPrime MD is ready for the future, since it supports all the crypto. algorithms for immediate and future deployments
IDPrime MD supports both RSA and Elliptic Curves• RSA up to 2048, RSA OAEP & PSS
• Elliptic Curves up to P-521
• SHA1, SHA 256, SHA-384, SHA-512
• AES up to 256, 3DES
ECC (Elliptic Curves) computation is faster than RSA• Apart for signature verification – which is not performed by the card
anyway
• Improved performances are becoming important with large key lengths
Enhanced cryptography
18
PKI authentication PIN based Multi PIN option
OTP authentication OATH standard Event based Batch, Self or Live provisioning With or without PIN entry (same PIN as PKI) Proposed as an option
Various authentication methods
19
Optelio Contactless MicroSD card
Optelio Contactless Micro SD
Active contactless front end and specific RF antenna architecture to boost RF performance: A unique Gemalto design.
Dual Secure Element running contactless applets
21
Marking specifications
22
2
Standard marking
Marking customization: On request
22
Value Proposition for Enterprises
For Physical Access Control and private epurse use cases
Makes any mobile phone equipped with a MicroSD slot ready to use
23
Qualified Android handsets – Oct 2014
24
Thank you!