Typographical Conventions
The following kinds of text formatting and icons identify special information in the document:
Warning
Warnings mark situations where loss of data or misconfiguration of the device is possible if the instructions are not obeyed
Note
Notes provide additional information on a topic and emphasize important facts and considerations
Tip
Tips provide best practices and recommendations
Code and or command line examples
Items you must select, such as menu options, command buttons, or items in a list. Example: Go to the System tab.
Parameter and attribute names
About this Guide
This guide provides step-by-step instructions to help customer using the ONEKEY ID on Windows and contains also all the necessary information for application developers needed to use certgate's ONEKEY ID Bluetooth reader with their apps.
The guide is intended for users of the ONEKEY ID on Windows and for app developers who want to integrate ONEKEY ID in their smartcard aware environment or software.
System Overview
Smartcards provide one of the most reliable and secure mechanism for storing digital certificates (identities) on a dedicated hardware modul which is specifically designed with security in mind. ONEKEY ID as a Bluetooth Reader with the inserted ID-000 smartcard and in combination with our software components, provides you with the possibility for your applications to benefit from this great technology.
Hardware
ONEKEY ID
Your ONEKEY ID is a wireless smart card reader, supporting communication via BLE (Bluetooth Low Energy), NFC (Near Field Communication) and USB. It helps you to easily use smart card functionality on nearly all of your devices.
ONEKEY ID is powered by a rechargeable Li-Po battery. The battery is charged by plugging the ONEKEY ID into either a computer or external USB wall adapter using the USB cable provided. When the unit is charging and running normally the charging icon will be displayed in the top right hand corner of the display. The battery charge indicator will also indicate the battery power percentage of your ONEKEY ID.
ONEKEY ID Components Picture
ONEKEY ID has two buttons:
Icon | Button | Function |
---|---|---|
Power ON/ OFF | Used to power the ONEKEY ID on and off | |
OK/ Pairing | Pairing for secure, encrypted Bluetooth LE connection. ("OK" function reserved for future use) |
It supports standard ID-000 smart cards, i.e. JCOP, TCOS, STARCOS and others, as well as micro SD cards for extended storage options.
ID-000 Smartcard
ONEKEY ID is delivered with an inserted smart card.
Java card Operating System | JCOP 2.4.1 R3 Common Criteria EAL4+ certified |
Java Card Version | 2.2.2 |
Global Platform | 2.1.1 |
Smart Card Chip | NXP P5CD081 Common Criteria EAL5+ certified |
Available EEPROM Options kBytes | ca. 80 kByte EEPROM e.g. for applets or certificates storage |
Info
The smart card included in delivery uses an NXP chip (part number J3A081GX4/ T1AG2384) which expose the antenna on Pad4 and Pad8 - so the smart card supporting NFC.
Note
ONEKEY ID can be used with any smart card supporting PowerClass B & C (able to operate at 1.8V) and ISO7816 (T=0 & T=1). Furthermore, if you would like to use NFC, the chip on your smart card needs to expose the antenna connectors on Pad4 & Pad8.
Software
Windows Driver - ONEKEY ID Bluetooth PC/SC Driver
In order to establish a communication with ONEKEY ID on Windows operating system the Bluetooth PC/SC driver is needed.
Color Codes Architecture Diagram
- Full color = Available
- Pale color = In development
- Same color = strong technical dependency (must be used together)
Installation
The desktop software component, Bluetooth PC/SC Driver, is installed using the respective .msi packages. The requirements for installing these modules are specified in the next chapter.
Note
Use this checklist if you are performing an initialization and personalization of the ONEKEY ID on desktop:
Install the corresponding ONEKEY ID Bluetooth PC/SC driver
Use certutil.exe to personalised the smart card
Prerequesits
ONEKEY ID Bluetooth PC/SC Driver
supports the operating systems Windows 10 (32bit and 64bit)
Note
You need admin privileges to install the driver.
Certutil.exe
is a command-line program that is installed as part of Certificate Services. Certutil.exe can be used to dump and display certificates, to import certificates etc.
Driver Installation
The latest driver version of the ONEKEY ID is available on cgLabs - certgate Partner and Developer Lab.
Step 1: Driver Download | |||
---|---|---|---|
Please login or request access at [email protected] | Go to cgLabs → Onekey ID → Drivers & DSKs | Download the latest driver (zipped .msi file) for Windows | |
Step 2: Driver Installation | |||
Unzip and double click on the .msi installer file | Folow the instructions in the installation wizard | Assure that on the last page "start application" checkbox has been marked before closing the setup | |
Step 3: Bluetooth Pairing | |||
Power on cgToken and press "OK" button for pairing mode | Open Windows "Settings→ Devices→ Bluetooth". Your cgToken should be listed with its serial number. Press "Pair" | Enter 6 digit pairing key shown on ONEKEY ID display | |
After succesful pairing "Pairing sucessful" will be displayed on ONEKEY ID | |||
Step 4: Secure Pairing After successful Bluetooth pairing ONEKEY ID will do an additional pairing with an 8 digit code is required. | |||
cgToken displays session key | Wait until a session key input dialog appears on your windows's screen | Enter the code displayed on ONEKEY ID display | |
ONEKEY ID will display a success message. Setup is done |
The installation process creates a shortcut ONEKEY ID Tray (ICON) in the Programs menu under Autostart. The ONEKEY_ID_Tray icon is displayed on the bottom right side of your taskbar and displays the status of the inserted smartcard. The status can be as follows:
- No card inserted ICON
- Card inserted ICON
- Card in use ICON
General information (e.g. Version) about the ONEKEY_ID_tray can be displayed via Info. The Exit button closes the ONEKEY_ID_Tray.
Smartcard Personalization
ONEKEY ID is delivered with an inserted ID-000 smartcard (see specification above). The smartcard contains GIDS applet and is initialized with PIN 1234 and default Admin Key 000...000 ( hex 48 characters). The GIDS applet is a free of charge javacard applet. The driver for the GIDS smartcard is integrated on each Windows since Windows 7 SP1. The card can be use used instantly, no Windows driver installation is needed For more information about GIDS applet
To change the default PINs and import or create