Entrust Smartcard & USB Authentication



Similar documents
Strong Authentication for Healthcare

Strong Identity Authentication for First Responders

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y

Converged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards

Guide to Data Field Encryption

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Entrust IdentityGuard

FEITIAN PKI Authentication Token. epass2003 with FIPS Cer tification

Introducing etoken. What is etoken?

Deriving a Trusted Mobile Identity from an Existing Credential

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

How To Encrypt Data With Encryption

INTEGRATION GUIDE MS OUTLOOK 2003 VERSION 2.0

Certification Report

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

CRESCENDO SERIES Smart Cards. Smart Card Solutions

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Secure Network Communications FIPS Non Proprietary Security Policy

An Introduction to Cryptography as Applied to the Smart Grid

M2M For industrial and automotive

Implementation of biometrics, issues to be solved

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Payment and Identification Secure solutions

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

TrustKey Tool User Manual

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

Secure Data Exchange Solution

Innovations in Digital Signature. Rethinking Digital Signatures

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Key & Data Storage on Mobile Devices

Secure your Privacy. jrsys, Inc. All rights reserved.

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Smart Card Technology Capabilities

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Smart Tiger STARCHIP SMART TIGER PAYMENT PRODUCT LINE. Payment. STiger SDA. STiger DDA. STiger DUAL

IDENTITY SOLUTIONS END-TO-END SYSTEMS SOLUTIONS TO PROTECT IDENTITIES AND SECURE ACCESS FOR A MOBILITY WORLD

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Architecture for Issuing DoD Mobile Derived Credentials. David A. Sowers. Master of Science In Computer Engineering

DRAFT Standard Statement Encryption

MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

PUF Physical Unclonable Functions

Advanced Authentication

Smart Cards and Biometrics in Physical Access Control Systems

INTRODUCTION AND HISTORY

The Convergence of IT Security and Physical Access Control

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Announcing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,

Athena Smartcard Inc. IDProtect Key with LASER PKI FIPS Cryptographic Module Security Policy. Document Version: 1.0 Date: April 25, 2012

PROXKey Tool User Manual

Preventing fraud in epassports and eids

CRYPTOGRAPHY AS A SERVICE

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Secure Hardware PV018 Masaryk University Faculty of Informatics

IDaaS: Managed Credentials for Local & State Emergency Responders

Gemalto SafeNet Minidriver 9.0

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Managed Portable Security Devices

Key Management Interoperability Protocol (KMIP)

eid Security Frank Cornelis Architect eid fedict All rights reserved

IDENTIFICATION Morpho Driver s license Solution for governments and road traffic authorities

The Convergence of IT Security and Physical Access Control

DoD CAC Middleware Requirements Release 4.0

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Complying with PCI Data Security

How To Protect A Smart Card From Being Hacked

Secure USB Flash Drive. Biometric & Professional Drives

U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer

Digital identity: Toward more convenient, more secure online authentication

EMV: A to Z (Terms and Definitions)

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Enova X-Wall LX Frequently Asked Questions

McAfee Firewall Enterprise 8.2.1

Defending the Internet of Things

NIST Test Personal Identity Verification (PIV) Cards

EAC Decision on Request for Interpretation (Operating System Configuration)

M-Shield mobile security technology

PrivateServer HSM EKM Provider for Microsoft SQL Server

SecureDoc Disk Encryption Cryptographic Engine

IT Networks & Security CERT Luncheon Series: Cryptography

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Chapter 8. Network Security

Chapter 15 User Authentication

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Transcription:

Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities before granting logical access to networks or physical access to facilities all from a single authenticator. The industry-leading Entrust FIPS-201-compliant card provides Elliptic Curve Suite B compliance, operating at up to two times the speed of competitors. This provides the cardholder with a long certificate lifetime and long-life card construction, avoiding costly card re-issuance. Using the latest chip technology translates to saving minutes on card issuance and allows for authentication and sign operations on tablets to be well under a second providing a quick tap-and-sign experience. By partnering with leading chip vendors, Entrust smartcards have best-in-class counter measures to fight Differential Power Analysis, Simple Power Analysis, Fault Injection and future laser-light attacks. If successful, these attacks could steal identities and private information. The FIPS-140 and FIPS-201 certifications provide assurance to the cardholder that the card is secure, resistant to attacks and will interoperate with any other FIPS 201 compliant product. Smartcards Model SC100 Series Smartcards SC200 Series Smartcards Cryptographic Performance Entrust real-world benchmarks include the full round-trip from computer to card and back. Key Generation Digital Signatures Decryption Elliptic Curve Cryptography (ECC) Digital Signature/ Verification AES 256 < 3 seconds < 65 seconds 0.126 seconds 0.47 seconds 0.116 seconds 0.476 seconds P256 sign 0.117 seconds P256 verify 0.133 seconds < 7 seconds < 50 seconds 0.15 seconds 0.619 seconds 0.142 seconds 0.63 seconds P256 sign 0.119 seconds P256 verify 0.138 seconds Decryption 0.025 seconds 0.027 seconds

Smartcards Model SC100 Series Smartcards SC200 Series Smartcards Triple DES Decryption 0.024 seconds 0.020 seconds Physical Access Options Mifare Classic Available on Request Available on Request Mifare Desfire Available on Request 125 khz Proximity Option Available on Request Available on Request PIV Compliance PIV-C (CIV) PIV, PIV-I EEPROM Memory Capacity 80 Kb 80 Kb Read Cycles Unlimited Unlimited Write/Erase Cycles 500,000 500,000 Data Retention Time 25 Years 25 Years Hardware System Co-Processors DES, AES, RSA, ECC DES, AES, RSA, ECC Connectivity Contact (ISO 7816) SC100C SC200C Contactless (ISO 14443) SC100CL SC200CL Dual Interface SC100D SC200D Certification & Approvals FIPS 140-2 Level 2 Chip Only Full-Device Certification Common Criteria EAL5+ (Chip & OS) EAL5+ (Chip & OS) EMVCo (Chip & OS) (Chip & OS) RoHS China RoHS NIST NPIVP (FIPS 201 Compliant) Customization (SC200D) Card Printed with Organization Logo Available on Request Available on Request

Smartcards Model SC100 Series Smartcards SC200 Series Smartcards Cryptography Asymmetric Key Key Generation Digital Signature Key Exchange Diffie-Hellman ECDH Symmetric Keys Hash Digest AES 128, 192, 256, 3DES AES 128, 192, 256, 3DES

USB Tokens Model USB100 Series USB Tokens USB200 Series USB Tokens Cryptographic Performance Entrust real-world benchmarks include the full round-trip from computer to card and back. Key Generation Digital Signatures Decryption Elliptic Curve Cryptography (ECC) Digital Signature/Verification AES 256 < 3 seconds < 65 seconds 0.126 seconds 0.47 seconds 0.116 seconds 0.476 seconds P256 sign 0.117 seconds P256 verify 0.133 seconds < 7 seconds < 50 seconds 0.15 seconds 0.619 seconds 0.142 seconds 0.63 seconds P256 sign 0.119 seconds P256 verify 0.138 seconds Decryption 0.025 seconds 0.027 seconds Triple DES Decryption 0.024 seconds 0.020 seconds PIV Compliance PIV-C (CIV) PIV, PIV-I EEPROM Memory Capacity 80Kb 80Kb Read Cycles Unlimited Unlimited Write/Erase Cycles 500,000 500,000 Data Retention Time 25 Years 25 Years Hardware System Co-Processors DES, AES, RSA, ECC DES, AES, RSA, ECC

USB Tokens Model USB100 Series USB Tokens USB200 Series USB Tokens Connectivity USB 1.1/2.0 Certification & Approvals FIPS 140-2 Level 2 Chip Only Full-Device Certification Common Criteria EAL5+ (Chip & OS) EAL5+ (Chip & OS) EMVCo (Chip & OS) (Chip & OS) RoHS China RoHS Customization USB Customized with Organization Logo Available on Request Available on Request Cryptography Asymmetric Key Key Generation Digital Signature Key Exchange Diffie-Hellman ECDH Symmetric Keys Hash Digest AES 128, 192, 256, 3DES AES 128, 192, 256, 3DES

Available Card & USB Applications Basic Application FIPS 201 Application MRTD Application (Special Card Order) Fingerprint, IRIS scan digitally signed Facial image digitally signed Anonymous but authentic Card Authentication Key Authentication, sign and encryption for user Additional containers of data (e.g., drivers license data) (Requires P11 driver) Data privacy protected by PIN Data privacy protected by Machine Readable Zone (MRZ) Driver Basic Application FIPS 201 Application MRTD Application Small Mini-Driver for Logical Access (Distributed by Microsoft) (Depending on use and operating system, drivers available from Entrust (CSP) or Microsoft.) Certificate Renewal Basic Application FIPS 201 Application MRTD Application Certificate Issuance & Renewal Entrust IdentityGuard, Entrust Entelligence Security Provider, Native Microsoft, Entrust Administration Services Entrust IdentityGuard (Only an authorized application, in possession of the card s administration key, may perform the initial issuance and renewal of the keys and card certificates.) t Applicable Physical Access Modern Physical Access (Included in PIV application) About Entrust A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust s award-winning software authentication platforms manage today s most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eid initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email entrust@entrust.com or visit www.entrust.com. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All other Entrust product names and service names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited in certain countries. All other company names, product names and logos are trademarks or registered trademarks of their respective owners. 2012 Entrust. All rights reserved. 24274/9-12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information