Winkeo-C FIDO2 + QSCD

Winkeo-C FIDO2 + QSCD is a 100% European-made USB-A token. It enables users to benefit from high-quality logical security solutions as well as an extremely reliable qualified electronic signature solution, while remaining easy to use.

Manufacturing / certification(s)

Entirely designed and manufactured in Europe, the Winkeo-C FIDO2 + QSCD complies with the highest European security standards (eIDAS, QSCD, PSD2, etc.). It is labeled «Cybersecurity Made in Europe», a guarantee of quality and technological sovereignty. This key integrates an eIDAS QSCD certified PKI applet as well as a CC EAL6+ certified JCOP 4 smart card component, to guarantee maximum security for authentications and electronic signatures.

Easy to use

No installation is required on the client side for FIDO use: the solution is 100% Plug & Play.

Supported cards

• Micro SIM: ISO 7816 Java Card™ JCOP4 certified Common Criteria EAL6+
• Credential number limited by available persistent memory (256 to 512 bytes per credential)

Ultra-secure solution

• The Winkeo-C FIDO2 + QSCD's FIDO2 technology is based on asymmetric cryptography, with the generation of a private (confidential) key and a public key. The public key, used for encryption, is stored on the web. The private keyessential for decryption and authentication is stored on the Winkeo-C FIDO2 + QSCD security key and never leaves it, ensuring maximum protection.
• In the event of password theft, there's no risk: authentication requires the private key, which remains protected within the device.
• This solution eliminates vulnerable methods such as SMS, OTP, or TOTP, and offers enhanced resistance against phishing.
• It also preserves the integrity of electronic documents and relies on Common Criteria EAL6+ certified components for very high-level security.

Wide compatibility

• Many FIDO2 compatible services: Windows 10/11 associated with Microsoft Entra ID, Amazon, Gmail, Microsoft, Facebook, GitHub, Dropbox, Paypal, Linkedin... and identity federations such as Evidian, Ilex, Okta, Ping Identity, etc.
• The Winkeo-C FIDO2 + QSCD key also supports the FIDO U2F standard for two-factor authentication. Recommended in the absence of deployment of Passkeys on the site or application that you wish to protect.
• Extended compatibility (Zimbra, Office 365, etc.) through identity federation services (WebSSO)

Supported operating systems and browsers

• Operating Systems :
  - QSCD : Windows, Mac OS, Linux, Android, iOS
  - FIDO: Windows
• Browsers: Chrome, Chromium, Vivaldi, Opera, Mozilla Firefox, Microsoft Edge (via WebAuthn/FIDO2 CTAP)

Associated optional services

• Graphic personalisation: logo, photo, name, unique number, etc.

Made in Europe

This product complies with European digital security regulations and standards.

FIDO2.0 / FIDO2.1 features

• signature-algorithm:
  ECC NIST P-256 / SECG secp256r1 (256 bits)
• Extensions:
  credProtect
  hmac-secret
  credBlob (personalization option)
  largeBlobKey (personalization option)
  minPinLength (personalization option)
• Options:
  rk (resident keys) - Discoverable credentials
  - Maximum number limited by available persistent memory (256 to 512 bytes per credential)
  clientPIN, PIN protocol 1 and PIN protocol 2
  - PIN length between 4 and 63 bytes
  - PIN try limit set to 8
  - No default value
  ep – Enterprise Attestation (personalization option)
  All supported options and extensions (pinUvAuthToken, authnrCfg, largeBlobs…)

QSCD features

• Crypto-algorithms:
  RSA 2K (2048 bits)
  RSA 3K (3072 bits)
  RSA 4K (4096 bits)
  ECC NIST P-256 / SECG secp256r1 (256 bits)
  ECC NIST P-384 / SECG secp384r1 (384 bits)
  ECC NIST P-521 / SECG secp521r1 (521 bits)
• Options:
  PIN
  – PIN length between 5 and 15 bytes
  – PIN try limit set to 3
  PUK
  – PUK length between 5 and 15 bytes
  – PUK try limit set to 3

Size / Weight

Size: Length 39.7 mm / Width 17 mm / Thickness 8.25 mm / Weight 5 g