IDentity Suite a multi-purpose smart e-id, PKI platform

Similar documents
Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Preventing fraud in epassports and eids

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

Implementation of biometrics, issues to be solved

Entrust Smartcard & USB Authentication

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013

Moving to the third generation of electronic passports

European Electronic Identity Practices Country Update of Portugal

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Description of the Technical Component:

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

Secure your Privacy. jrsys, Inc. All rights reserved.

Introducing etoken. What is etoken?

ETSI TS V1.2.1 ( )

AD CS.

Smart Card Technology Capabilities

CERTIFICATION REPORT

CERTIFICATION PRACTICE STATEMENT UPDATE

Keep Out of My Passport: Access Control Mechanisms in E-passports

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Ciphire Mail. Abstract

CardOS API V3.2. Standard cryptographic interface for using applications with CardOS smart cards

Electronic machine-readable travel documents (emrtds) The importance of digital certificates

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

CRYPTOGRAPHY AS A SERVICE

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Guide to Data Field Encryption

Key & Data Storage on Mobile Devices

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

GlobalPlatform. Card Specification. Version 2.2

Athena Smartcard Inc. IDProtect Key with LASER PKI FIPS Cryptographic Module Security Policy. Document Version: 1.0 Date: April 25, 2012

Full page passport/document reader Regula model 70X4M

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

Secure web transactions system

Secure Network Communications FIPS Non Proprietary Security Policy

PRIME IDENTITY MANAGEMENT CORE

NIST Test Personal Identity Verification (PIV) Cards

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

Security Target Lite STARCOS 3.4 Health HBA C1

The German eid-card. Jens Bender. Federal Office for Information Security Bundesamt für Sicherheit in der Informationstechnik

NXP Secure Smart Card Controllers P5CD016V1D / P5CD021V1D / P5CD041V1D / P5Cx081V1D with DESFire EV1

eid Security Frank Cornelis Architect eid fedict All rights reserved

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

EUROPEAN CARD FOR e-services

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Ten Critical Success Factors for Successful Smart Card Projects

Advanced Security Mechanisms for Machine Readable Travel Documents

How To Protect A Smart Card From Being Hacked

IDENTITY SOLUTIONS END-TO-END SYSTEMS SOLUTIONS TO PROTECT IDENTITIES AND SECURE ACCESS FOR A MOBILITY WORLD

Certification Report

Java Card TM Open Platform for Smart Cards

Electronic Passports in a Nutshell

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems

CERTIFICATION REPORT

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

European Electronic Identity Practices

Electronic Signature in the banks data/order exchanges within the small, medium-sized or large corporate and their banks in France

OB10 - Digital Signing and Verification

An Introduction to Cryptography as Applied to the Smart Grid

Landscape of eid in Europe in 2013

An introduction to EJBCA and SignServer

Embedded Java & Secure Element for high security in IoT systems

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Payment and Identification Secure solutions

Snow Agent System Pilot Deployment version

Gemalto Mifare 1K Datasheet

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

WIRELESS LAN SECURITY FUNDAMENTALS

Understanding digital certificates

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption

Cryptography and Key Management Basics

esign Online Digital Signature Service

MACHINE READABLE TRAVEL DOCUMENTS

Table of Contents. Bibliografische Informationen digitalisiert durch

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Certification Report. NXP J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, and J2E082_M65 Secure Smart Card Controller Revision 3

Advanced Authentication

Smart Card Application Development Using Java

Smart Tiger STARCHIP SMART TIGER PAYMENT PRODUCT LINE. Payment. STiger SDA. STiger DDA. STiger DUAL

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

NXP Secure Smart Card Controllers P5CC008, P5CC012 V1A/ V1A(s)

Biometrics for Public Sector Applications

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Using etoken for SSL Web Authentication. SSL V3.0 Overview

How To Encrypt Data With Encryption

EMVCo Letter of Approval - Contact Terminal Level 2

Developing a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Transcription:

2015 All rights reserved. Specifications subject to change without notice

IDentity is Global Platform smart card solution for a wide area of e-services following the relevant EU and worldwide standards. It has been specifically designed for electronic identity and government market needs: national ID cards, health cards, electronic passports, driving licenses or employee ID cards. The major target areas of using IDentity: e-government Qualified Signature Multi-purpose PKI Features Compliant with all relevant eid specifications Required functionality is configured during personalization (i.e. epassport, IDL, eid or PKI...) Dual-interface support Flexible role based access control on each interface Secure centralized / de-centralized personalization Online / offline Post Issuance Personalization Multi-application feature Post issuance download of card applications Support of PINPAD readers with Secure Messaging Different functionality on each interface Multiple instances and logical chanels Compliant with the European Citizen Card standard Compliant with epassport standards (ICAO, BSI) Compliant with International Driving License standard Fingerprint Match-on-Card verification Common Criteria EAL 5+ platform Common Criteria EAL 4+ certified More than 20M instances issued 2015 All rights reserved. Specifications subject to change without notice

Public Selector IDentity provides Qualified Signature solutions in order to be used for Electronic Administration, Banking signature cards. Support of PINPAD readers with Secure Messaging Additional PKI functions on the same card Standard middleware is available Common Criteria EAL 4+ certified against SSCD PP e-government Solutions Multi-purpose PKI Products IDentity can be used for various other cases, such as Company ID, PC logon, Secure e-mail combined with Loyalty cards, e-purse. Support of multiple applet instances for different usage Contact and / or contactless interface Additional applets for Loyalty and electronic purse functionality USE CASES Use IDentity to issue various e-id products as Identity cards, Health cards, Electronic passports & Driving License cards. Compliant with the relevant standards Dual-interface support Multi-application feature Secure centralized / de-centralized personalization Common Criteria EAL 5+ platform certificate Common Criteria EAL 4+ certificate 2015 All rights reserved. Specifications subject to change without notice

IDentity is Fully Compliant With All mandatory features of CEN/TS 15480-1/2 the European Citizen Card Standard EN 14890-1/2 Application Interface for smart cards used as secure signature devices ISO/IEC 7816-3/4/8/9 ISO/IEC 24727-2 Generic card interface CEN/CWA 15974 eehic Fully compliant with IAS-ECC 1.0.1 CNS v1.1.6 DDU v1.1.0 ICAO Doc 9303 (PA, AA, BAC, SAC) BSI TR-03110 2.10 Part 1/2/3 (EAC 1.11, EAC 2.0, PACE2, German-eID) ISO/IEC 18013-3:2012 ISO-Compliant Driving Licence EU driving license (383/2012/EC) Fingerprint Match-on-Card (ISO/IEC 19785, ISO/IEC 19794) 2015 All rights reserved. Specifications subject to change without notice

Additional Functionality Support of extended length APDUs Up to 4 logical channels according to ECC ECDSA and various padding algorithms Device authentication with key transport protocol according to EN 14890-1 Key generation counter (proof of key-pair is generated on-board) Multiple compulsory algorithms per Security Data Object Asymmetric device authentication with Role validation Offline Secure Messaging with implicit authentication (offline PIP) GP Issuer Security Domain CVM management by PIN SDO Card-to-card authentication and access control Support of elementary files with record and TLV structures acc. to ISO/IEC 7816-4 IAS-ECC with AES, ECDSA Other extensions on request 2015 All rights reserved. Specifications subject to change without notice

Supported Algorithms & Protocols Digital Signature (PKCS#1, ISO/IEC 9796-2, PSS, ECDSA) Client/Server authentication Encryption key decipherment (PKCS#1, ISO/IEC 9796-2, RSA-OAEP, ECDH) RAW-RSA encryption / decryption Asymmetric device authentication with key agreement (DH with privacy, key transport, EAC, EAP) Asymmetric device authentication with role validation Asymmetric role authentication (IASECC 1.0.1, EAC1, EAC2, EAP) Symmetric device authentication (IASECC 1.0.1, BAC, SAC) Symmetric role authentication (IASECC 1.0.1) Card-to-card authentication Secure Messaging with 3DES (112, 168), AES (128, 192, 256) Public key cryptography (RSA up to 2048 bit - 4096 on request, ECDSA up to 320 bit - 521 on request) Secure Hash algorithms, SHA-1 and SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) ICAO Doc 9303 PA, AA, SAC (BAC + PACE2): 3DES, AES, DH, ECDH BSI TR-03110 EAC1, EAC2, PACE2 (Generic Mapping, Integrated Mapping) ISO/IEC 18013 ISO-Compliant Driving License (BAP1-4, EAP RSA, ECDSA) 2015 All rights reserved. Specifications subject to change without notice

Other Features Implementation based on Java Card 2.2.2 / 3.0.1 and Global Platform 2.1.1 / 2.2.1 standard APIs T=0, T=1 and T=CL protocols Extended Length protocol Plain or CRT RSA, ECDSA key generation / import Customizable CV certificate profiles Customizable application profiles Issuer defined chip numbering schemes Issuer defined objects Issuer defined personalization scenario 2015 All rights reserved. Specifications subject to change without notice

Hardware features Available on various NXP platforms J2A040, J3A041, J2A080, J3A081, J2D/E081, J3D/E081, J2D/E145, J3D/E145, J2E082, J3E082, J2E120, J3E120 Dedicated Secure_MX51 Smart Card CPU PKI co-processor FameXE High Speed Triple-DES / AES co-processor DES/TDES (56/112/168 bit) AES (128/192/256 bit) RSA up to 8192 bit ECC GF(p) up to 521 bit ECC Standardized domain parameters (sec2/brainpool/ansi) SHA-1/SHA-224/SHA-256 ISO/IEC 7816 contact interface ISO/IEC 14443 contactless interface Common Criteria EAL 5+ certified Secure Random Number Generator 2015 All rights reserved. Specifications subject to change without notice

Evaluation Status Based on CC EAL 5+ certified chip and OS - NXP JCOP v2.4.1 R2/R3, v2.4.2 R2/R3 Secure Smart Card Controller Common Criteria CC EAL4+ evaluation - BSI-CC-PP-0056-V2-2012 - BSI-CC-PP-0068-V2-2011 - BSI-CC-PP-0059-2012 - BSI-CC-PP-0071-2012 - BSI-CC-PP-0072-201 H-1117 Budapest Gábor Dénes u. 2. Infopark, building D. Tel: +36 1 464 9560 Fax: +36 1 700 2709 e-mail: info@idandtrust.com 2015 All rights reserved. Specifications subject to change without notice

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information