Giesecke and Devrient BTM31 Users Manual
StarSign
USB Token
Reference Manual
Edition 07.2007
®
Bio Token 3.1 M
ID No. 30023721
© Copyright 2007 by
Giesecke & Devrient GmbH
Prinzregentenstr. 159
Postfach 80 07 29
D-81607 München
This document as well as the information or material contained is copyrighted. Any use not explicitly permitted by copyright law requires prior consent of Giesecke & Devrient GmbH. This applies to any reproduction, revision, translation, storage on microfilm as well as its import and processing in electronical
systems, in particular.
Subject to technical changes.
StarSign
®
Bio Token is a registered trademark of Giesecke & Devrient GmbH.
© Copyright 2007 by Giesecke & Devrient GmbH - Germany – Prinzregentenstr. 159, P.O. Box 80 07
NOTE: This equipment has been tested and found to comply with the limits for a Class B digital device,
provide reasonable protection against
frequency energy and, if not installed and used in accordance with the instructions, may cause harmful
ce to radio communications. However, there is no guarantee that interference will not occur in a
which can be determined by turning the equipment o
ff and on, the user is encouraged to try to correct the
Caution: changes or modifications not expressly approved by the party responsible for compliance could
29, D-81607 München © 2007 Giesecke & Devrient GmbH. All rights reserved The names of the other
products mentioned are trademarks of their respective owners.
This hardware key is in compliance with the following test specification: CEI EN 61000-4-2;
CEI EN 61000-4-3; CISPR22 as required by: CEI EN 61000-6-1, CEI EN 61000-6-2, CEI EN
61000-6-3, CEI EN 61000-6-4 which are specified for the following test:
• “ESD Immunity test”
• “Radiated radio-frequency and electromagnetic field immunity test”
• “Radiated Emission Verification”
In compliance with the “Essential Requisites” for the EMC Directives 89/336/EEC & 2004/108/EEC.
FCC ID: TIJ-BTM31
Giesecke & Devrient
GmbH StarSign® Bio
Token 3.1 Supply: 5V DC
Absorption: 250 mA
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) this device may not cause harmful interference, and (2) this device must accept any interference
received, including interference that may cause undesired operation.
pursuant to Part 15 of the FCC Rules. These limits are designed to
harmful interference in a residential installation. This equipment generates, uses and can radiate radio
interferen
particular installation. If this equipment does cause harmful interference to radio or television reception,
interference by one or more of the following measures:
- Reorient or relocate the receiving antenna.
- Increase the separation between the equipment and receiver.
- Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
- Consult the dealer or an experienced radio/TV technician for help.
void the user's authority to operate the equipment.
IMPORTANT REMARKS
Due to the limited space o n the product shell, all FCC certification references are on this technical manual
Changes or modifications not expressly approved by the party responsible for compliance could void the
user’s authority to operate the equipment.
Contents
About StarSign Bio Token 3.1 M .......................................................................................... 1
About the Document ........................................................................................................... 2
1Basics 3
1.1 General Introduction to Biometrics............................................................................. 4
1.2 Biometrics, Smart Cards and Tokens .......................................................................... 5
1.3 LED Status ................................................................................................................. 6
2 Commands 9
2.1 ENROLL FINGERPRINT............................................................................................... 10
2.2 VERIFY FINGERPRINT ................................................................................................ 12
2.3 VERSION INFO.......................................................................................................... 14
Appendix 15
A Overview of Status Bytes.......................................................................................... 16
B Technical Specifications............................................................................................ 18
C Reference Literature................................................................................................. 19
D Glossary................................................................................................................... 20
Contents
Index ............................................................................................................................... 23
Reference Manual StarSign Bio Token 3.1 M/Edition 07.2007
ID No. 30023721
Contents
Reference Manual StarSign Bio Token 3.1 M/Edition 07.2007
ID No. 30023721
About StarSign Bio Token 3.1 M
About StarSign Bio Token 3.1 M
Characteristics
Features
StarSign Bio Token 3.1 M is a USB-PKI token based on the STARCOS 3.0
operating system. The token comprises a fingerprint sensor and on-token fingerprint verification functionality. The biometric data never leaves
the token.
StarSign Bio Token 3.1 M is supported by StarSign middleware and can
therefore be used for all public key applications supporting MS CAPI
(CSP) or PKCS#11.
Fingerprint verification can be used instead of – or in addition to – PIN
verification, granting a higher user convenience and a real tie between
user and token. This is particularly of interest in applications that require
non-repudiation.
StarSign Bio Token 3.1 M also comprises an independent flash drive.
StarSign Bio Token 3.1 M features:
– Based on STARCOS 3.0 operating system
– On-token sensor, image processing and biometric verification (on-
card matching)
– Supported by StarSign middleware; use with all public key applica-
tions supporting MS CAPI (CSP) or PKCS#11
– Security system according to 7816-4; secure writing and messaging
– Cryptographic authentication and key management
– Encryption
– Symmetric encryption: DES, 3DES
– Asymmetric encryption: RSA-CRT with up to 2048 bits
– Support of up to 4 logical channels
– Biometric enrollment and verification functionality
– G&D match-on-card
– LED status indication
– additional flash memory drive
Related Standards
Reference Manual StarSign Bio Token 3.1 M/Edition 07.2007
ID No. 30023721
StarSign Bio Token 3.1 M adheres to the following standards:
– ISO/IEC 7816-3
– ISO/IEC 7816-4
– ISO/IEC 7816-11
– ISO/IEC 19794-2
More information on the relevant standards may be found in the appendix (see ’C Reference Literature’ on page 19).
1 of 23
About the Document
About the Document
Target Group
Required Knowledge
Notation
This manual addresses developers and specialists of smart card applications.
In order to use StarSign Bio Token 3.1 M, you should be familiar with:
– Smart card hardware/software
– Related ISO/IEC standards
– Experience in biometric user authentication and cryptographic serv-
ices
This document assumes that you have a basic understanding of Microsoft Windows terminology and actions. Should you feel that this is not
the case, it is suggested that you refer to your Windows manuals first.
In order to facilitate access to required information and to provide quick
orientation, the following graphical aids and notations have been used:
This convention Indicates
Italic Operating system command or
mode
Notes comprise hints and recommendations useful when working with
StarSign Bio Token 3.1 M.
Please read warnings carefully - they are specified to prevent severe malfunctions and loss of data!
The header page of each chapter features an overview of the topics covered in the chapter. All technical terms and abbreviations used are explained in a glossary at the end of the manual.
2 of 23 Reference Manual StarSign Bio Token 3.1 M/Edition 07.2007
ID No. 30023721
1Basics
This chapter provides you with background information on StarSign Bio
Token 3.1 M.
Basics
Contents
1.1 General Introduction to Biometrics ............................................ 4
1.2 Biometrics, Smart Cards and Tokens.......................................... 5
1.3 LED Status................................................................................. 6
Reference Manual StarSign Bio Token 3.1 M/Edition 07.2007 3 of 23
ID No. 30023721
Basics
General Introduction to Biometrics
1.1 General Introduction to Biometrics
Scope
Biometrics and other
Types of User
Authentication
Enrollment and
Verification
Biometrics is the science of measuring physical or behavioral characteristics unique to an individual such as face, voice or fingerprint to verify a
person's identity. Biometric characteristics can be described as something we are.
Unlike user authentication based on something the user knows, such as
a PIN or password, or something he or she has, e.g. a smart card or other
token, biometric systems work by relying on a biometric characteristic something that is both unique and inseparably tied to the person. While
PINs, passwords and keys can be forgotten, lost, lent or stolen, biometrics cannot. The user himself becomes the means of identification, the biological password.
Biometric user authentication can elevate overall system security and enhance ease of use, as users no longer have to remember PINs and passwords.
Before biometric authentication can be used to verify the identity of a
user, a biometric enrollment has to be performed beforehand. This
means that the characteristic data of the biometric trait has to be captured and saved as a reference in a separate process in advance to verification. During verification, the characteristic data of the biometric trait is
captured again and compared to the previously stored reference data. If
both data sets coincide to a sufficient level, access is granted.
Biometric Error Rates
Fingerprint
Verification
In contrast to a PIN or password comparison, two different photos or
characteristic data sets captured of the same biometric trait will always
differ a bit due to positioning, background lighting, etc. Thus, biometric
comparison returns a figure which represents a level of coincidence, i.e.
the probability that two presented data sets belong to the same person.
Depending on a threshold value, access is granted or denied. As a consequence, a slight possibility remains that an unauthorized user be
granted access to a protected system or that a legitimate user will be denied access. The threshold value responsible for the error rates can be set
by the system administrator. These error rates are characteristic for all biometric systems and are called false acceptance rates (FAR) and false rejection rates (FRR).
Fingerprint verification is not only the most prominent but also one of
the most secure and well-understood biometric measures. Software converts the image of a fingerprint into digital form and extracts a set of
characteristics, i.e. a template, unique to the user's fingerprint. The characteristic information from one fingerprint contains up to 60 key points.
Crucial key points where finger-ridges end or split up are local features
called minutiae. They provide unique, identifiable information.
4 of 23 Reference Manual StarSign Bio Token 3.1 M/Edition 07.2007
ID No. 30023721
Loading...