Home » Products » FIDO2 + QSCD range » Winkeo2J-A FIDO2 + QSCD
Carte à puce à contact Badgeo FIDO2 + QSCD de NEOWAVE

Winkeo2J-A FIDO2 + QSCD

Winkeo2J-A FIDO2 + QSCD is a USB Type-A security key with middleware. It is designed for FIDO and PKI applications. It is compatible with FIDO2 (CTAP 2.1) and FIDO U2F standards, and uses an eIADS QSCD (Qualified electronic Signature Creation Device) certified PKI applet. It is FIDO2 L2 certified and meets European security requirements (eIDAS, QSCD, PSD2, etc.). It provides both strong authentication on the Web and in the Cloud, and a qualified electronic signature. It offers all professionals high security solutions that are easy to deploy.

NEOWAVE Cybersecurity Made in Europe
Logo eIDAS pour la brochure Badgeo FIDO2 + QSCD de NEOWAVE

USB-A security key compatible with FIDO2 (CTAP2.1) and PKI/QSCD

QSCD / eIDAS Certification

FIDO2 L2 certification

Highest level of security

(protection against phishing and preservation of electronic document integrity)

Winkeo2J-A FIDO2 + QSCD is a a USB Type-A security key​ manufactured in Europe. It integrates a certified eIDAS QSCD PKI applet, as well as the FIDO2 (CTAP 2.1) and FIDO U2F standards of the FIDO Alliance (Fast Identity Online). It is FIDO2 L2 certified. The FIDO protocol is based on asymmetric cryptographic architectures. It involves the use of a private/public key pair, with the private key always remaining on the Winkeo2J-A FIDO2 + QSCD card. The FIDO2 standard offers secure authentication without the need for a password. Simply insert the Winkeo2J-A FIDO2 + QSCD security key into your PC and enter your PIN to authenticate and and open your session. In this way, the smart card easily replaces your password.

It is compatible with Windows 10 / 11 and Microsoft Entra ID. It also supports the FIDO U2F standard, enabling double authentication on online accounts such as social networks, webmails, e-commerce sites and online banking services.

In addition, Winkeo2J-A FIDO2 + QSCD incorporates a certified Common Criteria EAL6+ smart card component. The FIDO protocol ensures strong and secure authentication by leveraging the FIDO smart card as an authentication device, thereby enhancing the security of online accounts against phishing attacks. The eIDAS-qualified electronic signature guarantees the authenticity of the author, the integrity of the signed document, as well as its non-repudiation, in accordance with European standards and regulations regarding electronic signatures.

With Winkeo2J-A FIDO2 + QSCD, users benefit from high-quality logical security solutions as well as an extremely reliable qualified electronic signature solution, while remaining user-friendly.

Features

Interface

USB-A PC/SC and HID

Certifications

  • Java Card™ smart card (micro-SIM format) certified Common Criteria EAL6+
  • FIDO2 L2 certification
  • QSCD / eIDAS certification
  • “Cybersecurity Made in Europe” label

Wide compatibility

• Strong authentication, directories, PKI, SSO, VPN, encryption, digital signature…
• Windows 10/11 with Microsoft Entra ID and over 250 online services such as Gmail, Paypal, OVH, WordPress, Dropbox
• Identity federations such as Evidian, Ilex, Okta, Ping Identity

Supported operating systems and browsers

Operating Systems:
– QSCD : Windows, Mac and Linux
– FIDO: Windows
Browsers: Chrome, Chromium, Vivaldi, Opera, Mozilla Firefox, Microsoft Edge (via WebAuthn/FIDO2 CTAP)

Middleware

Middleware SafeSign Identity Client (CSP/KSP/PKCS#11)

FIDO2.1 features

• credProtect
• hmac-secret
• Resident keys (rk) – Detectable credential
– Maximum number limited by an available persistent memory (200 to 512 bytes per credential)
• User PIN, PIN 1 and PIN 2 protocols
– PIN length between 4 Unicode characters and 63 bytes
– PIN try limit set to 8. After 8 unsuccessful tries, the authenticator must be reset.
– No default value
– Management of specific PIN policies
• Customization options:
– credBlob
– largeBlobKey
– noMcGaPermissionsWithClientPin
– largeBlobs
– minPinLength
– pinUvAuthToken
– ep – Enterprise Attestation
– authnrCfg
– credMgmt
– setMinPINLength
– makeCredUvNotRqd
– alwaysUv

QSCD features

  • Crypto-algorithms:
    RSA 2K (2048 bits)
    RSA 3K (3072 bits)
    RSA 4K (4096 bits)
    ECC NIST P-256 / SECG secp256r1 (256 bits)
    ECC NIST P-384 / SECG secp384r1 (384 bits)
    ECC NIST P-521 / SECG secp521r1 (521 bits)
  • Options :
    PIN
    – PIN length between 5 and 15 bytes
    – PIN try limit set to 3
    PUK
    – PUK length between 5 and 15 bytes
    – PUK try limit set to 3

Supported signature-algorithm

  • ECC P-256 (secp256r1)

Associated optional services

  • Graphical customization: logo, photo, name, unique number…

Size / Weight

• Length 43.8 mm / width 18 mm / height 9.76 mm
• Weight: 6 g

Download the technical brochure

I would like more information on the NEOWAVE offer

Contact us