Winkeo-C FIDO2 + QSCD
Winkeo-C FIDO2 + QSCD is a USB Type-C security key with middleware. It is designed for FIDO and PKI applications. It is compatible with FIDO2 (CTAP 2.1) and FIDO U2F standards, and uses an eIADS QSCD (Qualified electronic Signature Creation Device) certified PKI applet. It meets European security requirements (eIDAS, QSCD, PSD2, etc.). It provides both strong authentication on the Web and in the Cloud, and a qualified electronic signature. It offers all professionals high security solutions that are easy to deploy.
Smart card / Applet
Contact smart card (ISO 7816) JCOP4 / eIDAS QSCD-certified PKI applet / FIDO2 (CTAP 2.1) + FIDO U2F compatible applet
Smart card certified common criteria EAL6+
Easy to use and to deploy
(no software installation on the client workstation)
Highest level of security
It is compatible with Windows 10 / 11 and Azure Active Directory (Azure AD). It also supports the FIDO U2F standard, enabling double authentication on online accounts such as social networks, webmails, e-commerce sites and online banking services.
In addition, Winkeo-C FIDO2 + QSCD incorporates a certified Common Criteria EAL6+ smart card component. The FIDO protocol ensures strong and secure authentication by leveraging the FIDO smart card as an authentication device, thereby enhancing the security of online accounts against phishing attacks. The eIDAS-qualified electronic signature guarantees the authenticity of the author, the integrity of the signed document, as well as its non-repudiation, in accordance with European standards and regulations regarding electronic signatures.
With Winkeo-C FIDO2 + QSCD, users benefit from high-quality logical security solutions as well as an extremely reliable qualified electronic signature solution, while remaining user-friendly.
Features
Smart card(s)
Certified Common Criteria EAL6+
Contact (ISO 7816) JCOP4
Credential number limited by available persistent memory (256 to 512 bytes per credential)
FIDO2.0 / FIDO2.1 features
- signature-algorithm:
ECC NIST P-256 / SECG secp256r1 (256 bits) - Options :
clientPIN, PIN protocol 1 and PIN protocol 2
– PIN length between 4 and 63 bytes
– PIN try limit set to 8. After 8 unsuccessful tries, the authenticator must be reset
– No default value
ep – Enterprise Attestation (personalization option)
All supported options and extensions (pinUvAuthToken, authnrCfg, largeBlobs…) - Extensions :
credProtect
hmac-secret
credBlob (personalization option)
largeBlobKey (personalization option)
minPinLength (personalization option)
QSCD features
- Crypto-algorithms:
RSA 2K (2048 bits)
RSA 3K (3072 bits)
RSA 4K (4096 bits)
ECC NIST P-256 / SECG secp256r1 (256 bits)
ECC NIST P-384 / SECG secp384r1 (384 bits)
ECC NIST P-521 / SECG secp521r1 (521 bits) - Options :
PIN
– PIN length between 5 and 15 bytes
– PIN try limit set to 3
PUK
– PUK length between 5 and 15 bytes
– PUK try limit set to 3
Supported operating systems and browsers
Operating Systems:
– QSCD : Windows, Mac OS, Linux, Android, iOS
– FIDO: Windows
Browsers: Chrome, Chromium, Vivaldi, Opera, Mozilla Firefox, Microsoft Edge (via WebAuthn/FIDO2 CTAP)
Associated optional services
- Graphical customization: logo, photo, name, unique number…
Size / Weight
Length 39.7 mm / Width 17 mm / Thickness 8.25 mm / Weight 5 g