Giesecke and Devrient BIOTOKEN Users Manual

StarSign
USB Token Reference Manual
Edition 07.2005
®
Bio Token 3.0
ID No. 30016576 © Copyright 2005 by
This document as well as the information or material contained is copyrighted. Any use not explicitly per­mitted by copyright law requires prior consent of Giesecke & Devrient GmbH. This applies to any repro­duction, revision, translation, storage on microfilm as well as its import and processing in electronical systems, in particular.
Subject to technical changes.
© Copyright 2005 by Giesecke & Devrient GmbH - Germany – Prinzregentenstr. 159, P.O. Box 80 07 29, D-81607 München © 2005 Giesecke & Devrient GmbH. All rights reserved The names of the other products mentioned are trademarks of their respective owners.
This hardware key is in compliance with the following test specification:
CEI EN 61000-4-2; CEI EN 61000-4-3; CISPR22
as required by:
CEI EN 61000-6-1, CEI EN 61000-6-2, CEI EN 61000-6-3, CEI EN 61000-6-4
which are specified for the following test:
“ESD Immunity test”
“Radiated radio-frequency and electromagnetic field immunity test”
“Radiated Emission Verification”
In compliance with the “Essential Requisites” for the EMC Directive 89/336/EEC.
FCC ID: TIJ-BIOTOKEN
Giesecke & Devrient GmbH StarSign® Bio Token 3.0 Supply: 5V DC Absorption: 150 mA
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
IMPORTANT REMARKS
Due to the limited space on the product shell, all FCC certification references are on this technical manual.
Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

Contents

About StarSign Bio Token 3.0 ..............................................................................................1
About the Document........................................................................................................... 2
1Basics 3
1.1 General Introduction to Biometrics.............................................................................4
1.2 Biometrics, Smart Cards and Tokens ..........................................................................5
1.3 LED Status ...................... ....................................... ... ... ....................................... ... ... . 6
2 Command Reference 9
2.1 ENROLL FINGERPRINT......................... .... ... ... ... .... ...................................... .... ... ... ... .. 10
2.2 VERIFY FINGERPRINT. ...................................... .... ... ... ... ....................................... ... .. 12
2.3 VERSION INFO.............................. ... ... .... ... ....................................... ... ... ... .... ...........14
Appendix 15
A Overview of Status Bytes.......................................................................................... 16
B Technical Specifications............................................................................................18
C Reference Literature........................ ... .... ...................................... .... ... ... ... ...............19
D Glossary................................................................................................................... 20
Contents
Index ...............................................................................................................................23
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005 ID No. 30016576
Contents
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576

About StarSign Bio Token 3.0

About StarSign Bio Token 3.0
Characteristics
Features
StarSign Bio Token 3.0 is a USB-PKI token based on the STARCOS 3.0 op­erating system. The token comprises a fingerprint sensor and on-token fingerprint verification functionality. The biometric data never leaves the token.
StarSign Bio Token 3.0 is supported by StarSign middleware and can therefore be used for all public key applications supporting MS CAPI (CSP) or PKCS#11.
Fingerprint verification can be used instead of – or in addition to – PIN verification, granting a higher user convenience and a real tie between user and token. This is particularly of interest in applications that require non-repudiation.
Features of StarSign Bio Token 3.0 include: – Based on STARCOS 3.0 operating system – On-token sensor, image processing and biometric verification (on-
card matching)
– Supported by StarSign middleware; use with all public key applica-
tions supporting MS CAPI (CSP) or PKCS#11 – Security system according to 7816-4; secure writing and messaging – Cryptographic authentication and key management – Encryption
– Symmetric encryption: DES, 3DES
– Asymmetric encryption: RSA-CRT with up to 2048 bits – Support of up to 4 logical channels – Biometric enrollment and verification functionality – LED status indication
Related Standards
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005 ID No. 30016576
StarSign Bio Token 3.0 adheres to the following standards: – ISO/IEC 7816-3 – ISO/IEC 7816-4 – ISO/IEC 19794-2
More information on the relevant standards may be found in the appen­dix (see ’C Reference Literature’ on page 19).
1 of 33

About the Document

About the Document
Target Group
Required Knowledge
Notation
This manual addresses developers and specialists of smart card applica­tions.
In order to use StarSign Bio Token 3.0, you should be familiar with: – Smart card hardware/software – Related ISO/IEC standards – Experience in biometric user authentication and cryptographic ser-
vices
This document assumes that you have a basic understanding of Mi­crosoft Windows terminology and actions. Should you feel that this is not the case, it is suggested that you refer to your Windows manuals first.
In order to facilitate access to required information and to provide quick orientation, the following graphical aids and notations have been used:
This convention Indicates Italic Operating system command or
mode
Notes comprise hints and recommendations useful when working with StarSign Bio Token 3.0.
Please read warnings carefully - they are specified to prevent se­vere malfunctions and loss of data!
The header page of each ch apter features an overview of the topics cov­ered in the chapter. All technical terms and abbreviations used are ex­plained in a glossary at the end of the manual.
2 of 33 Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576

1Basics

This chapter provides you with background information on StarSig n B io Token 3.0.
Basics
Contents
1.1 General Introduction to Biometrics............................................ 4
1.2 Biometrics, Smart Cards and Tokens.......................................... 5
1.3 LED Status................................................................................. 6
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005 3 of 33 ID No. 30016576
Basics
General Introduction to Biometrics

1.1 General Introduction to Biometrics

Scope
Biometrics and other Types of User Authentication
Enrollment and Verification
Biometrics is the science of measuring physical or behavioral characteris­tics unique to an individual such as face, voice or fingerprint to verify a person's identity. Biometric characteristics can be described as some­thing we are.
Unlike user authentication based on something the user know s, such as a PIN or password, or something he or sh e has, e.g. a smart card or ot her token, biometric systems work by relying on a biometric characteristic ­something that is both unique and inseparably tied to the person. While PINs, passwords and keys can be forgotten, lost, lent or stolen, biomet­rics cannot. The user himself becomes the means of identification, the bi­ological password.
Biometric user authentication can elevate overall system security and en­hance ease of use, as users no longer have to remember PINs and pass­words.
Before biometric authentication can be used to verify the identity of a user, a biometric enrollment has to be performed beforehand. This means that the characteristic data of the biometric trait has to be cap­tured and saved as a reference in a s eparate process in advance to verifi­cation. During verification, the characteristic data of the biometric trait is captured again and compared to the previously stored reference data. If both data sets coincide to a sufficient level, access is granted.
Biometric Error Rates
Fingerprint Verification
In contrast to a PIN or password comparison, two different photos or characteristic data sets captured of the same biometric trait will always differ a bit due to positioning, background lighting, etc. Thus, biometric comparison returns a figure which represents a level of coincidence, i.e. the probability that two presented data sets belong to the same person. Depending on a threshold value, access is granted or denied. As a con­sequence, a slight possibility remains that an unauthorized user be granted access to a protected system or that a legitimate user will be de­nied access. The threshold value responsible for the error rates can be set by the system administrator. These error rates are characteristic for all bi­ometric systems and are called false acceptance rates (FAR) and false re­jection rates (FRR).
Fingerprint verification is not only the most prominent but also one of the most secure and well-understood biometric measures. Software con­verts the image of a fingerprint into digital form and extracts a set of characteristics, i.e. a template, unique to the user's fingerprint. The char­acteristic information from one fingerpr int contains up t o 60 key po ints. Crucial key points where finger-ridges end or split up are local features called minutiae. They provide unique, identifiable information.
4 of 33 Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
Biometrics, Smart Cards and Tokens

1.2 Biometrics, Smart Cards and Tokens

Basics
On-Card Matching
Access Rules
Applications
In on-card matching biometric templates, i.e. data sets, are compared with a previously stored biometric reference template in the smart card processor itself. This happens in full analogy to the PIN verification where the entered PIN is sent to the smart card processor and compared on­card with a previously stored PIN. The advantage of this method is that the reference template is stored exclusively in the secure smart card pro­cessor environment, reliably protecting sensitive personal data against unauthorized access.
An individual access rule is assigned to each elementary file on the smart card processor. As a consequence, elementary files can be accessed (read/write/update) by cryptographic authentication, PIN verification, bi­ometric authentication or a combination of all three.
The paramount application for biometrics in combination with cards and tokens is the use in public key infrastructures, where biometric user au­thentication can be used to enable the cryptographic functions or ser­vices offered by the smart card processor. Thus, for example, StarSign Bio Token can be used as a secure signature creating device, that can be legally tied to the token holder with on-card fingerprint verification.
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005 5 of 33 ID No. 30016576
Basics
LED Status

1.3 LED Status

LED Arrangement
StarSign Bio Token 3.0 contains two bicolor LEDs on the top side for vi­sually signalizing its current status and operation to the user:
– Left LED
Illuminates in either green or yellow
– Right LED
Illuminates in either red or yellow
Fig. 1 Arrangement of the LEDs
6 of 33 Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
Basics
LED Status
LED Status/Mode
The LED states listed in the table signalize the current status and opera­tion to the user:
Status/Mode LED indication Description Idle Green and red LEDs flash Waiting for command Place finger Left yellow LED blinks Wait for finger Busy Red LED blinks quickly StarSign Bio Token 3.0 is
busy
Success Green LED illuminated Enrollment/verification suc-
cessful
Reject Red LED illuminated Enrollment/verification
failed
Boot Green and red LED illumi-
Booting device
nated
TEST mode Both yellow LEDs flash Allow diagnostic com-
mands
ADMIN mode Left yellow LED flashes,
red LED illuminated
Firmware up­date
Fig. 2 LED status/mode
Both yellow LEDs illumi­nated
Allows parameter configu­ration and firmware update
Signal firmware update sta­tus
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005 7 of 33 ID No. 30016576
Loading...
+ 26 hidden pages