Leo Secure Smart Card Reader Providing PKI Authentication with Secure PIN Management

Total Page:16

File Type:pdf, Size:1020Kb

Leo Secure Smart Card Reader Providing PKI Authentication with Secure PIN Management Leo secure smart card reader providing PKI authentication with secure PIN management Ingenico Healthcare/e-ID – « River Seine » - 25, quai Gallieni – 92158 Suresnes cedex - France Tél. 33(0)1 46 25 80 80 - Fax 33 (0)1 46 25 80 30 – http://healthcare-eid.ingenico.com/ Table of contents 1. Glossary ______________________________________________________ 3 2. Introduction __________________________________________________ 4 2.1. A secure professional reader ____________________________________________ 4 2.2. Compatibility with middlewares __________________________________________ 5 3. Product description ____________________________________________ 6 3.1. Product features ______________________________________________________ 6 3.2. USB interface _________________________________________________________ 9 3.3. Smart card interface ___________________________________________________ 9 3.4. Display Interface ______________________________________________________ 9 3.5. Keypad interface _____________________________________________________ 10 3.6. Secure PIN Entry feature _______________________________________________ 10 4. Operating systems supported ___________________________________ 11 4.1. Windows® __________________________________________________________ 11 4.2. Linux _______________________________________________________________ 11 4.3. MacOS® ____________________________________________________________ 11 5. Windows platform: installation __________________________________ 12 6. Packaging ____________________________________________________ 13 7. Certifications and standards _____________________________________ 14 7.1. Environmental _______________________________________________________ 14 7.2. Reliability ___________________________________________________________ 14 7.3. Certifications ________________________________________________________ 14 Leo secure smart card reader 2/14 1. Glossary Acronym Definition USB Universal Serial Bus LCD Liquid Crystal Display RoHS Reduction of Hazardous Substances WEEE Waste from Electric and Electronic Equipment EMV Europay Mastercard Visa PKI Public Key Infrastructure PC Personal Computer PIN Personal Identification Number CCID Chip/Smart Card Interface Devices WHQL Windows Hardware Quality Labs ETSI European Telecommunications Standards Institute DEEE Déchets d'Equipements Electriques et Electroniques EMC Electro Magnetic Compatibility Leo secure smart card reader 3/14 2. Introduction 2.1. A secure professional reader Leo is a secure card reader aimed at government offices and companies with a Public Key Infrastructure (PKI) looking for a secure desktop card reader to implement user authentica- tion and electronic signature with secure PIN management. Leo complies with PC/SC v2 part 10 standards which enable the PC to communicate with the smart card, ignoring the reader’s specificities. Then it provides additional security functions thanks to its Secure PIN Entry mechanism. This feature enables the user to locally enter his/her PIN code on the reader keyboard: this code is directly presented to the chip card, without going through the PC. As no data is transferred to the PC during the PIN entry, there are no risks of compromising these sensitive data, even if the PC runs rogue softwares like Trojan horses, Keyloggers or other Spyware. Connected to the PC via a USB port, Leo provides the full flexibility needed by security ap- plications for smart cards (the IAS-ECC standard, for example). Leo contains no sensitive data or secrets; therefore security cannot be compromised in case of loss or theft. Leo secure smart card reader 4/14 2.2. Compatibility with middlewares The use of secure identity documents such as electronic national identity cards, health cards or government agent cards frequently requires computer software solutions like middleware and hardware devices like smart card readers. These should work together to provide best ergonomics for the end user with a high security level. Thanks to cross referencing efforts between Ingenico Healthcare/e-ID and market players, Leo secure reader is easy to integrate into work environments and market middlewares. Thus it enables any customer aiming at building a project to speed up its integration by using Leo readers and cross-referenced software solution for authentication and electronic signature compliant with industry standards. Leo secure smart card reader 5/14 3. Product description 3.1. Product features Leo Leo Supported smart cards Compliant with ISO 7816-1 to -4 (microprocessor smart cards) Display 2 lines of 16 characters 5 x 7 matrix / character Keyboard 13 rubber keys Power supply Powered by USB port Size L 110 mm W 77mm H 61mm Weight 305g with USB cable (2 m) Standards / Certifications EMV L1 CE RoHS WEEE Common Criteria EAL 3+ PC connection USB 2.0 full-speed (& USB 1.1) Software environments CCID Microsoft Windows 2000, XP, Vista, Seven, 8 (WHQL certified drivers) Mac OS 10.4, 10.5, 10.6 and 10.7 Linux (Ubuntu - Debian) Support PKI PC/SC v2 application with Secure PIN Entry Leo secure smart card reader 6/14 The design of the Leo secure reader provides enhanced ergonomics facilitating countertop or desktop use. The keyboard is ideally tilted (20 degrees) to ease the PIN typing on large keypad. The dimensions and the angle of the display screen have been especially designed to provide excellent visibility. Two LEDs are positioned on the lens to show that the reader is functioning properly and indicate the secure management of the PIN when Secure PIN Entry feature is enabled. Thanks to its hemispherical rubber pads, the reader does not slip on table and has maximum stability. Security label 10 degrees 2 LEDs 20 degrees The design of Leo reader takes into account all requirements regarding international security standards (Common Criteria). Security labels are positioned on each side of the smart card reader to ensure its integrity. NB The reader is certified with an evaluation assurance level (EAL) 3+. A hanging system compliant with a standard lock (not included) is also available to attach the reader to the desktop securely. Hanging system Leo secure smart card reader 7/14 The card slot allows for easy use and includes a dust protection mechanism. Protection against dust In addition, Leo includes a protective mechanism of the smart card: it complies with the EMV standard on tests related to smart card disabling (powered off) when the USB cable is pulled out from computer (with or without APDU commands sent to the card). EMV standard requires that the reader is able to complete the deactivation sequence in less than 1 millisecond: the Leo smart card reader disables the card in a few tens of microseconds. Leo secure smart card reader 8/14 3.2. USB interface Parameter Value/Description DC characteristics Powered by USB port USB speed USB 2.0 Full Speed Device (12Mbit/s) Device class CCID 3.3. Smart card interface Parameter Value/Description Smart card operating frequency 4MHz Maximum supported card baud rate Up to 230Kbps Cards supported Class A Class B and Class C Protocol Supported T=0, T=1 3.4. Display Interface Parameter Value/Description Technology HTN reflective polarizer Number of lines of the Display 2 Number of characters per line 16 of the display Character 5x7 dot matrix The “power” LED ( ) is ON when the reader is attached to the correct CCID driver. The “lock” LED ( ) is ON when reader requests the user to enter his PIN code (Secure PIN Entry). The supported languages are English, French, German, Dutch, Spanish, Italian and Portuguese. For the very first power ON of the reader, the default language is English. As soon as a Secure PIN request is done by the host, the reader switches to the language specified by the host. If the value is not recognized by the reader, the reader keeps the default language. Leo secure smart card reader 9/14 3.5. Keypad interface Parameter Value/Description Number of rows 4 Number of columns 4 Default configuration 13 Keys 0-9 C CL OK Technology Rubber 3.6. Secure PIN Entry feature Leo complies with PC/SC v2 part 10 standards (Secure PIN Entry). Leo features a secure PIN entry management that enables the user to locally enter his/her PIN code on the reader keyboard: this code is presented directly to the chip card, without going through the PC. This mode is indicated by the lighting of a padlock image on the reader lens. As no data is transferred to the PC during the PIN entry, there is no risk of compromising this sensitive data, even if the PC is running rogue softwares like Trojan horses, Keyloggers or other Spyware. Leo secure smart card reader 10/14 4. Operating systems supported 4.1. Windows® Windows 2000 Windows XP 32 bits and 64 bits Windows Vista 32 bits and 64 bits Windows 7 32 bits and 64 bits Windows 8 32 bits and 64 bits Windows embeds a default CCID driver but does not support SPE. Therefore, in order to fully use Leo smart card reader, specific driver must be installed on the OS. An installer is available to help the user to install the driver. This specific CCID driver is available on Windows Update for downloading. 4.2. Linux All distribution compliant with libccid 1.4.2 and newer version: Ubuntu (LTS) 09.10, 10.04 et 10.10 OpenSuse 12, 13 et 14 Fedora 14 Debian CCID driver source codes are available at : http://pcsclite.alioth.debian.org/ccid.html Source codes can be downloaded from this repository http://svn.debian.org/wsvn/pcsclite/trunk/Drivers/ccid/ 4.3. MacOS® 10.4: Tiger 10.5: Snow Leopard 10.6: Leopard 10.7 : Lion
Recommended publications
  • Release Notes
    EgoSecure Full Disk Ecnryption Release Notes Version 14.4.941.3 29/01/2020 Release Notes EgoSecure Full Disk Encryption 14.4.941.3 Contents Introduction .................................................................................................. 3 System Requirements ................................................................................. 3 Hardware Requirements ........................................................................................................... 3 Software Requirements ............................................................................................................ 3 Installation & Usage .................................................................................... 4 Setup .......................................................................................................................................... 4 Administration ........................................................................................................................... 4 Support ......................................................................................................... 4 Hotline ........................................................................................................................................ 4 Online Resources ...................................................................................................................... 4 Release Notes .............................................................................................. 5 14.4.941.3 ..................................................................................................................................
    [Show full text]
  • Smart Card Fundamentals
    Module 1: Smart Card Fundamentals Smart Card Alliance Certified Smart Card Industry Professional Accreditation Program Smart Card Alliance © 2010 CSCIP Module 1- Fundamentals Final - Version 3 - October 8, 2010 1 For CSCIP Applicant Use Only About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org . Important note: The CSCIP training modules are only available to LEAP members who have applied and paid for CSCIP certification. The modules are for CSCIP applicants ONLY for use in preparing for the CSCIP exam. These documents may be downloaded and printed by the CSCIP applicant. Further reproduction or distribution of these modules in any form is forbidden. Copyright © 2010 Smart Card Alliance, Inc. All rights reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from the Smart Card Alliance. The Smart Card Alliance has used best efforts to ensure, but cannot guarantee, that the information described in this report is accurate as of the publication date. The Smart Card Alliance disclaims all warranties as to the accuracy, completeness or adequacy of information in this report.
    [Show full text]
  • Smart Card Pocket Reader (USB Portable Reader)
    USB CCID SIM & SMART CARD READER UP TO 512MB MEMORY INSIDE SIM CARD EDITOR TOOL SIMPocket Combo is the innovative Smart Card reader, in a USB form factor, which offers the following functions: Smart Card Reader + SIM Card Reader + flash memory Thanks to its small size, SIMPocket Combo is a pocket device that combines the functions both of a SIM and Smart Card reader to a mass storage device - up to 512MB capacity. The flash memory on board can be handled as a removable drive, optionally to be partitioned into up to 8 areas among the five different following types: • Mass Storage, where data can be saved • CD-ROM, with Autorun function • Write Protected Mass Storage, that is read-only • Read and Write Protected Mass Storage • Encrypted Mass Storage, based on AES 256 bit Versatility and mobility are the key concepts of this innovative device. The two slots, in which the smart card and the SIM card shall be inserted, allows you to read both formats of card simultaneously; at the same time, the large memory made available meets the growing need for data and application transferability. The device is supplied with a license of SIMEdit! free of charge; SIMEdit! is the well known software by Compelson Labs that permits all GSM users to modify, copy or save all information stored in a SIM card by means of a PC. Functions supported: Features: • Flash memory for data Protocols: ISO7816 T=0 and T=1, USB CCID and application transfer • Partitioning of the Driver: Driver PC/SC for Windows 98, Windows ME, memory Windows 2000, Windows XP and Windows 2003.
    [Show full text]
  • ACR101I Technical Specifications V1.07
    ACR101I SIMicro (CCID) Smart Card and Micro SD Reader Technical Specifications V1.07 Subject to change without prior notice [email protected] www.acs.com.hk Table of Contents 1.0. Introduction ............................................................................................................. 3 1.1. SIM-sized Smart Card Reader............................................................................................... 3 1.2. Memory Storage Device ........................................................................................................ 3 1.3. Contactless Feature ............................................................................................................... 3 1.4. Ease of Integration ................................................................................................................. 3 2.0. Features ................................................................................................................... 4 3.0. Typical Applications ................................................................................................ 5 4.0. Technical Specifications ......................................................................................... 6 5.0. Opening the card cover........................................................................................... 8 Page 2 of 9 www.acs.com ACR101I – Technical Specifications [email protected] Version 1.07 www.acs.com.hk 1.0. Introduction The ACR101I SIMicro (CCID) is more than just your ordinary SIM-sized smart card reader. With
    [Show full text]
  • Common Access Card for Xerox® Versalink® Printers System Configuration Guide
    Version 1.5 September 2019 Common Access Card for Xerox® VersaLink® Printers System Configuration Guide © 2017 Xerox Corporation. All rights reserved. Unpublished rights reserved under the copyright laws of the United States. Contents of this publication may not be reproduced in any form without permission of Xerox Corporation. Copyright protection claimed includes all forms of matters of copyrightable materials and information now allowed by statutory or judicial law or hereinafter granted, including without limitation, material generated from the software programs which are displayed on the screen such as styles, templates, icons, screen displays, looks, and so on. Xerox® and Xerox and Design®, Global Print Driver®, VersaLink®, and Mobile Express Driver® are trademarks of Xerox Corporation in the United States and/or other countries. PostScript® is a trademark of Adobe Systems Incorporated in the United States and/or other countries. Windows® is a trademark of Microsoft Corporation in the United States and other countries. Document Version 1.3 November 2017 BR22729 Contents 1 Introduction .......................................................................................................................................................................................... 1-1 Purpose....................................................................................................................................................................................................1 -1 Target Audience ..................................................................................................................................................................................1
    [Show full text]
  • ACR101 CCID Technical Specifications V1.01
    ACR10 1 SIMicro (CCID) Smart Card and Micro-SD Reader Technical Specifications [email protected] Subject to change without prior notice www.acs.com.hk Table of Contents 1.0. Introduction ............................................................................................................. 3 1.1. SIM-Sized Smart Card Reader .............................................................................................. 3 1.2. Memory Storage Device ........................................................................................................ 3 1.3. Contactless Feature ............................................................................................................... 3 1.4. Plug and Play Feature ........................................................................................................... 3 2.0. Features ................................................................................................................... 4 3.0. Typical Applications ................................................................................................ 5 4.0. Technical Specifications ......................................................................................... 6 Page 2 of 8 www.acs.com ACR101 Technical Specifications [email protected] Document Title Here Document Title Here .hk DocumentVersion 1.Title01 Here www.acs.com.hk 1.0. Introduction The ACR101 SIMicro (CCID) is more than just your ordinary SIM-Sized smart card reader. With the combination of a smart card reader and a Micro-SD card slot in a compact
    [Show full text]
  • Liteo PC/SC, USB and CCID Compliant Smart Card Reader
    Readers Liteo PC/SC, USB and CCID compliant smart card reader A reader compliant with industry standards and easy to use • Liteo is a PC/SC and CCID compliant smart card reader (class 1 reader) that meets USB 2.0 standard. • Liteo is an interface between a smart card and corresponding PC-applications. The reader reads all microprocessor cards (ISO 7816 1-4 compliant smart cards). • Compliant with the CCID standard, Liteo is a “Plug&Play” reader: plug it to the computer via USB port and it is automatically installed. Therefore Liteo is a very easy- to-use reader. • Liteo has all necessary certifications for a transparent smart card reader: Microsoft WHQL certified, compliant with Linux et MacOS X environments; EMV 2000 Level 1; CE; FCC Part 15 Class B. Smartcard USB Readers Liteo A reader dedicated to mass deployment • The design and packaging of the Liteo reader have been specially created to optimize the costs of large-scale deployment. • Its design is environment-friendly and highly recyclable : there is no screw, plastic materials have been limited to be recycled easily, and there is no need for a CD-ROM. A reader compliant NAME Liteo with all smart card applications USB 2.0 (& USB 1.1) full speed (12 Mbps) Designed for individuals, Liteo can be used with all smart card based PC interface applications: IT Security (logical access, access logon), e-ID (e- Compliant PC/SC and CCID government), Transport (digital tachograph cards, mass transit cards), ISO 7816 Healthcare (health insurance cards)... Smart card interface T=0 and T=1 protocols Communication speed: up to 420Kbps Supported ISO 7816-1 to -4 (microprocessor smart cards) smart cards USB 2.0 full speed (and USB 1.1) EMV Level 1 Certifications Microsoft WHQL dified without prior consent.
    [Show full text]
  • 73S12xxf USB-CCID Linux DFU Host Application Users Guide
    Simplifying System IntegrationTM 73S12xxF USB-CCID Linux DFU Host Application Users Guide April 27, 2009 Rev. 1.00 UG_12xxF_038 73S12xxF USB-CCID Linux DFU Host Application Users Guide UG_12xxF_038 © 2009 Teridian Semiconductor Corporation. All rights reserved. Teridian Semiconductor Corporation is a registered trademark of Teridian Semiconductor Corporation. Simplifying System Integration is a trademark of Teridian Semiconductor Corporation. Microsoft is a registered trademark of Microsoft Corporation. Windows XP is a registered trademark of Microsoft Corporation. Visual Studio is a registered trademark of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds. All other trademarks are the property of their respective owners. Teridian Semiconductor Corporation makes no warranty for the use of its products, other than expressly contained in the Company’s warranty detailed in the Teridian Semiconductor Corporation standard Terms and Conditions. The company assumes no responsibility for any errors which may appear in this document, reserves the right to change devices or specifications detailed herein at any time without notice and does not make any commitment to update the information contained herein. Accordingly, the reader is cautioned to verify that this document is current by comparing it to the latest version on http://www.teridian.com or by checking with your sales representative. Teridian Semiconductor Corp., 6440 Oak Canyon, Suite 100, Irvine, CA 92618 TEL (714) 508-8800, FAX (714) 508-8877, http://www.teridian.com 2 Rev. 1.0 UG_12xxF_038 73S12xxF USB-CCID Linux DFU Host Application Users Guide Table of Contents 1. Introduction ......................................................................................................................................... 4 2. Building the dfu-util Program ....................................................................................................... 4 3. Running the dfu-util Program ......................................................................................................
    [Show full text]
  • Technical Specification of ACR100F Simflash (CCID)
    ACR100F SIMFlash (CCID) Technical Specifications V4.02 Subject to change without prior notice [email protected] www.acs.com.hk Table of Contents 1.0. Introduction ............................................................................................................... 3 1.1. Plug-in (SIM-sized) Card Reader .......................................................................................... 3 1.2. Mass Storage Device ............................................................................................................. 3 1.3. Plug and Play Feature ........................................................................................................... 3 2.0. Features ..................................................................................................................... 4 3.0. Typical Applications ................................................................................................. 5 4.0. Technical Specifications .......................................................................................... 6 Page 2 of 7 ACR100F – Technical Specifications [email protected] Version 4.02 www.acs.com.hk 1.0. Introduction The ACR100F SIMFlash, being more than just a smart card reader, has a maximum of built-in 8 GB flash memory. Designed both to access plug-in (SIM-sized) smart cards and data or application storage, the ACR100F is ideal for GSM solutions such as GSM management software and VoIP applications. In addition to this, the ACR100F can also be used in different applications, such as electronic payment
    [Show full text]
  • SAC 9.0 (Beta)
    Gemalto’s SafeNet Authentication Client MAC CUSTOMER RELEASE NOTES Version: 9.0 – Mac (Maintenance Release) Build 51 Issue Date: 31 May 2015 Document Part Number: 007-012829-002, Revision A Contents Product Description .................................................................................................................................................................... 2 Release Description .................................................................................................................................................................... 2 Licensing..................................................................................................................................................................................... 2 Default Password ........................................................................................................................................................................ 2 Advisory Notes ............................................................................................................................................................................ 2 AKS Bundle Support Script .................................................................................................................................................. 2 Compatibility Information ............................................................................................................................................................ 3 Browsers .............................................................................................................................................................................
    [Show full text]
  • CAC Broch:Layout 1 10/5/09 10:55 AM Page 1
    CAC Broch:Layout 1 10/5/09 10:55 AM Page 1 Introducing a bizhub Solution for: Common Access Card (CAC) and Personal Identification Verification (PIV) Card Authentication CAC Broch:Layout 1 10/5/09 10:55 AM Page 2 WHO’S USING YOUR MFPS? WHICH DOCUMENTS ARE THEY SCANNING – AND WHERE ARE THEY SENDING YOUR MOST SENSITIVE INFORMATION? TO ANSWER THESE CRITICALLY IMPORTANT QUESTIONS, KONICA MINOLTA HAS TEAMED WITH ACTIVIDENTITY™ CORPORATION IN CREATING THE BIZHUB CAC (COMMON ACCESS CARD) & PIV (PERSONAL IDENTIFICATION VERIFICATION) CARD SOLUTION: A COMPREHENSIVE AUTHENTICATION SYSTEM FOR THE DEPARTMENT OF DEFENSE (DOD) AND OTHER GOVERNMENT FACILITIES UTILIZING EITHER CAC OR PIV CARD AUTHENTICATION. Who? Which? Where? With bizhub, you’ll know the answer. A smart solution for digital ID. Increase security, speed workflow. ActivIdentity and Konica Minolta. CAC and PIV cards represent the latest advance The Konica Minolta bizhub CAC & PIV Solution is This partnership solution fulfills the technically in “smart card” identification. Used by the United a comprehensive application layer developed to aggressive security requirements of the States Department of Defense as a standard ID for reside within one or more bizhub MFP devices. government – and ensures compliance with military, government and civilian employees, CAC It meets the federal government’s requirement the latest security standards and mandates, and PIV cards are used for general identification for “two factor” authentication and facilitates including FIPS 140, FIPS 201, and ISO 15408 purposes – and can also be used to control access the use of public key information (PKI) (Common Criteria) Security Certification at to computers, networks, and facilities.
    [Show full text]
  • SCM @MAXX Smart Card Reader Reference Manual
    Reference Manual – version 1.1 type A on request @MAXX prime Multifunctional token (smartcard, microSD, flash, antenna) Reference manual @MAXX prime (contact smartcard reader, microSD reader, masstorage, RF-antenna, female USB extension) USB-Stick © SCM Microsystems Oskar-Messter-Strasse, 13 85737 Ismaning Germany Phone +49 89 9595 5000 • Fax +49 89 9595 5555 Document history Date Version Description of change Responsible person 11/05/2009 0.1 Creation Stephan Rasch 03/06/2009 1.0 Reviewed version Stephan Rasch 08/06/2009 1.1 Reviewed version Stephan Rasch Approved version Contact information http://www.scmmicro.com/products-services/smart-card-readers-terminals/multifunctional- token.html For sales information, please email [email protected] @MAXX PRIME REFERENCE MANUAL TABLE OF CONTENTS 4 Table of Contents 1. Legal information ............................................................................................................... 6 1.1. Disclaimers.....................................................................................................................6 1.2. Licenses ......................................................................................................................... 6 1.3. Trademarks .................................................................................................................... 6 2. Introduction to the manual ................................................................................................. 7 2.1. Objective of the manual ................................................................................................
    [Show full text]