Leo Secure Smart Card Reader Providing PKI Authentication with Secure PIN Management
Total Page:16
File Type:pdf, Size:1020Kb
Leo secure smart card reader providing PKI authentication with secure PIN management Ingenico Healthcare/e-ID – « River Seine » - 25, quai Gallieni – 92158 Suresnes cedex - France Tél. 33(0)1 46 25 80 80 - Fax 33 (0)1 46 25 80 30 – http://healthcare-eid.ingenico.com/ Table of contents 1. Glossary ______________________________________________________ 3 2. Introduction __________________________________________________ 4 2.1. A secure professional reader ____________________________________________ 4 2.2. Compatibility with middlewares __________________________________________ 5 3. Product description ____________________________________________ 6 3.1. Product features ______________________________________________________ 6 3.2. USB interface _________________________________________________________ 9 3.3. Smart card interface ___________________________________________________ 9 3.4. Display Interface ______________________________________________________ 9 3.5. Keypad interface _____________________________________________________ 10 3.6. Secure PIN Entry feature _______________________________________________ 10 4. Operating systems supported ___________________________________ 11 4.1. Windows® __________________________________________________________ 11 4.2. Linux _______________________________________________________________ 11 4.3. MacOS® ____________________________________________________________ 11 5. Windows platform: installation __________________________________ 12 6. Packaging ____________________________________________________ 13 7. Certifications and standards _____________________________________ 14 7.1. Environmental _______________________________________________________ 14 7.2. Reliability ___________________________________________________________ 14 7.3. Certifications ________________________________________________________ 14 Leo secure smart card reader 2/14 1. Glossary Acronym Definition USB Universal Serial Bus LCD Liquid Crystal Display RoHS Reduction of Hazardous Substances WEEE Waste from Electric and Electronic Equipment EMV Europay Mastercard Visa PKI Public Key Infrastructure PC Personal Computer PIN Personal Identification Number CCID Chip/Smart Card Interface Devices WHQL Windows Hardware Quality Labs ETSI European Telecommunications Standards Institute DEEE Déchets d'Equipements Electriques et Electroniques EMC Electro Magnetic Compatibility Leo secure smart card reader 3/14 2. Introduction 2.1. A secure professional reader Leo is a secure card reader aimed at government offices and companies with a Public Key Infrastructure (PKI) looking for a secure desktop card reader to implement user authentica- tion and electronic signature with secure PIN management. Leo complies with PC/SC v2 part 10 standards which enable the PC to communicate with the smart card, ignoring the reader’s specificities. Then it provides additional security functions thanks to its Secure PIN Entry mechanism. This feature enables the user to locally enter his/her PIN code on the reader keyboard: this code is directly presented to the chip card, without going through the PC. As no data is transferred to the PC during the PIN entry, there are no risks of compromising these sensitive data, even if the PC runs rogue softwares like Trojan horses, Keyloggers or other Spyware. Connected to the PC via a USB port, Leo provides the full flexibility needed by security ap- plications for smart cards (the IAS-ECC standard, for example). Leo contains no sensitive data or secrets; therefore security cannot be compromised in case of loss or theft. Leo secure smart card reader 4/14 2.2. Compatibility with middlewares The use of secure identity documents such as electronic national identity cards, health cards or government agent cards frequently requires computer software solutions like middleware and hardware devices like smart card readers. These should work together to provide best ergonomics for the end user with a high security level. Thanks to cross referencing efforts between Ingenico Healthcare/e-ID and market players, Leo secure reader is easy to integrate into work environments and market middlewares. Thus it enables any customer aiming at building a project to speed up its integration by using Leo readers and cross-referenced software solution for authentication and electronic signature compliant with industry standards. Leo secure smart card reader 5/14 3. Product description 3.1. Product features Leo Leo Supported smart cards Compliant with ISO 7816-1 to -4 (microprocessor smart cards) Display 2 lines of 16 characters 5 x 7 matrix / character Keyboard 13 rubber keys Power supply Powered by USB port Size L 110 mm W 77mm H 61mm Weight 305g with USB cable (2 m) Standards / Certifications EMV L1 CE RoHS WEEE Common Criteria EAL 3+ PC connection USB 2.0 full-speed (& USB 1.1) Software environments CCID Microsoft Windows 2000, XP, Vista, Seven, 8 (WHQL certified drivers) Mac OS 10.4, 10.5, 10.6 and 10.7 Linux (Ubuntu - Debian) Support PKI PC/SC v2 application with Secure PIN Entry Leo secure smart card reader 6/14 The design of the Leo secure reader provides enhanced ergonomics facilitating countertop or desktop use. The keyboard is ideally tilted (20 degrees) to ease the PIN typing on large keypad. The dimensions and the angle of the display screen have been especially designed to provide excellent visibility. Two LEDs are positioned on the lens to show that the reader is functioning properly and indicate the secure management of the PIN when Secure PIN Entry feature is enabled. Thanks to its hemispherical rubber pads, the reader does not slip on table and has maximum stability. Security label 10 degrees 2 LEDs 20 degrees The design of Leo reader takes into account all requirements regarding international security standards (Common Criteria). Security labels are positioned on each side of the smart card reader to ensure its integrity. NB The reader is certified with an evaluation assurance level (EAL) 3+. A hanging system compliant with a standard lock (not included) is also available to attach the reader to the desktop securely. Hanging system Leo secure smart card reader 7/14 The card slot allows for easy use and includes a dust protection mechanism. Protection against dust In addition, Leo includes a protective mechanism of the smart card: it complies with the EMV standard on tests related to smart card disabling (powered off) when the USB cable is pulled out from computer (with or without APDU commands sent to the card). EMV standard requires that the reader is able to complete the deactivation sequence in less than 1 millisecond: the Leo smart card reader disables the card in a few tens of microseconds. Leo secure smart card reader 8/14 3.2. USB interface Parameter Value/Description DC characteristics Powered by USB port USB speed USB 2.0 Full Speed Device (12Mbit/s) Device class CCID 3.3. Smart card interface Parameter Value/Description Smart card operating frequency 4MHz Maximum supported card baud rate Up to 230Kbps Cards supported Class A Class B and Class C Protocol Supported T=0, T=1 3.4. Display Interface Parameter Value/Description Technology HTN reflective polarizer Number of lines of the Display 2 Number of characters per line 16 of the display Character 5x7 dot matrix The “power” LED ( ) is ON when the reader is attached to the correct CCID driver. The “lock” LED ( ) is ON when reader requests the user to enter his PIN code (Secure PIN Entry). The supported languages are English, French, German, Dutch, Spanish, Italian and Portuguese. For the very first power ON of the reader, the default language is English. As soon as a Secure PIN request is done by the host, the reader switches to the language specified by the host. If the value is not recognized by the reader, the reader keeps the default language. Leo secure smart card reader 9/14 3.5. Keypad interface Parameter Value/Description Number of rows 4 Number of columns 4 Default configuration 13 Keys 0-9 C CL OK Technology Rubber 3.6. Secure PIN Entry feature Leo complies with PC/SC v2 part 10 standards (Secure PIN Entry). Leo features a secure PIN entry management that enables the user to locally enter his/her PIN code on the reader keyboard: this code is presented directly to the chip card, without going through the PC. This mode is indicated by the lighting of a padlock image on the reader lens. As no data is transferred to the PC during the PIN entry, there is no risk of compromising this sensitive data, even if the PC is running rogue softwares like Trojan horses, Keyloggers or other Spyware. Leo secure smart card reader 10/14 4. Operating systems supported 4.1. Windows® Windows 2000 Windows XP 32 bits and 64 bits Windows Vista 32 bits and 64 bits Windows 7 32 bits and 64 bits Windows 8 32 bits and 64 bits Windows embeds a default CCID driver but does not support SPE. Therefore, in order to fully use Leo smart card reader, specific driver must be installed on the OS. An installer is available to help the user to install the driver. This specific CCID driver is available on Windows Update for downloading. 4.2. Linux All distribution compliant with libccid 1.4.2 and newer version: Ubuntu (LTS) 09.10, 10.04 et 10.10 OpenSuse 12, 13 et 14 Fedora 14 Debian CCID driver source codes are available at : http://pcsclite.alioth.debian.org/ccid.html Source codes can be downloaded from this repository http://svn.debian.org/wsvn/pcsclite/trunk/Drivers/ccid/ 4.3. MacOS® 10.4: Tiger 10.5: Snow Leopard 10.6: Leopard 10.7 : Lion