Feitian epass2003 USB Token for Digital Signature
ePass PKI USB Token is the world’s foremost cryptographic identity verification module.
ePass by FEITIAN provides a host of indispensable protective measures for digital communication and transaction through Public Key Infrastructure
(PKI) data encryption technology.
The token’s unique private key functions as an individual’s online ID card and brings a new level of accountability and nonrepudiation to the internet.
ePass is a smart-card chip based token with a
convenient USB insert rendering the device operable with almost all computers without the need for a reader.
As a two factor authentication solution ePass can secure local and remote desktop and network log-on.
Key cryptography and the digital signing of emails, documents, and transactions are performed onboard in the secure token framework which is impervious to after-market modification and manipulation.
Share this post
Benfeits of epass2003 USB Token
- Trusted two-factor authentication on ePass safeguards powerful onboard features.
- Digital signature affixes a virtual watermark to online communications and transactions.
- Self-contained cryptographic processing provides the stable execution of functions impervious to outside manipulation.
- Integrate and deploy advanced smart card chip based technology in a user friendly format.
- Personalize your security solution with unique customization: your security/your way.
Features of epass2003 USB Token
- Built-in high-performance secure smart card chip.
- Smart card chip certified by Common Criteria EAL 5+
- On board RSA, AES, DES/3DES, SHA-1, SHA-256 algorithms approved by NIST FIPS CAVP .Hardware random number generator.
- 64KB EEPROM memory to store private keys, multiple certificates and sensitive data.
- FEITIAN Card Operating System with proprietary IP.
- Design according to FIPS 140-2 level 3 standard, FIPS 140-2 level 2 certified.
- Secure messaging ensures confidentiality between the device and the application.
- Support X.509 v3 standard certificate. Support storing multiple certificate on one device.
- Onboard RSA2048 key pair generation, signature and encryption.
- 64 bit universal unique hardware serial number.
- Temper evident hardware USB Token.
- USB full speed device.
- Compliant with ISO 7816 1-4 8 9 12, PC/SC and CCID device.
- Water resistant with glue injection (under evaluation).
- Flexible hardware customization options such as logo, colour and casing.
- Reliable middleware supports multiple operating systems.
- Supports Windows, Linux and Mac OS.
- Compliant with Windows mini driver standard, work with Microsoft Base Smart Card CSP, supports Microsoft smart card enrollment for windows smart card user and smart card logon.
- Support PKCS #11 standard API, Microsoft CryptoAPI and Microsoft CryptoAPI : Next Generation (CNG).
- Work with PKCS#11 & CSP compliant software like Netscape, Mozilla, Internet Explorer and Outlook.
- Easy integration with various PKI applications.
- Ideal device to carry digital certificates and works with all certificate related applications.
- Highly security ensured device for computer and network sign-on.
- Easy-to-use web authentication, Plug & Play under Windows systems.
- Support document, email and transaction signature and encryption.
Certification and Compliance
- FIPS 140-2 Level 2 Certified.
- Common Criteria EAL 5+ (chip level).
- Microsoft WHQL.
- Linux PCSC-Lite/LibCCID.
- Check Point
- Entrust Ready
Preparing for installing epass2003
Before installing ePass2003 Runtime, make sure the following requirements are satisfied:-
- Your operating system is one in the above list
- Your computer has at least one USB port available
- Your BIOS supports the USB device, and USB support has been enabled in CMOS settings
- USB extension or hub available (optional)
- ePass2003 Token available
Installing epass2003 Runtime
- Before you can use the ePass2003, you must install the Runtime library. Execute ePass2003-Setup.exe. The following select language interface appears.
- After select language, click “OK”, the following welcome interface appears:.
- Click “Next”, the following select install path interface appears.
- Click “Next”, the following choose CSP interface appears.
- Private CSP is provided by FEITIAN, the CSP name is “EnterSafe ePass2003 CSP v1.0.
- Microsoft CSP means Microsoft Base CSP (Microsoft Base Smart Card Crypto Provider), it supports Minidriver, and user can install the middleware through system update, no redundant installation package, no complicated installation process.
- After select CSP, click “Install” to continue, the following interface appears.
- After install process finish, the following interface appears.
- Click “Finish” to finish the installation.
Uninstalling epass2003 Runtime
After install the ePass2003 runtime, you can uninstall it through following methods:
- Open “start” menu
- select “Control Panel
- double click “Add or Remove Programs.
- choose “ePass2003
- in the “Currently installed programs.
- then click “Change/Remove.
- Uninstall it from start menu.
- Click “Uninstall”, the following uninstall process interface appears.
- After uninstall process finish, the following interface appears.
- Click “Finish” to close uninstall wizard, now ePass2003 has been already uninstalled from your computer.
epass2003 Token Manager
Because the Manager is based on the middleware of ePass2003 and it needs to access the token, you must have installed ePass2003 product on your computer before using the Manager.
The token must be PKI initialized before use
Interface without USB Key Insertion
You can find the shortcut for the Manager by clicking Start -> All Programs -> Feitian -> ePass2003. Click the shortcut to start the Manager. The following interface appears.
Interface with USB Key Insertion
Connect ePass2003 to a USB port on your computer. The Manager will recognize it immediately as follows.
Note: The total private memory space and the free private memory space refer to the PIN protected spaces. Since
the private key is extremely sensitive and it is managed by the COS, it doesn’t show the total private memory
space and the free private memory space.
The buttons on the interface are: Login, Import, Export, Delete, Change User PIN, Change USB Key Name, View
Certificate Information and Exit.
Select a USB key from the list on the right to which you want to log in and click Login. The following interface
Note: When the PIN input dialog is displayed, the Manager will start the safe desktop. In this status, only the box is highlighted. Except input in the box, most of other operations are disabled. Default password is 12345678
Optionally, you can use a soft keyboard by checking Soft keyboard option here to avoid monitoring of a potential Trojan program.
After you enter a proper PIN and click OK, the interface as shown in Figure 5 appears. A token list is displayed on the top.
Below are the properties and their values. By clicking Hide Details or More Details button, you can hide the details or show them. After you have logged in, you can view not only the public data but the private data.
In addition, the Login button changes to Log out button. To securely log out, click this button
Viewing Certificate Information
- Click the “+” on the left side of a container (folder icon).
- double-click the icon to
display its content.
- Click the “+” on the left side.
- certificate icon to display the key-pair.
- When a certificate is selected, the Certificate View button is enabled.
- By clicking Certificate View button or double-clicking a certificate icon, the following dialog box appears.
- You can view the information of your interest.
Currently, ePass2003 supports to import the certificate from file or from Certificate Store. The following certificate types: P12, PFX and CER. The P12 and PFX types contain a key-pair (a public key and a private key), while the CER type does not. The PFX and CER types are used as examples below
Importing the certificate from file
Click Import button in the main interface of the Manager. The following interface appears. Click Browse button to choose a certificate file to be imported. If necessary, enter a password below. Click OK.
Importing the certificate from Certificate Store
Click Import button in the main interface of the Manager. The following interface appears. Click “From Store” option to import a certificate from Certificate Store. It will list the certificates, and then you could choose one to import the certificate to the ePass2003 token. Click OK
You can export a certificate from ePass2003 token to a file.
From the tree view in the main interface of the Manager, choose the certificate to be exported and click Export button. A dialog box appears. Specify a path to the certificate file and its name.
Click Save. If the operation has succeeded, the following message will appear
From the tree view of the main interface of the Manager, choose the certificate you want to delete and click
Delete. The following interface appears:
Click Yes to delete the selected certificate if you do want.
Changing Token Name
Generally, the token is distinguished by serial number. For intuitive purpose, the token can be given a common name.
- Click Change Token Name button. The following interface appears.
- Enter a name for the token and click OK.
Changing User PIN
You can change the PIN of your token. In the main interface of the Manager, click Change User PIN button. The following interface appears. Enter the old and new PINs and confirm the new PIN. Click OK.
You can also enter the PINs by a soft keyboard. To do so, check Soft keyboard.
You can check Check intensity option to get aware of the security strength of the PIN you have set. “L” surrounded
by red means “Low”.
If the strength is higher, the following interface appears:We recommend long PINs made up of lower and upper-case letters, numbers and special characters.
By clicking OK, the following interface may appear:
Follow these steps to initializing epass2003 token:-
- Click Initialize button in the main interface. The following interface appears.
- Click Yes to start initializing operation.
- If the operation is performed successfully, the following interface appears.
- After finishing initializing, all the data (include Certificates) will be deleted.
- The PIN of token will be reset to be “12345678”.
EnterSafe Minidriver is a new smart card minidriver developed by EnterSafe according to Microsoft Windows Smart Card Framework.
The new Windows smart card architecture leverages the fact that the cryptography required in common at the top is separate from the unique smart card hardware interfaces at the bottom. Windows now has a simple smart card interface layer, called smart card minidriver, which leverages common cryptographic components now included in the Windows platform.