Badgeo FIDO2 + QSCD

The Badgeo FIDO2 + QSCD card offers professionals high-performance security solutions that are easy to deploy. It is perfectly suited to digital trust players (electronic signature, registered letter, online consent, financial services, ZTNA, insurance, healthcare, etc.).

Manufacturing / certification(s)

Badgeo FIDO2 + QSCD is designed and manufactured entirely in Europe.This solution fully meets European security requirements (eIDAS, QSCD, PSD2, etc.). In addition, it was awarded the Label “Cybersecurity Made in Europe” label . It also integrates an eIDAS QSCD certified PKI applet as well as a CC EAL6+ certified JCOP 4 smart card component.

Easy to use

“Plug & Play” solution: no software or drivers to install on your computer, tablet or smartphone

Supported cards

• Contact ISO/IEC 7816
• Contactless ISO 15693 & DESFire EV3 (option)
  Credential number limited by available persistent memory (256 to 512 bytes per credential)

Ultra-secure solution

• Based on the principle of asymmetric cryptography, with the creation of a private key and a public key. The public key is stored on the website and is used to encrypt files. Only the private (secret) key can decrypt these files. The private key is stored on the Badgeo FIDO2 + QSCD card and never leaves it, thus guaranteeing optimal security.
• If your password or public key is stolen, there is no risk, because you need the private key to authenticate yourself.
• Replaces vulnerable solutions based on SMS, OTP (One Time Password) or TOTP (Time Based One Password), which ensures effective protection against phishing attacks.
• Preserving the integrity of electronic documents
• EAL6+ common criteria certification

Wide compatibility

• Many FIDO2 compatible services: Windows 10/11 associated with Microsoft Entra ID, Amazon, Gmail, Microsoft, Facebook, GitHub, Dropbox, Paypal, Linkedin... and identity federations such as Evidian, Ilex, Okta, Ping Identity, etc.
• The Badgeo FIDO2 + QSCD card also supports the FIDO U2F standard for two-factor authentication. Recommended in the absence of deployment of Passkeys on the site or application that you wish to protect.
• Extended compatibility (Zimbra, Office 365, etc.) through identity federation services (WebSSO)

Supported operating systems and browsers

• Operating Systems :
  - QSCD: Windows, Mac OS and Linux
  - FIDO: Windows
• Browsers: Chrome, Chromium, Vivaldi, Opera, Mozilla Firefox, Microsoft Edge (via WebAuthn/FIDO2 CTAP)

Associated optional services

• You can have your company logo marked on the Badgeo FIDO2 + QSCD card (logo, photo, name, unique number, etc.)
• Physical access with DESFire EV3 (ISO 15693)

Made in Europe

This product complies with European digital security regulations and standards.

FIDO2.0 / FIDO2.1 features

• signature-algorithm:
  ECC NIST P-256 / SECG secp256r1 (256 bits)
• Options:
  rk (resident keys) - Discoverable credentials
  - Maximum number limited by available persistent memory (256 to 512 bytes per credential)
  clientPIN, PIN protocol 1 and PIN protocol 2
  - PIN length between 4 and 63 bytes
  - PIN try limit set to 8
  - No default value
  ep – Enterprise Attestation (personalization option)
  All supported options and extensions (pinUvAuthToken, authnrCfg, largeBlobs…)
• Extensions:
  credProtect
  hmac-secret
  credBlob (personalization option)
  largeBlobKey (personalization option)
  minPinLength (personalization option)

QSCD features

• Crypto-algorithms:
  RSA 2K (2048 bits)
  RSA 3K (3072 bits)
  RSA 4K (4096 bits)
  ECC NIST P-256 / SECG secp256r1 (256 bits)
  ECC NIST P-384 / SECG secp384r1 (384 bits)
  ECC NIST P-521 / SECG secp521r1 (521 bits)
• Options:
  PIN
  – PIN length between 5 and 15 bytes
  – PIN try limit set to 3
  PUK
  – PUK length between 5 and 15 bytes
  – PUK try limit set to 3

Size / Weight

Format ID-1: Length 85.60 mm / Width 53.98 mm / Thickness 0.76 mm / Weight 5g