SOLUTION BRIEF
IDPrime MD
Minidriver-Enabled PKI Smart Cards
IDPrime MD are Minidriver-enabled PKI certificate-based smart cards that provide a high level of assurance of the identity of the user attempting to gain logical access to the network. Built with proven smart card technology, the IDPrime MD cards are strong, yet simple to use, never burdening users with long, complicated passwords or cumbersome hardware devices. Whatever the security need, whatever the job function, IDPrime MD is a perfect solution to meet your needs. The IDPrime product portfolio is made up of a variety of cards with varying feature choices, including contactless technologies, certification type, and secure storage. These smart card-based products can be combined with proximity technology to also provide for physical access, and with security printing processes, can serve as visual identity as well. IDPrime MD smart cards leverage the built-in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) or Microsoft Identity Manager, the IDPrime MD certificate-based authentication solution is virtually plug and play. IDPrime MD cards are also fully integrated in IDGo 800 middleware and are progressively being integrated in the SafeNet Authentication Client middleware, rendering them compatible with any environment including MAC OS and Linux.
IDPrime MD Minidriver-Enabled PKI Smart Cards - Solution Brief
Features and Benefits >> Perfect integration in Windows environments. >> Compatible with the IDGo 800 middleware suite, available on Windows, MAC, Linux, Android, iOS, and the SafeNet Authentication Client middleware. >> The dual interface of IDPrime MD 3810 and MD 3840 offers a compatibility to both ISO standard and NFC standard, already widely deployed with smartphones and tablets. >> Support for Certificate Based Strong authentication >> As reflected by the FIPS 140-2 Level 3 certification and the CC EAL5+ / PP SSCD certification, the IDPrime MD smart cards implement the most advanced security countermeasures for enforcing protection of all sensitive data and functions in the card. >> Enhanced cryptographic support, with PKI services available with both RSA and Elliptic curves. >> MPCOS applet option for e-purse and data management services.
IDPrime MD smart cards can also be combined with the SafeNet Reader CT1100 and K1100 and the IDGo 800 middleware and SDK for Mobile (Android, iOS), to allow compatibility with any PC and mobile devices. Some IDPrime MD smart cards are certified according to US regulations (FIPS 140-2 Level 3) or European regulations (CC EAL5+ / PP SSCD). IDPrime MD smart cards can also be manufactured as dual interface and are compatible with the NFC interface present on many smartphones and tablets. The IDPrime MD family offers a wide selection of cards with various feature sets.
1
IDPrime MD Family IDPrime MD 830/840 Contact These PKI minidriver smart cards are contact and are either FIPS (MD 830) or Common Criteria (MD 840) certified. The MD memory allows the storage of up to 15 RSA or Elliptic curve key containers.
IDPrime MD 831/841 (hybrid) IDPrime MD 831 / 841 are the hybrid versions of IDPrime MD 830/840, offering a choice of contactless card bodies for Physical Access Control applications. To find out more about SafeNet authentication solutions go to: www.safenet-inc.com/multi-factor-authentication/
About Gemalto’s SafeNet Identity and Data Protection Solutions Through its acquisition of SafeNet, Gemalto offers one of the most complete portfolios of enterprise security solutions in the world, enabling its customers to enjoy industryleading protection of data, digital identities, payments and transactions – from the edge to the core. Gemalto’s newly expanded portfolio of SafeNet Identity and Data Protection solutions enables enterprises across many verticals, including major financial institutions and governments, to take a data-centric approach to security by utilizing innovative encryption methods, best-in-class crypto management techniques, and strong authentication and identity management solutions to protect what matters, where it matters. Through these solutions, Gemalto helps organizations achieve compliance with stringent data privacy regulations and ensure that sensitive corporate assets, customer information, and digital transactions are safe from exposure and manipulation in order to protect customer trust in an increasingly digital world.
Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: data-protection.safenet-inc.com
GEMALTO.COM IDPrime MD Minidriver-Enabled PKI Smart Cards - Solution Brief
©Gemalto 2016. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. SB (EN)-date 11May2016 - Design: RM
IDPrime MD 3810/3840 Dual These PKI minidriver-based cards have a dual contact contactless interface. These cards are also NFC compliant and the MD 3840 is common criteria certified. The MD memory allows the storage of up to 15 RSA or Elliptic curve key containers.
2
PRODUCT BRIEF
IDPrime 830 Plug & Play Smart Cards
As cybercriminals get smarter and more determined than ever, more and more businesses and government agencies are coming to the realization that single-factor authentication solutions using simple usernames and passwords are not enough. Gemalto, the world leader in digital security, offers an extensive portfolio of strong authentication solutions to help address the need for multi-factor authentication. The IDPrime MD 830 is a contact interface smart card, FIPS 140-2 Level 3 & FIPS 140-2 Level 2 certified for both the java platform and the combination of java platform plus PKI applet.
Future-Proofed and Scalable with Centralized Management Control IDPrime MD 830 is based on the advanced Gemalto IDCore 30 platform, and integrates seamlessly with third-party applications through SafeNet Authentication development tools, supports SafeNet PKI and password management applications and software development tools, and allows customization of applications and extension of functionality through on-board Java applets. It is also supported by SafeNet Authentication Manager, which reduces IT overhead by streamlining all authentication operations, including deployment, provisioning, enrollment, and ongoing maintenance, as well as offering support for lost tokens.
IDPrime 830 Plug & Play Smart Cards - Product Brief
Benefits >> Perfect integration in Windows environment—Certified and distributed by Microsoft, the IDPrime MD minidriver ensures immediate integration with all Microsoft environments, plus Plug & Play service up to Windows 10, based on a secure chip flashmask with a total capacity of 300KB. >> Centralized management control— IDPrime 830 is fully supported by SafeNet Authentication Manager, which reduces IT overhead by streamlining all authentication operations, including deployment, provisioning, enrollment, and ongoing maintenance, as well as offering support for lost tokens. >> No compromise on security —As reflected by the FIPS 140-2 Level 3 certification of the combination of java platform and the PKI applet, the IDPrime MD 830 smart cards implement the most advanced security countermeasures for enforcing protection of all sensitive data and functions in the card. >> Enhanced cryptographic support—IDPrime MD offers PKI services with both RSA and elliptic curves.
Strong Security As reflected by the FIPS 140-2 Level 3 certification of the combination of java platform and the PKI applet, the IDPrime MD 830 smart cards implement the most advanced security countermeasures for enforcing protection of all sensitive data and functions in the card. IDPrime MD smart cards are secured with both RSA and elliptic curves algorithms, and address a range of use cases that require PKI security, including secure access, email encryption, secure data storage, digital signatures and secure online transactions for end users.
1
IDPrime MD 830 is part of a large range of Gemalto IDPrime smart cards and benefits from Gemalto’s extensive experience with minidriver enabled smart cards. Gemalto’s Identity Protection solutions enable enterprises, financial organizations and service providers to protect the daily digital interactions of employees, partners and customers by ensuring secure access to online resources and securing financial transactions. Gemalto’s flexible management platforms and broad range of strong authentication technologies and form factors, allow organizations to adopt a forward-looking identity management strategy, ensuring that their security needs are met as new threats and use cases evolve. To learn more about Gemalto’s complete portfolio of authentication solutions, visit our website at: www.gemalto.com/identity.
About Gemalto’s SafeNet Identity and Data Protection Solutions Gemalto offers one of the most complete portfolios of enterprise security solutions in the world, enabling its customers to enjoy industry-leading protection of digital identities, transactions, payments, and data – from the edge to the core. Gemalto’s portfolio of SafeNet Identity and Data Protection solutions enable enterprises across many verticals, including major financial institutions and governments, to take a data-centric approach to security by utilizing innovative encryption methods, best-in-class crypto management techniques, and strong authentication and identity management solutions to protect what matters, where it matters. Through these solutions, Gemalto helps organizations achieve compliance with stringent data privacy regulations and ensure that sensitive corporate assets, customer information, and digital transactions are safe from exposure and manipulation in order to protect customer trust in an increasingly digital world.
Product characteristics Memory
IDPrime MD memory allows the storage of up to 15 RSA or Elliptic curve key containers
Standards
BaseCSP Minidriver v7 (IDGo 800 Minidriver) PKCS#11 & CSP (SafeNet Authentication Client)
Operating systems
Windows, MAC, Linux, Android, iOS
Cryptographic algorithms
> Symmetric: 3DES (ECB, CBC), AES (128, 192, 256 bits) > Hash: SHA-1, SHA-256, SHA-384, SHA-512 > RSA: up to RSA 2048 bits > RSA OAEP & RSA PSS > Elliptic curves: P-256, P-384, P-521 bits, ECDSA, ECDH > On-card asymmetric key pair generation (RSA up to RSA2048 & Elliptic curves, RSA 1024 support available in FIPS 140-2 Level 2 configuration)
Communication protocols
T=0, T=1, PPS, with baud up to 460 Kbps
Other features
Onboard PIN Policy Multi-PIN support IDPrime family of cards can be customized (card body and programming) to fit customers’ needs.
Technology
Embedded crypto engine for symmetric and asymmetric cryptography
Lifetime
Minimum 500,000 write/erase cycles Data retention for minimum 25 years
Certification (Chip)
CC EAL6+
Certification (Java and applet)
FIPS 140-2 Level 3
Gemalto original applets
MPCOS E-purse & secure data management application
Security The IDPrime MD smart cards include multiple hardware and software countermeasures against various attacks: side channel attacks, invasive attacks, advanced fault attacks and other types of attacks. IDPrime MD 830 is is both FIPS 140-2 Level 3 and FIPS 140-2 Level 2 certified for both the java platform and the combination of java platform plus PKI applet.
Contact Us: For all office locations and contact information, please visit safenet.gemalto.com Follow Us: blog.gemalto.com/security
GEMALTO.COM IDPrime 830 Plug & Play Smart Cards - Product Brief
©Gemalto 2016. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. PB (EN)-date 05Sep2016 - Design: RM
Why Gemalto
2
PRODUCT BRIEF
IDPrime 840 Plug & Play Smart Cards
As cybercriminals get smarter and more determined than ever, more and more businesses and government agencies are coming to the realization that single-factor authentication solutions using simple usernames and passwords are not enough. Gemalto, the world leader in digital security, offers an extensive portfolio of strong authentication solutions to help address the need for multi-factor authentication. IDPrime MD smart cards are designed for PKI-based applications, and come with an IDGo 800 minidriver that offers perfect integration with native support for Microsoft® environments (through Windows 10), without any additional middleware.
Compatible with Any Environment In addition to its seamless integration into Windows ecosystems, the IDPrime MD 840 is a contact interface smart card and is compatible with any environment through support by the SafeNet Authentication Client and the IDGo 800 libraries. IDPrime MD smart cards are also fully supported by the IDGo 800 middleware and SDK for Mobile (Android, iOS).
Strong Security IDPrime MD smart cards are secured with both RSA and elliptic curves algorithms, and address a range of use cases that require PKI security, including secure access, email encryption, secure data storage, digital signatures and secure online transactions for end users. IDPrime MD 840 is CC EAL5+ / PP Java Card certified for
IDPrime 840 Plug & Play Smart Cards - Product Brief
Benefits >> Perfect integration in Windows environment—Certified and distributed by Microsoft, the IDPrime MD minidriver ensures immediate integration with all Microsoft environments, plus Plug & Play service up to Windows 10. Secure chip EEPROM capacities of 80 KB >> Compatible with any environment—The MD 840 is fully supported by the SafeNet Authentication Client and IDGo 800 mobile for Android and iOS. >> Compliant with eIDAS regulations—IDPrime MD 840 is CC EAL5+ / PP QSCD certified offering state-of-theart security and is fully compliant with European eIDAS regulations. Its java platform is also CC EAL5+ / PP Java Card certified. >> Multi-application smart cards— IDPrime MD cards can have optional onboard applet for MPCOS e-purse >> Enhanced cryptographic support—IDPrime MD offers PKI services with both RSA and elliptic curves.
the Java platform and CC EAL5+ / PP QSCD certified for the combination of Java platform and PKI applet. The CC EAL5+ / PP QSCD certification is based on the Protection Profiles EN 419211 part 1 to 6, as mandated by eIDAS regulations.
Optional Onboard Applets IDPrime MD cards are multi-application smart cards, meaning they can have optional onboard applets for various functions. An MPCOS applet can be added to provide both e-purse and data management services.
1
IDPrime MD 840 is part of a large range of Gemalto IDPrime smart cards and benefits from Gemalto’s extensive experience with minidriver enabled smart cards. Gemalto’s Identity Protection solutions enable enterprises, financial organizations and service providers to protect the daily digital interactions of employees, partners and customers by ensuring secure access to online resources and securing financial transactions. Gemalto’s flexible management platforms and broad range of strong authentication technologies and form factors, allow organizations to adopt a forward-looking identity management strategy, ensuring that their security needs are met as new threats and use cases evolve. To learn more about Gemalto’s complete portfolio of authentication solutions, visit our website at: www.gemalto.com/identity.
About Gemalto’s SafeNet Identity and Data Protection Solutions Through its acquisition of SafeNet, Gemalto offers one of the most complete portfolios of enterprise security solutions in the world, enabling its customers to enjoy industryleading protection of data, digital identities, payments and transactions – from the edge to the core. Gemalto’s newly expanded portfolio of SafeNet Identity and Data Protection solutions enables enterprises across many verticals, including major financial institutions and governments, to take a data-centric approach to security by utilizing innovative encryption methods, best-in-class crypto management techniques, and strong authentication and identity management solutions to protect what matters, where it matters. Through these solutions, Gemalto helps organizations achieve compliance with stringent data privacy regulations and ensure that sensitive corporate assets, customer information, and digital transactions are safe from exposure and manipulation in order to protect customer trust in an increasingly digital world.
Product characteristics Memory
80KB total, including 50KB available for data, certificates and additional applets. IDPrime MD memory allows the storage of up to 15 RSA or Elliptic curve key containers (depending on the card profile)
Standards
BaseCSP Minidriver v7 (IDGo 800 Minidriver) CSP and PKCS#11 (SafeNet Authentication Client)
Operating systems
Windows, MAC, Linux, Android, iOS
Cryptographic algorithms
> Symmetric: 3DES (ECB, CBC), AES (128, 192, 256 bits) > Hash: SHA-1, SHA-256, SHA-384, SHA-512. > RSA: up to RSA 2048 bits (and optionally up to 4096 bits) > RSA OAEP & RSA PSS > Elliptic curves: P-256, P-384, P-521 bits, ECDSA, ECDH > On-card asymmetric key pair generation (RSA up to RSA2048 & Elliptic curves)
Communication protocols
T=0, T=1, PPS, with baud up to 230 Kbps
Other features
Onboard PIN Policy Multi-PIN support (including a dedicated IDGo 800 Credential Provider) IP Prime family of cards can be customized (card body and programming) to fit customers’ needs.
Gemalto original applets MPCOS
E-purse & secure data management application
Chip characteristics Technology
Embedded crypto engine for symmetric and asymmetric cryptography
Lifetime
Minimum 500,000 write/erase cycles Data retention for minimum 25 years
Certification
CC EAL5+
Security The IDPrime MD smart cards include multiple hardware and software countermeasures against various attacks: side channel attacks, invasive attacks, advanced fault attacks and other types of attacks. The IDPrime MD 840 is both CC EAL5+ / PP Java Card certified for the java platform and CC EAL5+ / PP QSCD certified for the combination of java platform plus PKI applet.
Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: data-protection.safenet-inc.com
GEMALTO.COM IDPrime 840 Plug & Play Smart Cards - Product Brief
©Gemalto 2016. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. PB (EN)-date 02Sep2016 - Design: RM
Why Gemalto
2