This document as well as the information or material contained is copyrighted. Any use not explicitly permitted by copyright law requires prior consent of Giesecke & Devrient GmbH. This applies to any reproduction, revision, translation, storage on microfilm as well as its import and processing in electronical
systems, in particular.
This hardware key is in compliance with the following test specification:
CEI EN 61000-4-2; CEI EN 61000-4-3; CISPR22
as required by:
CEI EN 61000-6-1, CEI EN 61000-6-2, CEI EN 61000-6-3, CEI EN 61000-6-4
which are specified for the following test:
• “ESD Immunity test”
• “Radiated radio-frequency and electromagnetic field immunity test”
• “Radiated Emission Verification”
In compliance with the “Essential Requisites” for the EMC Directive 89/336/EEC.
FCC ID: TIJ-BIOTOKEN
Giesecke & Devrient GmbH
StarSign® Bio Token 3.0
Supply: 5V DC
Absorption: 150 mA
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1)
this device may not cause harmful interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
IMPORTANT REMARKS
Due to the limited space on the product shell, all FCC certification references are on this technical manual.
Changes or modifications not expressly approved by the party responsible for compliance could void the
user’s authority to operate the equipment.
Contents
About StarSign Bio Token 3.0 ..............................................................................................1
About the Document........................................................................................................... 2
1Basics3
1.1General Introduction to Biometrics.............................................................................4
1.2Biometrics, Smart Cards and Tokens ..........................................................................5
Index ...............................................................................................................................23
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
Contents
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
About StarSign Bio Token 3.0
About StarSign Bio Token 3.0
Characteristics
Features
StarSign Bio Token 3.0 is a USB-PKI token based on the STARCOS 3.0 operating system. The token comprises a fingerprint sensor and on-token
fingerprint verification functionality. The biometric data never leaves the
token.
StarSign Bio Token 3.0 is supported by StarSign middleware and can
therefore be used for all public key applications supporting MS CAPI
(CSP) or PKCS#11.
Fingerprint verification can be used instead of – or in addition to – PIN
verification, granting a higher user convenience and a real tie between
user and token. This is particularly of interest in applications that require
non-repudiation.
Features of StarSign Bio Token 3.0 include:
– Based on STARCOS 3.0 operating system
– On-token sensor, image processing and biometric verification (on-
card matching)
– Supported by StarSign middleware; use with all public key applica-
tions supporting MS CAPI (CSP) or PKCS#11
– Security system according to 7816-4; secure writing and messaging
– Cryptographic authentication and key management
– Encryption
– Symmetric encryption: DES, 3DES
– Asymmetric encryption: RSA-CRT with up to 2048 bits
– Support of up to 4 logical channels
– Biometric enrollment and verification functionality
– LED status indication
Related Standards
Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
StarSign Bio Token 3.0 adheres to the following standards:
– ISO/IEC 7816-3
– ISO/IEC 7816-4
– ISO/IEC 19794-2
More information on the relevant standards may be found in the appendix (see ’C Reference Literature’ on page 19).
1 of 33
About the Document
About the Document
Target Group
Required Knowledge
Notation
This manual addresses developers and specialists of smart card applications.
In order to use StarSign Bio Token 3.0, you should be familiar with:
– Smart card hardware/software
– Related ISO/IEC standards
– Experience in biometric user authentication and cryptographic ser-
vices
This document assumes that you have a basic understanding of Microsoft Windows terminology and actions. Should you feel that this is
not the case, it is suggested that you refer to your Windows manuals
first.
In order to facilitate access to required information and to provide quick
orientation, the following graphical aids and notations have been used:
This conventionIndicates
ItalicOperating system command or
mode
Notes comprise hints and recommendations useful when working with
StarSign Bio Token 3.0.
Please read warnings carefully - they are specified to prevent severe malfunctions and loss of data!
The header page of each ch apter features an overview of the topics covered in the chapter. All technical terms and abbreviations used are explained in a glossary at the end of the manual.
2 of 33Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
1Basics
This chapter provides you with background information on StarSig n B io
Token 3.0.
Basics
Contents
1.1General Introduction to Biometrics............................................ 4
1.2Biometrics, Smart Cards and Tokens.......................................... 5
Reference Manual StarSign® Bio Token 3.0/Edition 07.20053 of 33
ID No. 30016576
Basics
General Introduction to Biometrics
1.1General Introduction to Biometrics
Scope
Biometrics and other
Types of User
Authentication
Enrollment and
Verification
Biometrics is the science of measuring physical or behavioral characteristics unique to an individual such as face, voice or fingerprint to verify a
person's identity. Biometric characteristics can be described as something we are.
Unlike user authentication based on something the user know s, such as
a PIN or password, or something he or sh e has, e.g. a smart card or ot her
token, biometric systems work by relying on a biometric characteristic something that is both unique and inseparably tied to the person. While
PINs, passwords and keys can be forgotten, lost, lent or stolen, biometrics cannot. The user himself becomes the means of identification, the biological password.
Biometric user authentication can elevate overall system security and enhance ease of use, as users no longer have to remember PINs and passwords.
Before biometric authentication can be used to verify the identity of a
user, a biometric enrollment has to be performed beforehand. This
means that the characteristic data of the biometric trait has to be captured and saved as a reference in a s eparate process in advance to verification. During verification, the characteristic data of the biometric trait is
captured again and compared to the previously stored reference data. If
both data sets coincide to a sufficient level, access is granted.
Biometric Error Rates
Fingerprint
Verification
In contrast to a PIN or password comparison, two different photos or
characteristic data sets captured of the same biometric trait will always
differ a bit due to positioning, background lighting, etc. Thus, biometric
comparison returns a figure which represents a level of coincidence, i.e.
the probability that two presented data sets belong to the same person.
Depending on a threshold value, access is granted or denied. As a consequence, a slight possibility remains that an unauthorized user be
granted access to a protected system or that a legitimate user will be denied access. The threshold value responsible for the error rates can be set
by the system administrator. These error rates are characteristic for all biometric systems and are called false acceptance rates (FAR) and false rejection rates (FRR).
Fingerprint verification is not only the most prominent but also one of
the most secure and well-understood biometric measures. Software converts the image of a fingerprint into digital form and extracts a set of
characteristics, i.e. a template, unique to the user's fingerprint. The characteristic information from one fingerpr int contains up t o 60 key po ints.
Crucial key points where finger-ridges end or split up are local features
called minutiae. They provide unique, identifiable information.
4 of 33Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
Biometrics, Smart Cards and Tokens
1.2Biometrics, Smart Cards and Tokens
Basics
On-Card Matching
Access Rules
Applications
In on-card matching biometric templates, i.e. data sets, are compared
with a previously stored biometric reference template in the smart card
processor itself. This happens in full analogy to the PIN verification where
the entered PIN is sent to the smart card processor and compared oncard with a previously stored PIN. The advantage of this method is that
the reference template is stored exclusively in the secure smart card processor environment, reliably protecting sensitive personal data against
unauthorized access.
An individual access rule is assigned to each elementary file on the smart
card processor. As a consequence, elementary files can be accessed
(read/write/update) by cryptographic authentication, PIN verification, biometric authentication or a combination of all three.
The paramount application for biometrics in combination with cards and
tokens is the use in public key infrastructures, where biometric user authentication can be used to enable the cryptographic functions or services offered by the smart card processor. Thus, for example, StarSign
Bio Token can be used as a secure signature creating device, that can be
legally tied to the token holder with on-card fingerprint verification.
Reference Manual StarSign® Bio Token 3.0/Edition 07.20055 of 33
ID No. 30016576
Basics
LED Status
1.3LED Status
LED Arrangement
StarSign Bio Token 3.0 contains two bicolor LEDs on the top side for visually signalizing its current status and operation to the user:
– Left LED
Illuminates in either green or yellow
– Right LED
Illuminates in either red or yellow
Fig. 1Arrangement of the LEDs
6 of 33Reference Manual StarSign® Bio Token 3.0/Edition 07.2005
ID No. 30016576
Basics
LED Status
LED Status/Mode
The LED states listed in the table signalize the current status and operation to the user:
Status/ModeLED indicationDescription
IdleGreen and red LEDs flash Waiting for command
Place fingerLeft yellow LED blinksWait for finger
BusyRed LED blinks quicklyStarSign Bio Token 3.0 is
busy
SuccessGreen LED illuminatedEnrollment/verification suc-
cessful
RejectRed LED illuminatedEnrollment/verification
failed
BootGreen and red LED illumi-
Booting device
nated
TEST modeBoth yellow LEDs flashAllow diagnostic com-
mands
ADMIN mode Left yellow LED flashes,
red LED illuminated
Firmware update
Fig. 2LED status/mode
Both yellow LEDs illuminated
Allows parameter configuration and firmware update
Signal firmware update status
Reference Manual StarSign® Bio Token 3.0/Edition 07.20057 of 33
ID No. 30016576
Loading...
+ 26 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.