Home » Products » FIDO2 + QSCD range » Badgeo FIDO2 + QSCD
Carte à puce à contact Badgeo FIDO2 + QSCD de NEOWAVE

Badgeo FIDO2 + QSCD

Badgeo FIDO2 + QSCD is a contact smart card with middleware. It is designed for FIDO and PKI applications. It is compatible with FIDO2 (CTAP 2.1) and FIDO U2F standards, and uses an eIDAS QSCD (Qualified electronic Signature Creation Device) certified PKI applet. It meets European security requirements (eIDAS, QSCD, PSD2, etc.). It provides both strong authentication on the Web and in the Cloud, and a qualified electronic signature. It offers all professionals high security solutions that are easy to deploy.

NEOWAVE Cybersecurity Made in Europe
Logo eIDAS pour la brochure Badgeo FIDO2 + QSCD de NEOWAVE

Smart card / Applet

Contact smart card (ISO 7816) / eIDAS QSCD-certified PKI applet / FIDO2 (CTAP 2.1) + FIDO U2F compatible applet

Smart card certified common criteria EAL6+

FIDO, easy to use and to deploy

No software installation on the client workstation

Highest level of security

(protection against phishing and preservation of electronic document integrity)

Badgeo FIDO2 + QSCD is a contact smart card manufactured in Europe. It integrates a certified eIDAS QSCD PKI applet, as well as the FIDO2 (CTAP 2.1) and FIDO U2F standards of the FIDO Alliance (Fast Identity Online). The FIDO protocol is based on asymmetric cryptographic architectures. It involves the use of a private/public key pair, with the private key always remaining on the Badgeo FIDO2 + QSCD card. The FIDO2 standard offers secure authentication without the need for a password. Simply insert the Badgeo FIDO2 + QSCD smart card into your PC or contact smart card reader and enter your PIN to authenticate and and open your session. In this way, the smart card easily replaces your password.

It is compatible with Windows 10 / 11 and Microsoft Entra ID. It also supports the FIDO U2F standard, enabling double authentication on online accounts such as social networks, webmails, e-commerce sites and online banking services.

The FIDO protocol ensures strong and secure authentication by leveraging the FIDO smart card as an authentication device, thereby enhancing the security of online accounts against phishing attacks. The eIDAS-qualified electronic signature guarantees the authenticity of the author, the integrity of the signed document, as well as its non-repudiation, in accordance with European standards and regulations regarding electronic signatures.

With Badgeo FIDO2 + QSCD, users benefit from high-quality logical security solutions as well as an extremely reliable qualified electronic signature solution, while remaining user-friendly.

Features

Interface(s)

Contact ISO/IEC 7816

 

Smart card(s)

Java Card ™ certified Common Criteria EAL6+

 

Wide compatibility

• Strong authentication, directories, PKI, SSO, VPN, encryption, digital signature
• Windows 10/11 with Microsoft Entra ID and over 250 online services such as Gmail, PayPal, OVH, WordPress, Dropbox
• Identity federations such as Evidian, Ilex, Okta, Ping Identity

Supported operating systems and browsers

Operating Systems:
– QSCD : Windows, Mac and Linux
– FIDO: Windows
Browsers: Edge, Firefox, Chrome, Safari

Middleware

Middleware AET SafeSign Identity Client (CSP/KSP/PKCS#11)

QSCD features

  • Crypto-algorithms:
    RSA 2K (2048 bits)
    RSA 3K (3072 bits)
    RSA 4K (4096 bits)
    ECC NIST P-256 / SECG secp256r1 (256 bits)
    ECC NIST P-384 / SECG secp384r1 (384 bits)
    ECC NIST P-521 / SECG secp521r1 (521 bits)
  • Options :
    PIN
    – PIN length between 5 and 15 bytes
    – PIN try limit set to 3
    PUK
    – PUK length between 5 and 15 bytes
    – PUK try limit set to 3

FIDO2.1 features

• credProtect
• hmac-secret
• Resident keys (rk) – Detectable credential
– Maximum number limited by an available persistent memory (200 to 512 bytes per credential)
• User PIN, PIN 1 and PIN 2 protocols
– PIN length between 4 Unicode characters and 63 bytes
– PIN try limit set to 8. After 8 unsuccessful tries, the authenticator must be reset.
– No default value
– Management of specific PIN policies
• Customization options:
– credBlob
– largeBlobKey
– noMcGaPermissionsWithClientPin
– largeBlobs
– minPinLength
– pinUvAuthToken
– ep – Enterprise Attestation
– authnrCfg
– credMgmt
– setMinPINLength
– makeCredUvNotRqd
– alwaysUv

Supported signature-algorithm

  • ECC NIST P-256 / SECG secp256r1 (256 octets)

Associated optional services

  • Graphical customization: logo, photo, name, unique number…
  • Physical access with DESFire EV3 (ISO 15693)

Size / Weight

Format ID-1: Length 85.60 mm / Width 54 mm / Thickness 0.76 mm / Weight 5g

Download the technical brochure

I would like more information on the NEOWAVE offer

Contact us