Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Published byKyle Winfrey Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards"— Presentation transcript:

1 Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
Didier Bonnet February 2015

2 MicroSD slots deployment
As of today, MicroSD cards are compatible with most of the Android and Windows platforms, but not the iOS ones

3 Gemalto MicroSD cards range
Micro- controller IDPrime MD Secure Chip 8 GB or 16 GB Flash Memory Secure MicroSD cards embedding the same secure chip as the Gemalto IDPrime MD smart cards IDPrime MD 8840 – 8GB or 16GB: PKI enabled IDCore 8030 – 8GB or 16GB: Pure Java platform

4 IDCore features Secure MicroSD equipped with 8 or 16 GB Flash memory Compliant with the SD Association specifications and the ASSD protocol Java platform compliant with Java Card v2.2.2 and Global Platform v2.1.1 Secure chip EAL5+ certified, memory size of 80 KB (standard) or 160 KB (option) Support of all the most recent cryptographic algorithms including RSA 2048 and Elliptic Curves High security level certifications on request: FIPS140-2 Level 3 or Common Criteria EAL5+ Gemalto Java applets in option: OTP-OATH, MPCOS Drivers for Android, Windows 7 / 8.x, Linux and BlackBerry OS More details

5 IDPrime MD 8840 features More details
Secure MicroSD equipped with 8 or 16 GB Flash memory Compliant with the SD Association specifications and the ASSD protocol PKI applet: Same features as the Gemalto IDPrime MD smart cards Support of all the most recent cryptographic algorithms including RSA 2048 and Elliptic Curves Certification Common Criteria EAL5+ / PP SSCD for Qualified Signature or FIPS Level 3. FIPS140-2 Level 3 certification on request. OTP- OATH applet in standard, MPCOS applet in option Easy connection to a Windows PC through a PC/SC driver Supported by the IDGo 800 middleware on Android and Windows 7 / 8.x Linux on request More details

6 Marking specifications
Standard marking 2 Marking customization: On request 6

7 Packaging specifications
Standard packaging: Stuck in a white ISO format plastic card. 50 units per box. Option: Graphical customization of the plastic card Option: JEDEC 4 x 16 units trays 7

8 Common features with the IDPrime MD card srange

9 3rd party client applications
IDGo 800 middleware and SDK 3rd party client applications Test tools OTP API PKI Crypto Layer API SDK Middleware PC-SC like API USB OTG (*) driver NFC driver Other reader drivers Other Secure Elements Key messages: 1- Compared to the existing middlewares for PCs (PKCS#11 or Base CSP + minidriver), this one also includes driver s of the communication channels with various Secure Element (PC-SC like). This is due to the fact that the drivers cannot be installed separately on Mobile OS 2- The main PKI interface is JCE = Java Encryption Extension because this is the standard interface for the Android applications which are mainly written in Java language. On iOS and other Mobile OS, the interface will be different (standard under creation by OASIS work group). A lower level PKI interface is also available for operations that are specific to the Gemalto cards (card parameters, file management, etc). 3- The SE addressed by version 1.0 are IDPrime .NET and MD cards in USB and NFC mode. The PIV cards can also be addressed on request (in the demo but not in v1.0) 4- The added value of Gemalto is that this middleware will evolve along the years and will embed new drivers for the future SE as soon as they are available (MicroSD, TEE, eSE, contact readers, PINpads, etc). We will provide these evolutions included in a Support & Maintenance (S & M) contract. 5- The SDK will be free of charge for our partners that will develop applications compliant with our IDGo800 middleware. However the middleware itself will be sold on a license fee basis and an associated S &M contract. So our partners will be required to signed a License agreement contract with Gemalto that will specify the sales conditions of the Licenses. 6- We expect to have a MicroSD card available and compliant with the IDPrime MD card by the end of this year, but we rely on a co-development with another Gemalto BU (ST BU). It will be supported by IDGo 800 as soon as available. 7- TEE is not expected before 18 months because it implies the development of a TSM (Trusted Service Manager) that will download our PKI / OTP applets into the ARM CPU Trustzone. Gemalto is presently the market leader on the TSM markets, mainly Payment and Transport. Gemalto is as well a founder of Trustonic (with ARM and G&D) that promotes TEE worldwide. TEE is already deployed in some of the Samsung smartphones) 8- IDGo 800 version 1.0 should be launched this summer on Android. A prototype version is already available for demo and beta-test purpose. Version 2.0 on Android is expected end 2013 and will supportMicroSD cards, PINpads, Precise Bio Tactivo reader on Android (if available). An IDGo 800 MW version should also be launched on iOS, and will support the PB Tactivo reader and another connected contact reader (to be defined). TEE (*) IDPrime cards (*) OTG: On-The-Go = USB Master TEE: Trusted Execution Environment

10 IDPrime cards positioning statement
Gemalto helps organizations protect and manage their logical, physical, and cloud-based data assets. Our strong multi-factor authentication solutions support a range of form factors and authentication methods providing the highest level of protection. IDPrime Minidriver enabled PKI Cards 10

11 IDPrime cards range A common set of features  Platform only
Key Product Features IDPrime .NET 510 IDPrime .NET 5500 IDPrime MD 3810 Released ! IDPrime MD 830 IDPrime MD 3840 IDPrime MD 840 Base CSP PKCS#11 RSA On board PIN Policy Multi PIN support Biometry support Dual interface (contact / contactless & NFC support) FIPS Level 3 certif. (platform + PKI applet) FIPS Level 2 certif (platform + PKI , OTP & MPCOS app) Platform only CC EAL5+ / Javacard & CC EAL5+ / PP SSCD (Java+applet) Elliptic Curves OTP OATH option MPCOS applet option

12 Value Proposition: IDPrime MD as Corporate Badge
Enterprises, Universities & Governments who need to secure the access to their data, network & cloud-based assets from both PCs and mobile devices The IDPrime MD offers all the services of a smart card based Corporate Badge plus the full compatibility with the NFC interface of smartphones and tablets. IDPrime MD allows card holders to securely and easily access all their applications whatever their location. The IDPrime MD, associated with the IDGo 800 middleware suite, is the only Corporate Badge operating on any OS, Plug & Play under Windows, and via NFC with mobile devices. WE TARGET THE SOLUTION BENEFITS DIFFERENTIATOR 12

13 IDPrime MD key benefits 1/2
Plug & Play PKI smart cards Native support on Windows up to 8.1 IDGo 800 middleware suite: Minidriver, PKCS#11, Credential Provider, tools Ready for Mobile Security Dual interface capability ISO and NFC compliant) Security level even beyond Digital Signature regulations FIPS Level 3 CC EAL5+ / PP SSCD Various form factors and authentication methods Contact / dual / hybrid smartcard or token Both PKI and OTP authentication are available

14 IDPrime MD key benefits 2/2
Enhanced cryptographic support PKI services with both RSA and Elliptic curves E-purse option with MPCOS applet Flexible security policy Extended on-board PIN Policy Optional Microsoft Secure Key Injection service Wide eco-system integration

15 Digital Signature regulations
IDPrime MD security level is even beyond requirements for Digital Signature regulations FIPS140-2 Level 3 certified OS and PKI applet IDPrime MD 830 FIPS Level 2 is required by US regulations CC EAL5+ / PPSSCD certified OS and PKI applet IDPrime MD 840 and IDPrime MD 3840 CC EAL4+ / PPSSCD required by European Digital Signature law All the IDPrime MD card chips are certified CC EAL5+ or EAL6+ All IDPrime MD cards embed the most advanced security countermeasures 15

16 Enhanced cryptography
IDPrime MD is ready for the future, since it supports all the crypto. algorithms for immediate and future deployments IDPrime MD supports both RSA and Elliptic Curves RSA up to 2048, RSA OAEP & PSS Elliptic Curves up to P-521 SHA1, SHA 256, SHA-384, SHA-512 AES up to 256, 3DES ECC (Elliptic Curves) computation is faster than RSA Apart for signature verification – which is not performed by the card anyway Improved performances are becoming important with large key lengths

17 Various authentication methods
PKI authentication PIN based Multi PIN option OTP authentication OATH standard Event based Batch, Self or Live provisioning With or without PIN entry (same PIN as PKI) Proposed as an option 17

18 Optelio Contactless MicroSD card

19 Dual Secure Element running contactless applets
Optelio Contactless Micro SD A contactless MicroSD card with an integrated antenna, turning any handset into a contactless MIFARE Classic, MIFARE + and DESFire EV1 card Dual Secure Element running contactless applets Active contactless front end and specific RF antenna architecture to boost RF performance: A unique Gemalto design. A technological breakthrough The result of Gemalto’s unique RF and hardware integration expertise. 19

20 Value Proposition for Enterprises
For Physical Access Control and private epurse use cases Makes any mobile phone equipped with a MicroSD slot ready to use 20

21 Qualified Android handsets – Oct 2014
21

22 Thank you!

Download ppt "Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards"

Similar presentations

HiPath SIcurity Card Manager Smartcard Management and Personalization System Sales Presentation.

HiPath SIcurity Card Manager Smartcard Management and Personalization System Sales Presentation.
UBIQUITY V3 An extensible platform for creating dynamic, customized, and geocentric native mobile applications.

UBIQUITY V3 An extensible platform for creating dynamic, customized, and geocentric native mobile applications.
© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Mobile Devices in the DoD

Mobile Devices in the DoD
McAfee One Time Password

McAfee One Time Password
OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.
© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.

© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.
A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.

A l a d d i n. c o m eToken NG-OTP Combined PKI - OTP Authentication Solution November, 2008.
SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.
Lab4 Part2 Lau Ting Nga Virginia Tsang Pui Yu Wong Sin Man.

Lab4 Part2 Lau Ting Nga Virginia Tsang Pui Yu Wong Sin Man.
eToken PKI Client Overview

eToken PKI Client Overview
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Similar presentations

Ads by Google