Abstract
We’ve developed PKI access control systems that are compatible with any mobile device platform and our physical PKI cards. In our solution, the readers operate in a combined mode, where they can sometimes function as card emulators. This addresses situations where vendors are unable to use mobile phones as HCE (Host Card Emulation) devices.
Our main vision was to create a state-of-the-art access control system utilizing PKI (Public Key Infrastructure) for secure access to computers, servers, or even secured rooms or offices.
Several years ago, we developed a Java Applet for smartcards that utilized PKI for digital signing (follow the link Java Applet for Smartcard).
Initially, these cards were mainly used for digital signing, but there was always an idea to broaden the use of this technology in our systems. Also, we developed UniqueID software for generating static Unique ID (UID) which can be used with Digital Logic hardware such as µFR Series readers.
Recently, we’ve taken things to the next level by updating our UniqueID software (follow the link UniqueID App ) with new features.
The latest version now includes two additional virtual secure cards:
SECURE CARD
The virtual card operates utilizing the NFC of mobile devices, a secure element, and PKI.
This virtual ID Card exists through software emulation on mobile devices. It uses PKI infrastructure to generate unique IDs and authenticate cards using ECDSA and Secure Element. We generate the private key which always stays in the mobile secure element, and the public key is used to create a Unique ID.
Based on the generated Unique ID reader used for authentication, it sends a random challenge and requires it to be signed by the Mobile secure element. By signing the challenge identity is proven and the dedicated reader checks the signature with the public key, The derived ID is then checked with the Whitelist and if all checks pass the user is successfully authenticated.
SECURE MAX
Expanding on the Secure Card adds biometric authentication via mobile devices for enhanced security and PKI.
This virtual ID Card implements the next generation of ID card security and also exists through software emulation on mobile devices. It uses PKI infrastructure to generate unique IDs and authenticate cards using ECDSA and Secure Element. We generate the private key which always stays in the mobile ID card, and the public key is used to create a Unique ID. Based on the generated Unique ID reader used for authentication, it sends a random challenge and requires it to be signed by the Mobile ID Card. A prerequisite to signing this challenge is a biometrics check as an additional security level of this virtual ID card.
By signing the challenge identity is proven and the dedicated reader checks the signature with the public key, The derived ID is then checked with the Whitelist and if all checks pass the user is successfully authenticated.
In our offer, we also have actual Secure ID Cards (not virtual) with integrated PKI for users who prefer not to rely on mobile devices for access control and other data-sensitive uses.
SECURE CARD USAGE WITH µFR ZERO READERS:
When using Secure Cards with our µFR Zero readers, the functionality is intuitive:
- For iOS devices, the reader operates as an NFC card emulator, while for Android, it works as an NFC reader.
- In Emulation Mode, the reader sends a random challenge to the mobile device, which signs the challenge using ECDSA (Elliptic Curve Digital Signature Algorithm) through the phone’s secure element.
- The phone then sends both the public key and the signature back to the µFR Zero Reader. The reader verifies the signature and checks the whitelist to grant access if the key is approved.
As simple as that! 😊
