TaxPro - FEITIAN Products

e-Pass - PKI Token

ePass2003/Auto

Overview
Specifications
Features
Certification
Datasheet/Flyer

ePass2003/Auto is the world's foremost cryptographic identity verification module. ePass by FEITIAN provides a host of indispensable protective measures for digital communication and transaction. As a two factor authentication solution ePass2003/Auto can secure local and remote desktop and network log-on. Key cryptography and the digital signing of emails, documents, and transactions are performed onboard in the secure token framework which is impervious to after-market modification and manipulation.

Supported Operating System	32bit and 64bit Windows XP SP3, Server2003 , Vista, Server2008, 7 32bit and 64bit Linux MAC OS X
Middleware	Microsoft Windows MiniDriver Windows middleware for Windows CSP Direct-called library for PKCS#11 under Windows, Linux and MAC
Standards	X.509 v3 Certificate Storage, SSL v3, IPSec, ISO 7816 1-4 8 9 12, CCID
Cryptographic Algorithms	RSA 512/1024/RSA 2048 bit ECDSA 192/256 bit (optional) DES/3DES AES 128/192/256 bit SHA-1 / SHA-256
Cryptographic Functions	Onboard key pair generation Onboard digital signature and verification Onboard data encryption and decryption
Cryptographic APIs	Microsoft Crypto API (CAPI), Cryptography API: Next Generation (CNG) Microsoft Smart Card MiniDriver PKCS#11 PC/SC
Processor	16 bit smart card chip (Common Criteria EAL 5+ certified)
Memory Space	64KB (EEPROM)
Endurance	At least 500,000 write/erase cycles
Data Retention	More than 10 years
Connectivity	USB 2.0 full speed, Connector type A
Interface	ISO 7816 CCID
Power Consumption	Less than 250mW
Operating Temperature	0°C ~ 70°C (32°F ~ 158°F)
Storage Temperature	-20°C ~ 85°C (-4°F ~ 185°F)
Humidity	0% ~ 100% without condensation
Water Resistance	IPX8 with glue injection (under evaluation)
Feature varies according to product model

Feature varies according to product model
Built-in high-performance secure smart card chip
Smart card chip certified by Common Criteria EAL 5+
On board RSA, AES, DES/3DES, SHA-1, SHA-256 algorithms approved by NIST FIPS CAVP Hardware random number generator
64KB EEPROM memory to store private keys, multiple certificates and sensitive data

FEITIAN Card Operating System with proprietary IP
Design according to FIPS 140-2 level 3 standard, FIPS 140-2 level 2 certified
Secure messaging ensures confidentiality between the device and the application
Support X.509 v3 standard certificate. Support storing multiple certificate on one device
Onboard RSA2048 key pair generation, signature and encryption
64 bit universal unique hardware serial number

Tamper evident hardware USB Token
USB full speed device
Compliant with ISO 7816 1-4 8 9 12, PC/SC and CCID device
Water resistant with glue injection (under evaluation)
Flexible hardware customization options such as logo, colour and casing

Reliable middleware supports multiple operating systems
Supports Windows, Linux and Mac OS
Compliant with Windows mini driver standard, work with Microsoft Base Smart Card CSP, supports Microsoft smart card enrollment for windows smart card user and smart card logon
Support PKCS #11 standard API, Microsoft CryptoAPI and Microsoft CryptoAPI : Next Generation (CNG)
Work with PKCS#11 & CSP compliant software like Netscape, Mozilla, Internet Explorer and Outlook

Easy integration with various PKI applications
Ideal device to carry digital certificates and works with all certificate related applications
Highly security ensured device for computer and network sign-on
Easy-to-use web authentication, Plug & Play under Windows systems
Support document, email and transaction signature and encryption

FIPS 140-2 Level 2 ★

Common Criteria EAL 5+ (chip level)

Microsoft WHQL

Linux PCSC-Lite/LibCCID

RoHS

Check Point

Entrust Ready

USB

CE FCC

ePass2003/Auto
ePass2003 Datasheet	Download Link
ePass2003 Flyer	Download Link

e-Pass - PKI Token

StorePass2003 PKI USB Token

Overview
Specifications
Features
Certification
Datasheet/Flyer

StorePass by FEITIAN is a hybrid device which combines Flash memory with Public Token Infrastructure technology. The onboard smart card provides strong protection to user credentials as well as a flash drive to carry regular programs and files. It is centered on high security, usability and convenience, making it a smart choice for industrious enterprises or financial institutions.

Supported Operating System	32 bit and 64 bit Windows XP SP3, Server2003 , Vista, Server2008, 7 32 bit and 64 bit Linux MAC OS X
Middleware	Microsoft Windows MiniDriver Windows middleware for Windows CSP Direct-called library for PKCS#11 under Windows, Linux and MAC
Standards	X.509 v3 Certificate Storage, SSL v3, IPSec, ISO 7816 1-4 8 9 12, CCID
Cryptographic Algorithms	RSA 512/1024/RSA 2048 bit ECDSA 192/256 bit (optional) DES/3DES AES 128/192/256 bit SHA-1 / SHA-256
Cryptographic Functions	Onboard key pair generation Onboard digital signature and verification Onboard data encryption and decryption
Cryptographic APIs	Microsoft Crypto API (CAPI), Cryptography API: Next Generation (CNG) Microsoft Smart Card MiniDriver PKCS#11 PC/SC
Flash Memory	1GB, 2GB up to 8GB
Flash Endurance	At least 20,000 write/erase cycles
Processor	16 bit smart card chip (Common Criteria EAL 5+ certified)
Memory Space	64KB (EEPROM)
Endurance	At least 500,000 write/erase cycles
Data Retention	More than 10 years
Connectivity	USB 2.0 full speed, Connector type A
Interface	ISO 7816 CCID
Power Consumption	Less than 250mW
Operating Temperature	0°C ~ 70°C (32°F ~ 158°F)
Storage Temperature	-20°C ~ 85°C (-4°F ~ 185°F)
Humidity	0% ~ 100% without condensation
Feature varies according to product model

Onboard mass Flash memory supports auto-run and system boot-up
Onboard 1GB, 2GB up to 8GB flash memory to store middleware
Device registers a virtual CD-ROM to host computer, supporting Auto-run and auto-installation
Device supports computer system boot-up with built-in CD-ROM
Plug & Play and non-driver device under Windows, Linux and MAC

Built-in high-performance secure smart card chip
Smart card chip certified by Common Criteria EAL 5+
On board RSA, AES, DES/3DES, SHA-1, SHA-256 algorithms approved by NIST FIPS CAVP
Hardware random number generator
64KB EEPROM memory to store private keys, multiple certificates and sensitive data

FEITIAN Card Operating System with proprietary IP
Design according to FIPS 140-2 level 3 standard, FIPS 140-2 level 2 certified (Under evaluation)
Secure messaging ensures confidentiality between the key and the application
Support X.509 v3 standard certificate. Support storing multiple certificate on one device
Onboard RSA2048 key pair generation, signature and encryption
64 bit universal unique hardware serial number

Reliable middleware supports multiple operating systems
Supports Windows, Linux and Mac OS
Compliant with Windows mini driver standard, work with Microsoft Base Smart Card CSP, supports Microsoft smart card enrollment for windows smart card user and smart card logon
Support PKCS #11 standard API, Microsoft CryptoAPI and Microsoft CryptoAPI : Next Generation (CNG)
Work with PKCS#11 & CSP compliant software like Netscape, Mozilla, Internet Explorer and Outlook

Easy integration with various PKI application
Ideal device to carry digital certificate and work with all certificate related applications
Highly security ensured device for computer and network sign-on
Easy-to-use web authentication, Plug & Play under Windows systems
Support document, email and transaction signature and encryption

FIPS 140-2 Level 2 (Under Evaluation)

Common Criteria EAL 5+ (chip level)

Microsoft WHQL

Linux PCSC-Lite/LibCCID

RoHS

Check Point

Entrust Ready

USB

CE FCC

StorePass2003 PKI USB Token
StorePass2003 Datasheet	Download Link

e-Pass - PKI Token

AudioPass2003

Overview
Specifications
Certification
Datasheet/Flyer

With the prevalence of smart phones mobile banking and payment is becoming increasingly popular. A user friendly interface, a convenient self-service banking platform, access anytime and anywhere, there are the factors that distinguish FEITIAN AudioPass and position it a cut above the rest of this competitive application market.

AudioPass is a highly usable and secure transaction signing device developed for smartphones. It works with the mobile banking applications through the standard 3.5mm headphone jack to provide digital signature to secure transactions and protect customer accounts.

FEITIAN’s flexible banking token option offers complete solutions for all user types at all levels, which encourages user acceptance and considerably reduces IT costs and fixed costs associated with token hardware.

Operating Voltage	5V
Operating Current	< 60mA
Operating Temperature	0C to 50C
Storage Temperature	-20C to 70C
Operating Humidity	40-90% non-condensing
Storage Humidity	60-90%RH
Processor	Smart Card Chip
Port	3.5mm Standard Jack & MicroUSB
Dimensions (LXHXW)	52 X 37.2 X 7.1 mm
Casing Material	Kirksite & Acrylic
Storage Space	10KB
Data Rewrite	EEPROM: 100000
Chip Security Level	Security Encrypted data storage
Data Retention	At least 100 Years
Supported OS	iOS3.2+ Android2.1+ Windows Phone Mac OS X 10.5+ Windows 2000/2003/Vista/2008/7/8/8.1
Supported Standard	CSP/PKCS#11 MS CAPI X.509v3 SSL v3 IPSec Compatible with ISO7816
Built in Algorithm	RSA DES / 3DES MD5 SHA-1/SHA-2
Feature varies according to product model

AudioPass2003
AudioPass2003 Flyer	Download Link

CE FCC

RoHS

e-Pass - PKI Token

InterPass3000 PKI Token

Overview
Specifications
Features
Certification
Datasheet/Flyer

InterPass by FEITIAN allows the user to audit and control the entire cryptographic process. InterPass PKI Token is a user interactive PKI device for online banking; offering the most comprehensive standards of transaction verification. InterPass PKI Token is equipped with a large LCD screen which displays details of the secure operations being performed in real time, such as the transfer amount of funds and the transacting bank account numbers. The user retains complete control of the entire process through use of the interactive buttons.

Supported Operating System	32bit and 64bit Windows XP SP3, Server2003 , Vista, Server2008, 7
Middleware	Windows middleware for Windows CSP PKCS#11 library for Windows
Standards	X.509 v3 Certificate Storage, SSL v3, IPSec, ISO 7816 Compliant
Cryptographic Algorithms	RSA 512/1024/RSA 2048 bit DES/3DES MD5 SHA-1 / SHA-256
Cryptographic Functions	Onboard key pair generation Onboard digital signature and verification Onboard data encryption and decryption
Cryptographic APIs	Microsoft Crypto API (CAPI) PKCS#11
LCD Screen	LCD Type: FSTN Size: bigger than 1 inch Display in 4 lines Lifetime: more than 10,000 hours
Button	Number of button: 4 (confirm/cancel/scroll up/scroll down) Material: Acrylic (PMMA) Endurance: more than 300,000 times
Flash Memory	1MB up to 8MB
Flash Endurance	At least 20,000 write/erase cycles
Processor	32 bit smart card chip
Memory Space	32KB User Memory
Endurance	At least 500,000 write/erase cycles (EEPROM)
Data Retention	More than 10 years
Connectivity	USB 1.1, USB2.0 compliant, Connector type A (through USB cable)
Interface	ISO 7816
Power Consumption	Less than 500mW
Operating Temperature	0°C ~ 50°C (32°F ~ 122°F)
Storage Temperature	-20°C ~ 70°C (-4°F ~ 158°F)
Humidity	40% ~ 90% without condensation
Feature varies according to product model

Built-in LCD screen to display transaction information
128 x 64 four lines LCD screen
Support GB18030 character set
Customizable welcome screen

Built-in user interactive buttons to control onboard cryptographic operation
Four buttons: two buttons to confirm and cancel the operation, two buttons to scroll up and down the screen
Blue LED keyboard light
Automatically cancel the operation after timeout

Built-in high-performance 32 bit secure smart card chip
Onboard RSA, DES/3DES, MD5, SHA-1, SHA-256
Hardware random number generator
32KB user memory to store private keys, multiple certificates and sensitive data

FEITIAN Card Operating System with proprietary IP
Hardware render the transition details and control user interaction
Secure messaging ensures confidentiality between the token and the application
Support X.509 v3 standard certificate. Support storing multiple certificate on one device
Onboard RSA2048 key pair generation, signature and encryption
64 bit universal unique hardware serial number

Reliable middleware supports multiple operating systems
Supports Windows OS
Support PKCS #11 standard API and Microsoft CryptoAPI
Work with PKCS#11 & CSP compliant software like Netscape, Mozilla, Internet Explorer and Outlook

Easy integration with various PKI application
Ideal device to carry digital certificates and works with all certificate related applications
Highly security ensured device for computer and network sign-on
Easy-to-use web authentication, Plug & Play under Windows
Support document, email and transaction signature and encryption

RoHS

USB

CE FCC

InterPass3000 PKI Token
InterPass3000 PKI Token Datasheet	Download Link

e-Pass - PKI Token

iInterPass

Overview
Specifications

In addition to the microUSB port support, FEITIAN iINterPass mobile banking token has a built-in 30-pin connectors, which makes it certified by the MFi program and specially designed for the Apple iOS platform (iPhone/iPad/iPod Touch). iInterPass mobile banking token provides digital signature to secure transactions and protect customer's accounts. The built-in OLED screen and button enable the customer to check and confirm the signed transaction details effectively eliminating real time third party manipulation.

The built-in high performance smart card chipset and OLED screen on iInterPass provide an equivalent level of security to FEITIAN’s ePass PC series USB token. With iInterPass customers can protect their transaction anytime and anywhere the mobile banking application takes them.

FEITINA’s flexible banking token options offer complete solution for all user types at all level, which encourages user acceptance and considerable reduces IT costs and the fixed costs associated with token hardware.

Operating Voltage	– 5V
Operating Current	< 60mA
Operating Temperature	0°C to 50°C
Storage Temperature	-20°C to 70°C
Operating Humidity	40-90% non-condensing
Storage Humidity	60-90%RH
Processor	Smart Card Chip
Port	Dock/Lightning & MicroUSB
Dimensions (LXHXW)	58 X 42X 8 mm
Casing Material	Kirksite & Acrylic
Storage Space	64KB
Data Rewrite	EEPROM: 300000
Flash	100000
Chip Security Level	Security Encrypted data storage
Data Retention	At least 100 Years
Supported OS	iOS3.2+ Mac OS X 10.5+ Windows 2000+
Supported Standard	CSP/PKCS#11 MS CAPI X.509v3 SSL v3 IPSec Compatible with ISO7816
Certification	CE / FCC / RoHS
Built in Algorithm	RSA DES / 3DES MD5 SHA-1/SHA-2
Screen	Type – OLED Size – 1.3 Inch Number of Character Displayed – 4 Lines X 16 characters Lifetime - >10000 hours
Button	Button Number – 4 (Up/Down/Confirm/Cancel) Operating Method - Touch
Feature varies according to product model

e-Pass - PKI Token

Smart SD Card

Overview
Specifications
Datasheet/Flyer

FEITIAN Smart SD is a security authentication device. Featuring an on-board high performance smart card chip, Smart SD support RSA, DES, 3DES, SHA1, HMAC-MD5 algorithms which provide high security data encryption and authentication used widely on the PKI infrastructure. Smart SD is ideally suited to online and mobile banking.

Smart SD supports all major windows desktop operating systems (Windows 2000 above) and almost all popular smartphone system including Android, Windows Mobile, and Symbian establishing its broad adoption base.

Added benefits includes 2G to 8G of storage space providing smart SD the capacity of function as a USB Disk.

Key Features:

Easy to Adopt
Supports MicroSD connector.
High Performance Hardware with built in Smartcard Chip, supports 512 & 1024 bit RSA, built in secure file system, chip security storage space is 64K
Open Interface – Full support PKI application, provide CSP and PKCS#11 interface for 3rd party integration.

Operating Voltage	– 5V
Operating Current	80 ~ 150mA
Operating Temperature	0°C to 70°C
Storage Temperature	-20°C to 85°C
Humidity	0-100% non-condensing
Processor	Smart Card Chip
Supported Port	USB 1.1, combatable with 2.0
Casing Material	ABS
Storage Space	64KB
Data Rewrite	100000 (in normal temperature)
Chip Security Level	Security Encrypted data storage
Data Retention	10 Years in normal temperature
Supported OS	Mac OS Android Windows Phone Symbian Windows 2000/2003/Vista/2008/7/8 Linux (Customizable)
Certification & Standard	PKCS#11 v2.11 MS CAPI X.509v3 SSL v3 IPSec Compatible with ISO7816
Supported Algorithm	RSA DES / 3DES SHA-1 FEITIAN Private Algorithm (Optional)
Feature varies according to product model

Smart SD Card
Smart SD Card Datasheet	Download Link

OTP Devices

OTP c100

Overview
Specifications
Features
Datasheet/Flyer

Front, Back, and Side to Side
FEITIAN OTP c100 is typically supported by the FEITIAN OTP Authentication System (FOAS) back end server. FOAS delivers a complete solution to organizations of all sizes and orientations by streamlining all authentication operations, such as deployment, provisioning and maintenance significantly reducing IT overhead. Centralized integration and management take place on the server side; this ensures that the user experience is simple and easily to understand while at the same time administration is reliable and secure. With the advanced security measures provided by FEITIAN OTP c100 and FOAS organizations take an important step toward the development of user confidence in their brand.

Adaptable Solution for a Secure Fit
Specifically engineered in accord with the standards of the Open Authentication (OATH) consortium FEITIAN HOTP Tokens can serve as a seamless hardware solution for any organization which maintains and operates an OATH compliant back end authentication server. Additionally Feitian offers a host of options, tailoring the token deployment to satisfy the particular requirements of any job. Unique faceplate and colour customizations are available for OEM. For large scale projects the seed code can be generated and inserted into the token locally at the user's site. Password number sequences are available in sets of six or eight digits.

User Interface	8-character high contrast LCD display Built-in button
Security Algorithms	OATH compliant event-based HOTP
Memory Type	Random Access Memory (RAM)
Endurance	More than 14,000 clicks
Battery Lifecycle	5 years
Power Consumption	Less than 0.005mW
Operating Temperature	-10°C ~ 50°C (14°F ~ 122°F)
Storage Temperature	-20°C ~ 70°C (-4°F ~ 158°F)
Humidity	0% ~ 100% without condensation
Physical Resistance	Tamper evident IP54 ingress protection (under evaluation)
Feature varies according to product model

Strong two-factor authenticator through dynamic password technology
Unique password generated each time, password cannot be reused
Zero software install at client side
Zero footprint authentication
Minimum change to existed static password authentication system

OATH compliant event-based HOTP device
Compliant with OATH open algorithm
Easy to be integrated with 3rd party OATH authentication system
PSKC format seed code available

Easy to use and portable
Simple one-click to generate the one-time-password
No PIN needed
Independent to end-user environment. No external connection is needed
Easy to carry on a key ring

Single-button OTP hardware token
8-character high contrast LCD display with a count-down timing bar
One built-in button
Onboard event counter
Non-replaceable built-in battery
Secure Random Access Memory (RAM)
Unique token serial number

Secure, robust and long life hardware design
Battery lifetime expectancy 5 to 7 years
Seed code stored with encryption and protection
Tamper evidence

Flexible customization options
Customizable 6 or 8 digits pass code
Faceplate, casing color and serial number customizable
Customizable industrial and end-user packaging

Support FOAS server
Standard Radius authentication service
Easy to integrate with a wide range of authentication and access gateway solutions
Centralized authentication and graphical management system
Stable performance under heavy duty environment

OTP c100
OTP c100 Flyer	Download Link

OTP Devices

OTP c100

Overview
Specifications
Features

More Than Meets the Eye
The addition of a large display LCD screen delivers a crisp and clear image of the number sequence, providing easily readable data output. This is a convenient feature for the elderly or those who might struggle to read a less presentable user interface. Compact and tamper resistant hardware casing, reinforced by glue injection, eliminates the possibility of damage from water and further protects the onboard clock against harsh temperature conditions to enable easy user storage and management of the module. Enhanced battery life makes FEITIAN TOTP Tokens a solid investment for years to come.

Front, Back, and Side to Side
FEITIAN TOTP Tokens are typically supported by the FEITIAN OTP Authentication System (FOAS) back end authentication server. FOAS delivers a complete solution to organizations of all sizes and orientations by streamlining all authentication operations, such as deployment, provisioning and maintenance, significantly reducing IT overhead. With the advanced security measures provided by the FEITIAN TOTP Token / Feitian FOAS platform organizations take an important step toward the development of user confidence in their brand. Administrators maintain full oversight of the integration of token based user activity with the management interface.

Adaptable Solution for a Secure Fit
Specifically engineered in accord with the standards of the Open Authentication (OATH) consortium Feitian TOTP Tokens can serve as a seamless hardware solution for any organization which maintains and operates a private OATH compliant back end authentication server. Additionally Feitian offers a host of hardware OEM services, tailoring the token deployment to satisfy the particular requirements of any job. Unique faceplate, logo, and colour customizations are also available. For large scale projects the seed code can be generated and inserted into the token on site at the user's location.

User Interface	8-character high contrast LCD display Built-in button
Security Algorithms	OATH compliant event-based TOTP
Memory Type	Random Access Memory (RAM)
Endurance	More than 14,000 clicks
Battery Lifecycle	5 years
Power Consumption	Less than 0.01mW
Operating Temperature	-10°C ~ 50°C (14°F ~ 122°F)
Storage Temperature	-20°C ~ 70°C (-4°F ~ 158°F)
Humidity	5% ~ 90% without condensation
Physical Resistance	Tamper evident IP68 with glue injection (under evaluation)
Feature varies according to product model

Strong two-factor authenticator through dynamic password technology
Unique password generated each time, password cannot be reused
Zero software install at client side
Zero footprint authentication
Minimum change to existed static password authentication system

OATH compliant time-based TOTP device
Compliant with OATH open algorithm
Easy to be integrated with 3rd party OATH authentication system
PSKC format seed code available

Easy to use and portable
Simple one-click to generate the one-time-password
No PIN needed
Independent to end-user environment. No external connection is needed
Easy to carry on a key ring

Single-button OTP hardware token
8-character high contrast LCD display with a count-down timing bar
One built-in button
Onboard accurate Real Time Clock (RTC)
Non-replaceable built-in battery
Secure Random Access Memory (RAM)
Unique token serial number

Secure, robust and long life hardware design
Battery lifetime expectancy 5 to 7 years
Seed code stored with encryption and protection
Tamper evidence

Flexible customization options
Customizable 6 or 8 digits pass code
Customizable OTP refresh frequency (for time based algorithms)
Faceplate, casing color and serial number customizable
Customizable industrial and end-user packaging

Support FOAS server
Standard Radius authentication service
Easy to integrate with a wide range of authentication and access gateway solutions
Centralized authentication and graphical management system
Stable performance under heavy duty environment

OTP Devices

OTP c300

Overview
Specifications
Benefits
Features
Datasheet/Flyer

Secure Digital Signing
FEITIAN OCRA Token serves an important function as a PIN protected offline time or event based authentication token but it can also be utilized as a tool for digital signing of online transactions. When performing an online banking operation a user can enter the account details and the intended amount of funds into the OCRA keypad, the device will take this information along with the time and the user's unique key to generate and attach a digital signature to the exchange, ensuring that any unwarranted third party data modification will immediately be detected.

Cross Validation
The OCRA challenge response process can be used to authenticate the identity of users in a variety of situations not strictly limited to online, for instance over the telephone, the process of deriving a seed based response from a specific challenge sequence can be used to validate the identity of a token operator. This identification interaction can be used to authenticate the validity of the institution or organization requesting personal information from the token operator as well.

'Dual Authentication' confirms the legitimacy of a website or server
Before a password is revealed the user must satisfy the challenge factor presented by the token. The challenge response system is based on a shared secret key which can also be used to verify the legitimacy of a website or server requesting personal information from a token user. "Dual Authentication" as this process is known, is becoming an ever more important precaution as instances of illegitimate data requests from cleverly constructed imposter sites are steadily on the rise.

User Interface	8-character high contrast LCD display Built-in keypad
Security Algorithms	OATH compliant challenge-response OCRA
Memory Type	Random Access Memory (RAM)
Endurance	More than 10,000 clicks
Battery Lifecycle	5 years
Operating Temperature	-10°C ~ 50°C (14°F ~ 122°F)
Storage Temperature	-20°C ~ 70°C (-4°F ~ 158°F)
Humidity	5% ~ 90% without condensation
Physical Resistance	Tamper evident IP54 ingress protection (under evaluation)
Feature varies according to product model

Multiple high level security featured based on one PIN centric OTP device
Enjoy the benefits of having a single hardware device which can provide on board clock (time) based one time password (OTP) unique log-on credentials, in addition to the challenge and response (OCRA) code for sophisticated two way authentication between entities with knowledge of the unique key, in addition to the secure signing of data, transactions, emails, or other sensitive information.

Dynamic Password as established through a Challenge and Response
OCRA Token by Feitian can generate a dynamic one time password (OTP) in response to a challenge factor sent by an authentication server. The dynamic challenge-response algorithm, responsible for password sequence creation, which serves as the foundation of OCRA Token is based on the criteria of the Open Authentication consortium of open source security providers. Before a password is revealed the user must satisfy the challenge factor presented by the token. The challenge response system is based on a shared secret key which can also be used to verify the legitimacy of a website or server requesting personal information from a token user.

Available as part of a complete solution with FEITIAN FOAS
FEITIAN OATH Authentication Server (FOAS) is a trusted and secure back end server engineered to operate seamlessly with all FEITIAN products. Utilizing OCRA Token as part of a complete solution saves organizations on IT overhead, maintenance, and upkeep.

OATH based algorithms interoperate with any compliant back end server
As a member of the Open Authentication consortium FEITIAN Technologies Co. Ltd. manufactures products that are fully interoperable with back end authentication systems engineered to comply with the international OATH standards.

Multi-functional PIN protected token provides higher security feature
PIN protected device. After a limited number of invalid PIN login, the device is blocked automatically.
Support secure remote token unblock mechanism
Dynamic password generation uses both the challenge code from authentication server and time factor. Multi-factor algorithm brings higher security than single -factor dynamic password.
Transaction signature protects the integrity of transmitted data
Server authentication guarantee the validity of service provider to prevent fraud attack
Two-way authentication brings higher security for both the application server and the end-users

OATH compliant challenge-response OCRA token
Compliant with OATH open algorithm
Easy to be integrated with 3rd party OATH authentication system
PSKC format seed code available

Easy to use and portable
Zero software install at client side
Zero footprint authentication
Simple one-click to generate the one-time-password
Independent to end-user environment. No external connection is needed
Compact casing design. Easy to carry

OTP hardware token with built-in PIN pad
Large buttons PIN pad
High contrast LCD display
Accurate Real Time Clock (RTC)
Non-replaceable built-in battery
Secure Random Access Memory (RAM)
Unique token serial number

Secure, robust and long life hardware design
Battery lifetime expectancy 5 to 7 years
Seed code stored with encryption and protection
Tamper evidence

Flexible customization options
Customizable pass code length and welcome screen
Customizable OTP refresh frequency (for time based algorithms)
Faceplate, casing color and serial number customizable
Customizable industrial and end-user packaging

Highly applicable device supports FOAS server
Protect application servers of computer system, such as computer login, network login, WLAN login, server login, Website login, mail system login, database login and other application server login.
Protect network devices such as routers, exchange servers, firewalls, VPNs, as far as the device supports RADIUS protocol for authentication.
Protect application servers of telephone networks, such as telephone banking, telephone stock market and telephone shopping etc.
Protect application servers of mobile phone networks, such as mobile phone banking, mobile phone stock market and mobile phone shopping etc.
Protect application servers of digital TV (DTV) networks, such as DTV banking, DTV stock market, DTV gaming and DTV shopping etc.
Broadly used in finance, insurance, taxation, customs, business, offices, education and entertainment areas with no special request on application server terminals.

OTP c300
OTP c300 Flyer	Download Link

OTP Devices

OTP c500

Overview
Specifications
Features
Datasheet/Flyer

Support multiply systems and cards
R711 smart card reader by FEITIAN is engineered to provide users withone-time-password, challenge/response and digital transaction signingfor online exchanges, generating a complete smart card solution.Identity authentication and secure internet transactions are madeavailable through the client facing R711 reader interface which connectsseamlessly to all major user operating systems and card providers.

Complies with EMV/CAP standard Using in Financial Services
R711 smart reader is completely complies with EMV/CAP standard. Themodel is widely utilized in public and private enterprise with highlyconcentrated deployment in the financial services industry to performsensitive tasks such as online banking, money transfer, mobile bankingand payment.

Casing Material	ABS + PC
Dimension (LÃ—HÃ—W)	60 Ã— 91 Ã— 10 mm (23.6 Ã— 35.8 Ã— 3.9 inches)
Weight	45 g
LCD	ASCII characters (128 x 32 dot-matrix)
Keypad	Numeric: 0 - 9 Function buttons Confirm & delete buttons
Operating Temperature	-10Â°C ï½ž 50Â°C (14Â°F ï½ž 122Â°)
Storage Temperature	-20Â°C ï½ž 70Â°C (-4Â°F ï½ž 158Â°F)
Battery	Replaceable*
IC Card Interface	Contact card
OTP length	customizable
Certification	ISO/IEC 7816 CE/FCC/ROHS EMV CAP
Feature varies according to product model

Easy To Operate

Built-in LCD and Numeric Keypad

EMV Chip-Card Support

Multiple Functions
Event-based OTP (CAP Mode 3)
Challenge/Response (CAP Mode 1)
Transaction signature (CAP Mode 2 + TDS)

High Security
Smart card based
One-time-password strong authentication

Flexibility To Customize
Professional OEM available (Casing/Faceplate/Logo)
Smooth transaction flow

OTP c500
OTP c500 Flyer	Download Link

OTP Devices

Mobile OTP

Overview
Benefits
Features

Modern Solution for Modern Living
Developments in mobile communication technology have revolutionized the way that people interact and access information. Mobile devices are constantly evolving to serve a host of complex functions and services which are increasingly focused on sensitive matters such as commerce, business and personal information. Mobile OTP by Feitian is a convenient and easy to use application that enables users to harness the power of two-factor authentication for secure network log-in and key based challenge response protocol from their favorite mobile devices.

Powerful Access Restrictions Manage Risk from Loss or Theft
The strong authentication capabilities of Mobile Token are secured by the user's ability to change the access password as well as the number of acceptable trials and the time period that a password maintains it validity. Secured in a password protected application the powerful token features are limited exclusively to the rightful token proprietor.

Compatible with Time (TOTP), Event (HOTP) One Time Password (OTP) Protocols
HOTP utilizes a dynamic event based algorithm, creating a unique password in the form of a number sequence, regenerated for each new log-in. Once the user has confirmed themselves in the application, access is granted to the one time password which is retrieved on demand- with the push of a button. TOTP requires no user input to facilitate the change of log-in credentials, it is based on an algorithm that generates a new password to correspond to the passing of time and eliminates the possibility of passwords which can stagnate without user input for an indeterminate period of time.

Use in conjunction with OATH Challenge Response Algorithm (OCRA)
This enables the user to access the broad base of functions available with challenge and response technology. These features include the secure digital signing of transactions and sensitive data; once the digital signature is affixed to a file its content can not be altered by so much as one character without causing a revocation of the secure sign. The unique response sequence generated by a specific user challenge (as well as the reverse process) can be utilized to cross validate servers and websites making certain that the intended destination is not being misrepresented; a user can validate the system before logging in and entering sensitive data and likewise the system can validate the user to be assured that they are who they claim to be.

Feitian FOAS and Mobile Token: Working Together
The Mobile Token solution can be delivered as part of a more complete package by Feitian when used in tandem with the Feitian OATH Authentication Server (FOAS) back end token management system. Adopting Mobile Token in conjunction with FOAS helps institutions mitigate the scope of their IT infrastructure from overhead expenses to administration.

Users Are Empowered to Choose the Necessary Level of Security
Mobile Token by Feitian can support a range of Feitian security solutions (HOTP, TOTP, and OCRA) it is up to the end user to decide which level of security they require. HOTP is based on user input featuring a dynamic password that changes at the push of a button. TOTP is a clock based system that changes with the passing of time. OCRA is a challenge/response system that, in addition to strong authentication, can provide data encryption and cross-validation.

Activation Arranged by Preference
Users who opt for Online Activation must enter an activation address, an activation password, a username and a password or serial number of token on the online activation interface of the mobile phone token after connecting the mobile phone to the network. Alternatively users can decide to Activate Manually, using this offline approach users need to enter a token serial number, an activation password, and an activation code on the manual activation interface of the mobile phone token.

Customizations are available based on the application platform
For J2ME and Windows Mobile platforms you can choose online or manual activation, specify a web address for activation, Personalize with a logo and product picture and set the language interface

Be Yourself with Unique Mobile Identity Verification
Mobile Token by Feitian is equipped with a unique identification code which binds a set of specific authentication credentials to a certain mobile device. This measure effectively prevents the unauthorized use of personal Mobile Token features since the identification code generated by different devices vary.

Designed for compatibility with consumer favorite devices
Mobile OTP by Feitian was engineered for seamless compatibility with such popular mobile device platforms as: Android, iPhone, etc.

Strong two-factor authenticator through dynamic password technology
Unique password generated each time, password cannot be reused
Minimum change to existed static password authentication system

OATH compliant event-based HOTP, time-based TOTP and challenge-response OCRA algorithms
Compliant with OATH open algorithm
Easy to be integrated with 3rd party OATH authentication system
PSKC format seed code available

Easy to use and portable
Simple one-click to generate the one-time-password
No PIN needed
Independent to end-user environment. No external connection is needed
Easy to carry on a key ring

Single-button OTP hardware token
8-character high contrast LCD display with a count-down timing bar
One built-in button
Onboard accurate Real Time Clock (RTC)
Non-replaceable built-in battery
Secure Random Access Memory (RAM)
Unique token serial number

Secure, robust and long life hardware design
Battery lifetime expectancy 5 to 7 years
Seed code stored with encryption and protection
Tamper evidence

Flexible customization options
Customizable 6 or 8 digits pass code
Customizable OTP refresh frequency (for time based algorithms)
Faceplate, casing color and serial number customizable
Customizable industrial and end-user packaging

Support FOAS server
Standard Radius authentication service
Easy to integrate with a wide range of authentication and access gateway solutions
Centralized authentication and graphical management system
Stable performance under heavy duty environment

OTP Devices

FEITIAN OATH Authentication System

The value of an institution depends significantly on the way that critical communications, transactions, and sensitive data is maintained. Stable regulation of access to information networks is the cornerstone of the trust relationship necessary to conduct successful operations in the climate of contemporary commerce, exchange, or management.

The fixed username and password schemes that proliferate across a vast majority of servers, websites, and networks are largely ornamental and provide little to no defense against the highly advanced and specialized tools wielded by modern cyber criminals, in addition to their susceptibility to being misplaced, misused, lost, guessed, or stolen. One time password (OTP) technology is a proactive measure that institutions can adopt to quell the danger of the threat posed through this inherent weakness. OTP functions on the basis of a constantly regenerated numeric password sequence stored on a hardware token distributed to end users; a unique password is created and subsequently entered to gain access at each log-in.

The hardware token is but a small part of the overarching procedure at work, what is of primary importance is the back end authentication server. Feitian OATH Authentication Server (FOAS) is the man behind the curtain ensuring the smooth functioning production and recognition of passwords stored on a userâ€™s personal token. FOAS is engineered to comply fastidiously with the stipulations set forth by the initiative for open authentication (OATH) consortium, a group which unites the foremost industry experts and specialists in the field of strong authentication and determines standards of easy integration and mutual interoperability of product offerings by participating members. As such FOAS can be used seamlessly with any products certified to the OATH criteria making it a highly adaptable back end server solution.

When used in conjunction with components of the Feitian family of OTP products FOAS delivers a complete linear solution which streamlines all authentication procedures from deployment to provisioning and maintenance; significantly reducing IT overhead expenses. FOAS is a multi-channel identity verification system which can simultaneously validate the user to a server and vice versa. Moreover, FOAS can establish a highly secure communication environment by providing digital signatures for web based transactions.

FOAS is a centralized management interface that allows for the convenient centralization of different organizational systems. One of the added benefits of the inclusive compliance architecture by Feitian is the ability of FOAS to support a wide range of operating platforms, authentication protocols, programming languages, and web scripts. FOAS seamlessly integrates with existing third-party authentication components as well as systems based on Radius protocol. Within the FOAS system administrators can easily regulate functionality of all users, hardware tokens, agents and log requests. Basic functions such as adding, auditing, editing, and deletion are supported through organized and intuitive profile grouping. Primary operators can assign and differentiate the level of access rights and privileges for separate accounts as well as delegate responsibility by specifying distinctive management roles for various accounts.

Within the FOAS system the process of token integration can be simple and intuitive. Typically there are three integration methods. When feasible, one of the most convenient ways is to use the existing Radius protocol on the application server to install authentication agents. Installation of OTP can also be done through the use of authentication agents which can save the time and energy it takes to develop oneâ€™s own authentication agent. SDK interface integration offers the highest level of flexibility for the application server with the ability to provide functions that are not covered in the previous two methods, however, it is not recommended for all deployments.

Essentially FOAS is comprised of three main components, they include: The authentication server, the management tool, and the authentication agent. Supplementary parts are the OTP server database management system, the SDK interface for customization and the end user OTP hardware tokens.

The authentication agent functions as a bridge between the authentication server and an application server. When an end-user logs in the application server, an authentication request is sent and a result received from the authentication server through the agent in order to decide whether the request is valid. The authentication agent is not necessary in every deployment scenario; applications integrated through Radius have no need for an agent.

The management tool has an easy-to-use web interface to provide remote management and maintenance of end-users, OTP token, authentication servers, authentication agents and log information from the database. The database management system is the foundation of the OTP Server Authentication System containing most of the system data. Database management system can be chosen according to the specific demands of the client.

Benefits
FOAS is commonly acceptable across a wide range of platforms
FOAS can integrate smoothly into all major operating systems and support multiple databases with ODBC or other specific interface connection. The FOAS system also maintains full set development interfaces in various programming languages.

System management is centralized and accessible
The web-interfaced management tool provides for secure remote management. Administrating the host of flexible settings is regulated through central authentication for networks or computer operating systems. Support multiple authentication services with different authentication settings on one computer.

Proven track record in the seamless execution of large scale highly diverse deployments.
FOAS handles loading balancing for multi-authentication services with up a concurrent service rate which can satisfy thousands per second and concurrent support for up to ten million end-users. The system was engineered for co-operability with various authentication agents.

OTP Server Authentication System largely enhanced the security of application servers
Dynamic passwords are randomly generated unique numeric sequences used as log-in credentials. Use of dynamic passwords can prevent threats like replay, peep or monitoring. Fixed password can be used together with dynamic passwords to form two-factor authentication.

FOAS is fully available with the entire suite of Feitian OTP products including C300
With FOAS as a stable back end foundation users can adopt the Feitian hardware solution that best fulfills their specific demand. OTP c300 token is improved by PIN protected access, both the challenge code and time-factor component are necessary to initiate a challenge-response dynamic password or transaction signature. End-users can choose to cross validate an application server and vice versa, preventing leakage of sensitive personal data.

OTP Server Authentication System V3.0 is an extraordinary complete value system
Intellectual property rights are self-owned so there is no need to worry about hidden costs. Localized development and production lower transportation and customs expenses and provide timely after-sales service. Multi-lingual GUI design is provided standard. Full provisioning of configuration and management tools is also standard. Advanced pre-sales and after-sales services are made fully available at a nominal charge.

Design a custom tailored solution to satisfy unique circumstance and requirements
Choose which platform hosts and which database maintains application server. Both installation packages and the full set of API interfaces are provided for efficient implementation. OTP Server Authentication System V3.0 is equipped with powerful management tools to simplify end user oversight.

Features
1. Automatic Synchronization
The authentication server has the flexible feature to automatically synchronize a token during authentication if the token is found to be out-of-sync.

2. Multiple Token Supports
As for hardware tokens, OTP Server Authentication System V3.0 supports event-based OTP c100, time-based OTP c200, challenge-response OTP c300 and event-based-and-PKI-combined OTP c400 tokens.
OTP Server Authentication System V3.0 also supports mobile phone tokens based on event, time or challenge-response.
Again, OTP Server Authentication System V3.0 supports soft tokens based on event, time or challenge-response.

3. Multiple Authentication Methods
For systems that do not demand high security, it can be set to use single dynamic password to authenticate an end-user. Advantage of this method is that there is no necessity to remember another fixed password however security is quite low.

Dynamic passwords can be used together with fixed password to log in application servers that does not demand very high security. This method is commonly used to bring secure authentication of current application servers to the next level.

Challenge-response authentication method is normally used in application servers which demand high security and have end-users with advanced technology knowledge. The disadvantage of this method is that authentication process involves many steps. However, it brings higher interactivity and security to the application server.

Application servers sometimes use double-way authentication method against fake application server. End-users, before proving their personal information, can verify the real application server.

For application servers which want to authentication critical transactions, transaction signature authentication method can be used. This is to make those critical transactions are indeed made by the end-user who claims to be.

4. RADIUS Server Support
According to pre-configured settings, the authentication server can send authentication request to a designated RADIUS server and collect authentication result to send back to the application server

5. High Performance
The authentication server supports more than ten million concurrent end-users, and single server can reach concurrent processing rate of 3000 times per second.

6. Multiple Algorithms
HOTP algorithm from OATH;
TOTP algorithm from OATH;
OCRA algorithm from OATH;
SM3 algorithm from National Security Standard

7. Prevention of Dictionary Attack
When the authentication server finds that a particular end-user has failed a certain times (can be pre-configured) of authentication, it will lock that end-user. During locking, the authentication server will refuse authenticating this end-user until he/she has been unlocked. This is an effective prevention for dictionary attacks.

8. Prevention of Denial-of-Service Attack
The authentication server will delay sending a failed authentication result, which effectively prevents denial-of-service attacks.

Smart Card Reader

R301 Smart Card Reader

Overview
Specifications
Features
Datasheet/Flyer

Feitian R301(Rockey 301) is a CCID compliant smart card reader with USB 2.0 full speed support. It offers a plug-and-play solution saving the effort on driver installation and system compliance checking.

Feitian R301 can be adopted in smart card-based applications, such as e-Banking, e-Government, e-Payment, access control, network security and more.

Interface	USB 2.0 Full Speed
Supply Voltage	USB Interface, 5VDC
Supply Current	<50mA
Clock Frequency	4MHz
Operating Temperature	0°C ~60°C
Humidity	≤90% No condensation
Standards & Specifications	ISO-7816 PCSC,CCID EN 60950/IEC 60950 CE, FCC EMV 2000 LEVEL 1 RoHS
Supported CPU Cards	ISO-7816, T = 0 and T = 1 ISO-7816, Class A, B and C Card Clock Frequency: 4MHz Read-Write Speed:9600bps~344086bps
Supported OS	Windows2000/xp/2003/2008/windows 7 Linux Mac OS X Solaris

USB 2.0 Full Speed Device

Compliant with PC/SC, CCID Standards

Supports ISO-7816-1/2/3 T=0 and T=1 Protocol

Supports ISO-7816 Class A,B and C Cards

Supports Protocol and Parameters Selection (PPS)

Short Circuit Protection

Compliant with EMV Level 1

Supports GSM 11.11 SIM Cards

Microsoft WHQL 2000, XP, 2003, 2008, Vista, Windows 7

Support Windows 2000/XP/2003/2008/Vista/Windows7 Linux, Mac OS X, Solaris

R301 Smart Card Reader/Auto
R301 Smart Card Reader Flyer	Download Link

Smart Card Reader

R502 Smart Card Reader - Dual

Overview
Specifications
Features

R502 is a dual-interface smart card reader developed by Feitian Technologies. It is based on CCID driver. It supports not only contact cards compliant with ISO 7816 but also contactless cards compliant with ISO 14443 and contactless cards following Mifare standard. It also provides SIM card slots for many kinds of smart card applications. Moreover R502 comes with the SAM slot suitable for GSM 11.11 cards.

R502 is a terminal interface device for smart card applications and system integrations. With support for smart cards using different interfaces, R502 can be widely used in industries or applications requiring electronic payment and authentication, especially suitable for the high security fields. It is an optimal solution for authentication, e-commerce, financial organizations, access control etc.

Interface	USB 2.0 Full Speed
Supply Voltage	USB Interface, 5VDC
Supply Current	< 100mA (Without Card Plug-in)
Operating Temperature	0°C ~60°C
Humidity	≤90% No condensation
Standards & Specifications	ISO-7816 PCSC,CCID EN 60950/IEC 60950 CE, FCC, RoHS EMV 2000 LEVEL 1
Supported Contact Cards	ISO-7816, T = 0 and T = 1 ISO-7816, Class A, B and C Card Clock Frequency: 4MHz Read-Write Speed:10753bps~344086bps
Supported Contactless Cards	ISO 14443 Type A and BMifare Classic and Mifare Ultralight C Card Clock Frequency: 13.56MHz Card Read/Write Speed: 106kbps Operating Distance: 5cm~10cm
Supported OS	Windows2000/xp/2003/2008/windows 7 Linux Mac OS X Solaris

Features:

USB 2.0 full speed device
Compliant with PC/SC, CCID standards
Firmware supports upgrading in encryption
Reader ID is configurable
Compliant with EMV Level 1
Supports GSM11.11 SIM cards
Microsoft WHQL 2000, XP, server2003, Vista, 2008, Windows 7
Supports Windows 2000/XP/server2003/Vista/2008/Windows 7, Linux and MacOS

For Contact Cards:

Supports ISO 7816 T0 and T1
Supports ISO 7816 class A, B and C
Built-in SAM card lots suitable for GSM11.11 SIM cards

For Contactless Cards:

Built-in antenna
Supports contactless smart cards compliant with ISO 14443 type A and B
Supports Mifare classic and Mifare Ultralight C
Contactless function can be turned off in specific environment

Smart Card Reader

R502-CL Smart Card Reader

Overview
Specifications
Features
Datasheet/Flyer

FEITIAN Reader R502-CL is a contactless smart card reader developed by Feitian Technologies. It is based on CCID Driver. It supports contactless cards compliant with ISO 14443 and contactless cards following Mifare standard. Developers use it as a platform to generate and deploy related products and services. Moreover, FEITIAN Reader R502-CL is a terminal unit which is seamlessly integrated to all major systems of operation. Additional features such as the built-in inclusive support for different smart card interfaces has facilitated the wide scale and cross industry adoption of Reader 502-CL.

R502-CL is a terminal interface device for smart card applications and system integrations. It can be widely used in industries or applications requiring electronic payment and authentication, especially suitable for the high security fields. It is an optimal solution for authentication, e-commerce, financial organizations, access control etc.

Interface	USB 2.0 Full Speed
Supply Voltage	USB Interface, 5VDC
Supply Current	< 100mA (Without Card Plug-in)
Operating Temperature	0°C ~60°C
Operating Humidity	0 to 90%RH non-condensing
Storage Humidity	0 to 90%RH non-condensing
Standards & Specifications	ISO 14443 Mifare PC/SC,CCID EMV 2000 Level 1 CE,FCC RoHS Supported Contactless Cards ISO 14443 Type A and B Mifare Classic and Mifare Ultralight C
Supported Contactless Cards	Card Clock Frequency: 13.56MHz Card Read/Write Speed: 106kbps Operation Distance: 5cm~10cm
Supported OS	Windows2000/xp/2003/2008/windows 7 Linux Mac OS X Solaris

USB 2.0 full speed device

Compliant with PC/SC, CCID standards

Firmware supports upgrading in encryption

Reader ID is configurable

Compliant with EMV Level 1

Build-in antenna

Supports contactless smart cards compliant with ISO 14443 type A and B

Support Mifare classic and Mifare Ultrglight C

Contactless function can be turned off in specific environment

Support Windows 2000+/Linux/Mac OS X

R502-CL Smart Card Reader
R502-CL Smart Card Reader Flyer	Download Link

Smart Card Reader

bR301 - Blue Tooth Smart Card Reader

Overview
Specifications
Features
Datasheet/Flyer

FEITIAN bR301 has been designed with convenience and security in mind.
Though the easy to integrate blue tooth connection developers are able to easily integrate smart card applications for higher security and flexibility on all mobile and pc devices supporting Bluetooth.
The easy to integrate blue tooth connection allows developers to easily integrate smart card applications for higher security and flexibility on all mobile devices and PCs supporting Bluetooth.
The bR301 allows for wide scale adoption of smart card applications.
PKI used in the working environment can be transformed to a mobile solution, while mobile payment companies are able to offer wider coverage working on all device platforms.
Through the MicroUSB port the bR301 acts as a standard smart card reader compliant with PC/SC, CCID Standards.
bR301 suits customers where security concerns are the most salient and satisfies the demand for a flexible solution for ID authentication, e-commerce, e-payment, information security and access control.
bR301 and the rest of FEITIAN’s line of smart card readers offer each customer a complete solution for all manner of utilizations.

Basic Parameters

Working Voltage	3.3V
Working Current	< 55mA
Communication Rate	10753~344086bps
Supported Card Type	T0,T1,CLASSB,CLASSC,CLASSBC
Communication Rate with iOS	115200bps
Working Temperature	0°C to 50°C (32 to 122°F)
Storage Temperature	- 20°C to 70°C (-4 to 158°F)
Operating Humidity	60 to 90%RH non-condensing
Storage Humidity	60 to 90%RH non-condensing
Port	Bluetooth/Micro USB
Device Type smart card	Contact(smart card)
Enclosure Type	External
External	15
Expansion Slot(s)	1 x Smart Card
Battery	890mAh
Charging Port	Micro USB
Dimension	64mm(2.51in)wide85 mm(3.35in)high13.5mm(0.53in)thick
Material	PC+ABS
Card Deck	8 contact points (ISO7816 standard)100000 plugging and unplugging times
Supported OS	iOS/Android/Blackberry(developing)
Certification	CE/FCC/MFI/RoHC(pending approval)

Wireless Communications

Communications protocol	2.4GHz frequency ISM band. IEEE 802.15.1(Bluetooth) with full security enabled
RF Transmissions Range	Less than half a meter
Data Throughput	750kb/s to 1MB/s
Communications data	AES-128
encryption
Customizable items	Logo/case color/ Shell surface treatment process

USB 2.0 Full Speed Device

Compliant with PC/SC, CCID Standards

Support ISO-7816-1/2/3 T=0 and T=1 Protocol

Support ISO-7816 Class A,B and C Cards

Compliant with EMV Level 1(pending approval)

Provide third party development library

MFI specification(pending approval)

Support auto-PPS

Support iOS/Android/Linux/Mac OS X/Windows

bR301 - Blue Tooth Smart Card Reader
bR301 - Blue Tooth Smart Card Reader	Download Link

Smart Card Reader

iR301 - Mobile Smart Card Reader

Overview
Specifications
Features

FEITIAN iR301 is a terminal unit which can be used for developing smart card application. With the supporting of different smart card interfaces, iR301 have found wide application in many corporations and industries.

IR301 suits customers where security concerns are the most salient and can be widely use on ID authentication, e-commerce, e-payment, information security and access control.

FEITIAN‘s rich reader product line can offers complete solution for all customer types at all levels.

Working Voltage	3V
Working Current	< 60mA
Communication Rate	10753~344086bps
Supported Card Type	T0,T1,CLASSB,CLASSC,CLASSBC
Communication Rate with iOS	9600~57600bps
Working Temperature	0°C to 50°C (32 to 122Â°F)
Storage Temperature	- 20°C to 70°C (-4 to 158°F)
Operating Humidity	0 to 90%RH non-condensing
Storage Humidity	0 to 90%RH non-condensing
Port	iDock Port
Dimension	58428mm (2.28—1.65—0.31 inches)
Casing	Kirksite + Acrylic
Card Deck	8 contact points (ISO7816 standard) 10000 plugging and unplugging times
Supported OS version	iOS3.1.3+
Certification	CE/FCC/MFI/RoHS
Supported OS	Win2000+/Linux/Mac OS X/Solaris/Android/iOS

EMV level 1 applied and MFi certified

Support multiple contact smart card, support T0, T1 card which conform ISO7816 protocol

Offer a standard size contact card deck, support CLASSB, CLASSC, CLASSBC card which conform ISO7816 protocol

Provide API to modify parameters (ATR Baud Rate, WWTâ€¦)

Provide secondary development library

Support iOS device through apple dock port

Support auto-PPS

Support Win2000+/Linux/Mac OS X/Solaris/Android/iOS platform

Smart Card Reader

iR301 - Mobile Smart Card Reader

Overview
Specifications
Features

FEITIAN iR301U-C is specially designed to accommodate a range of smartcard applications. Developers use it as a platform to generate and deploy products and services. Moreover FEITIAN iR301U-C is a terminal unit which is seamlessly integrated to all major systems of operation. Additional features such as built-in inclusive support for different smartcard interfaces has facilitated the wide scale and cross industry adoption of iR301U-C.

iR301U-C suits the customers where the security concerns are most silent and satisfied the demand for the flexible solution for ID authentication, ecommerce, e-payment, information security and access control.

iR301U-C offers customer a complete solution for all manner of utilization.

USB	USB2.0 (Full Speed)
Dimension (L X H X W) (for iPad)	259.6 X 188.2 X 16.5mm
Dimension (L X H X W) (for iPadmini)	216.6 X 140.2 X 15.5mm
Casing Material	PC+ABS
Port	30-pin Dock / Lightning Connector (For iPad Mini)
Operating Current	<80mA
Operating Temperature	0C ~ 50C
Storage Temperature	-20C ~ +85C
Supported Card Type	ISO7816, T=0 & T=1, Class A, B, C, AB, BC, & ABC
Operating & Storage Humidity	<90%RH non-condensing
Card Slot	8 connect points (ISO7816 standard), 10000 plugging and unplugging
Supported OS	iOS4.3+
Certification	CE/FCC/MFI/RoHS/EMV L1

Support multiple contact smart card, support T0, T1 card which conform ISO7816 protocol.
Offers a standard size contact card deck, support CLASSB, CLASSC, CLASSBC card with conform ISO7816 protocol
Provide API to modify parameters (ATR Baud Rate. WWT…)
Provide secondary development library
Supports iOS device through dock/lightning
Support auto-PPS

Smart Card Reader

aR520 - Swipe Card Reader

Overview
Specifications
Features
Datasheet/Flyer

FEITIAN aR520 is swipe card reader and NFC contactless reader specially engineered to accommodate a range of smart card applications. Developers use it as a platform to generate and deploy related products and services. Moreover, FEITIAN aR520 is a terminal unit which is seamlessly integrated to all major systems of operation. Additional features such as the built-in inclusive support for different smart card interfaces has facilitated the wide scale and cross industry adoption of aR520.

aR520 suits customers where security concerns are the most salient and satisfies the demand for a flexible solution for ID authentication, e-commerce, e-payment, information security and access control.

Basic Parameters	Working Current	50-80mA
	Communication Rate	8000bps
	Supported Card Type	ISO 14443 standard Type A/B, Mifare, Felica, Mifare tag 1 MSR
	Working Temperature	0°C to 50°C (32 to 122°F)
	Storage Temperature	- 20°C to 70°C (-4 to 158°F)
	Operating Humidity	0 to 90%RH non-condensing
	Storage Humidity	0 to 90%RH non-condensing
	Size	595012mm
	Port	3.5mm audio jack/Micro USB(Type B)
	Supported OS	Android 2.2+/iOS4.3+
	Certification	CE/FCC/MFI/RoHS
	Lights	Red/Yellow/Blue colors
Battery	Electricity	330mHa
	Charging time	2hours
	Max work time(full speed)	Around 2hours(depends on cards)
	Standby time	Around 20hours
Custom items	Casing	Can be OEM
	LOGO	Custom logo
	Firmware	Can do OEM firmware
Communication Security	Support DUKPT(Derived unique key per transaction)
Hardware Security	Support Card short circuit protection Support firmware upgrading

General

330mHa battery inside, full speed can work more than 2h, standby 20h
Full battery only need charging 2hours

Contact part

Support magnetic strip card
3.5mm standard headphone jack & MicroUSB
Support track 1,2,3 and key management with DUKPT(3DES&AES)
Low battery consumption
Micro-USB port for pass-through charging

Contactless part

Firmware supports upgrading in encryption
Supports contactless smart cards compliant with ISO 14443 type A and type B, Mifare card, Felica
Through beeper and light to informed reader/card/battery status

aR520 - Swipe Card Reader
aR520 Datasheet	Download Link

PKI & Java Card

Certificate Based - PKI Smart Card

Overview
Specifications
Features
Datasheet/Flyer

ePass PKI series smart card are designed to store user's personal identity information, digital certifications, and private keys, working together with Feitian's PKI manger to provide a comprehensive and salable security solution that meets customers' needs for strong authentication, encryption and digital signatures.

ePass security PKI is easy to be integrated into different authentication platforms which offer tailored solution appropriate for business, organizations, financial institutions, healthcare, governments and retail industries by providing e-Payment, ePassport, e-ID, e-Health, e-Ticket with enhanced security assurance.

Platform	Windows â€“Win2000/XP/Server2003/Vista/Server2008/7 Linux MacOS* *In Mac OS, use OpenSC middleware.
Standards	Microsoft CAPI, PKCS #11, PKCS #15 Model available for OpenSC X.509 v3 certification storage, ISO7816 compliant, T0/T1
User Memory	64KB
Algorithms	RSA1024/2048 ,DES, 3DES, AES and SHA-1,SHA-2
Card Operating Voltage	3V/5V
Data Retention	Over 10 years
Memory Rewrites	Over 500,000

Built-in high performance smart card chip
Onboard DES, 3DES, MD5, SHA-1, RSA 1024/2048
Support AES, SHA-2 and others.
Onboard RSA key pair generation, private key can never be retrieved.
Onboard digital signature general and verification
Compliant with ISO/IEC 7816-1,2,3,4,8,9
User memory up to 64KB and support multiple key pairs storage.
Standard Microsoft CAPI and PKCS #11 support
PKCS # 15 compliant, seamlessly integration with OpenSC applications

Certificate Based - PKI Smart Card
Certificate Based - PKI Smart Card Datasheet	Download Link

PKI & Java Card

Certificate Based - Java Card

Overview
Specifications
Datasheet/Flyer

Feitian Technologies Java Card Operating System(FTJCOS), has been meticulously designed to conform to the strict standards of the Global Platformand ISO industry; thereby ensuring a uidity andseamless interoperability of applications for cardissuers as well as solutions developers.
FT Java Card maintains compatibility with thirdpartyapplets as well as all existing smart cardinfrastructures. is practice facilitates multiplesourcing of the components within the smart card solutions.
FT Java Card enables standard applications of aparticular card issuer to be put into the ROM therebysignicantly reducing the EEPROM requirements.

Dual-Interface Supporting
FT Java Card users can custom tailor the solution to fit their specific needs, offering optional support for RSA coprocessor, contactless communications, and GSM protocol features.

Cost Effective Pricing
FT Java Card and JCOS are eective solution for simpler low-costimplementations as well as the high-end of multi-controller configurations.

Cross Platform
The results of multiple cross -platform tests determine that FT JavaCard consistently ranks higher in application performance thancompetitive Java Card implementations, including those implementations running on 32-bit platforms and proprietary cards.

Java Authorized Licensees
Fundamentally based on international standards of smart card open source operating system
specifications as endorsed by Sun Microsystems (Oracle), the GlobalPlatform consortium, the International Organization for Standardization (ISO), EMV, et.cetera. FTJCOS is available for licensing across the smart card value chain and across industries.

Multiple Cryptography Solution
FT Java Card oers RSA 2048-bit length and the ability to generateRSA key components to the highest standard of card security.Security protocol hashing methods MD5 and SHA1 are available as well.

Certificate Based - Java Card
Certificate Based - Java Card Datasheet	Download Link

POS

POS - ePayPOS5000

Overview
Features
Datasheet/Flyer

ePayPOS500 is a mobile payment terminal equipped with PIN pad and verification screen for magnetic strip cards or chip cards. This device is mainly designed for apple devices, such as: iPhone, iPad or iPod, as well as Android phones or tablets.

Simply by connecting our ePayPOS500 through the Bluetooth port on iOS or Android devices, you can immediately turn your cell phone or tablets into a mobile payment device.

The unique PIN pad design verifies the user’s identity and meets the PCI requirements for mobile payment industry. The verification screen also allows end users to see what detailed information will be sent from their credit cards before proceeding to final payment.

Our fashion-style designed ePayPOS500 enable payments in a mobile way. It greatly benefits retail stores, such as: barber shop, convenience store, taxi, restaurants, pizza delivery, and many other.

Micro USB/Bluetooth
Magnetic stripe cards Adapter
Chip cards Adapter
Multi-language support
USB charging port
10 digits and 5 function keys keyboard
LCD display screen
Android 2.2/2.3/4 and or above
iOS 4.0 and or above
Compliant with EMV Level 1/2
Optional secondary development library support
Support ISO-7816-1/2/3 T=0 and T=1 Protocol and CLASS A, B, C Cards
Magnetic strip: ISO 7811, track 1, 2, 3
PCI 3.0 certification (pending)
MFI certification
Bluetooth EPL certification
CE/FCC/RoHS/TQM (pending)
Support key management with DUKPT, MK/SK, and RSA
Tamper-resistant, anti-down protection

POS - ePayPOS5000
POS - ePayPOS5000 Datasheet	Download Link

Windows Smart Card Logon

Windows Smart Card Logon - By Using ePass

1.Overview
1.1 Introduction to Smart Card Logon
Smart Card Logon is a feature of Windows operating system introduced by Microsoft. It enables users to log in to the Windows system using a smart card and PIN, it replaces the tranditional user name and password login mechanism. And Smart Card Logon is considered a two-factors authentication method:

Users must present something they have (the smart card)
Users must present something they know (the PIN)

Usually, Smart Card Logon used in organization, government, health care and education, because it can help in following ways:

High level protection of administrator accounts.
Improved remote access security.
Higher integrity for logon credentials.
More flexible and security

1.2 Introduction to Feitian ePass Token
ePass Tokens of FEITIAN Technologies Co., Ltd. are secure carriers of personal digital certificates and private keys, which fully support the PKI security mechanism. With a number of solid features of smart card and protection of a personal PIN, private keys generated on the card can never be retrieved from the ePass token. Based on hardware chips ranging from the cost-effective secure MCU chip to the latest 32-bit smart card chip, ePass PKI products of FEITIAN provide flexibility and innovation in any PKI applications: the best-seller ePass2000, the high-performance ePass3000, the industrial-innovative biometric BioPass, the user-interactive InterPass, the Zero-Footprint GreenPass with Flash memories and the ePass token in SD card and card forms.

For more information, please refer to Feitianâ€™s website: www.ftsafe.com.
2.Windows Smart Card Logon Using ePass
2.1 Preparation

Please make sure that there is a Domain server has been deployed and configured, and a CA which can issue smart card certificate to Domain client.
Install the middleware of ePass token in client side.
Proved ePass models

ePass1000
ePass2000 FT12
ePass2003
ePass3000
PKI Card/PKI Token
Other moreâ€¦

2.2 Request a Smart Card Certificate

Open IE and login to the CA webpage, please see below image: Figure 1. Request a Certificate
Select Request a certificateadvanced certificate requestCreate and submit a request to this CA, choose Smartcard Logon for Certificate Templeate and choose the CSP for ePass token (here using ePass2003 as an example) and click Submit button, please see below image: Figure 2 Advanced certificate request
After submit request, you will be request to enter user PIN of ePass token, please see below image: Figure 3 Enter user PIN
Install the certificate into ePass token after generating key pair. Now, you may check the certificate using PKI manager tool of ePass token, please see below image: Figure 4 Check certificate using PKI manager

2.3 To Do Smart Card Logon with ePass Token
2.3.1 Add Client Computer into the Domain

If you have done this, please skip to this section. To join domain, open System Properties, please see below image: Figure 5 System Properties
Click Change button, enter the name of domain server in Domain field, please see below image: Figure 6 Enter domain name
After click OK, you will be request to enter the user name and password for login domain, please see below image: Figure 7 Enter user name and password
Click OK to continue, please see below image: Figure 8 Welcome window

Here the client has joined domain successfully. Please move to next step to continue.

2.3.2 Perform Smart Card Logon

After add the client into Domain, please follow the prompt message to restart the computer, and a smart card account will appear in Windows Welcome interface, please see below image: Figure 9 Smart card account
Insert the ePass token which include the smart card certificate which requested in previous step, and you will be request to enter user PIN, please see below image: Figure 10 Enter user PIN
Enter correct user PIN and logon.

2.3.3 Perform Remote Smart Card Logon (Remote Desktop Connection)
About Remote Desktop Connection
Remote Desktop is a service introduced by Microsoft, for helping network administrators with management and maintenance. Network administrators are allowed to connect to any computers on the network, which have the remote desktop control feature enable.
The remote Desktop connection is in the C/S (Client/Server) mode. Therefore, you must configure the server and the client for remote connection first. The server refers to the side that accepts the Remote Desktop Connection. The client refers to the side that initiates the Remote Desktop Connection.
A Remote Desktop Connection Server program must be installed on the server. Currently, only Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 support Remote Desktop Connection.
Please make sure that you have enough permission to do Remote Desktop Connection. In client, insert ePass token, open start menuAll ProgramsAccessoriesRemote Desktop Connection, the below image will appear:

Please make sure that you have enough permission to do Remote Desktop Connection. In client, insert ePass token, open start menuAll ProgramsAccessoriesRemote Desktop Connection, the below image will appear: Figure 11 Open RDC
Enter the IP address of domain server in the Computer field and click Connect button, the below image will appear: Figure 12 Enter user PIN
Enter correct user PIN of ePass token in Smart card account and click OK button to continue, please see below image: Figure 13 Connect successfully

Here you have logon to the remote server.
3. Reference
[1] http://technet.microsoft.com/en-us/

Windows Smart Card Logon

Windows Standalone Smart Card Logon - By Using EID Authentication with ePass

1.Overview
1.1 Introduction to EIDAuthenticate

EIDAuthenticate is the open source solution to offer smart card logon to every EID users.
As most logon programs require specific smart card driver, storage facility on the smart card itself or user process authentication, this program is the only one which does the authentication inside of the security kernel of Windows: even with signature only card, your data is safe. Made by certified security experts, EIDAuthenticate respects the spirit of the deep internal Windows security mechanisms and is not just a GUI. For example EIDAuthenticate is the only solution supporting natively the "force smart card logon" policy, used to secure the local administrator accounts in datacenters or to comply with HSPD-12. We know that trust is critical when implementing a two factors policy and that's the reason why EIDAuthenticate core is and will remain open source.
Supported System:
1. Windows Vista
2. Windows Server 2008 / 2008 R2
3. Windows 7

1.2 Introduction to Feitian ePass Token
ePass Tokens of FEITIAN Technologies Co. Ltd. are secure carriers of personal digital certificates and private keys, which fully support the PKI security mechanism. With a number of solid features of smart card and protection of a personal PIN, private keys generated on the card can never be retrieved from the ePass token. Based on hardware chips ranging from the cost-effective secure MCU chip to the latest 32-bit smart card chip, ePass PKI products of FEITIAN provide flexibility and innovation in any PKI applications: the best-seller ePass2000, the high-performance ePass3000, the industrial-innovative biometric BioPass, the user-interactive InterPass, the Zero-Footprint GreenPass with Flash memories and the ePass token in SD card and card forms.
For more information, please refer to Feitianâ€™s website: www.ftsafe.com.
2.Smart Card Logon with EIDAuthenticate Using ePass

2.1 Preparation

Install EIDAuthenticate (It includes both 32bit and 64bit, please install according to your own system environment).
Install the middleware of ePass token.
Proved ePass models
- ePass2003
- PKI Card/PKI Token
- ePass2000 FT12
- ePass3000
- Other moreâ€¦

2.2 Integrate EIDAuthenticate with ePass
Please open Control PanelSystem and Security, there will be a Smart Card Logon option at bottom, please see below image:

Figure 1 Smart Card Logon
Open this option you will find there are two methods for correspond different situation. We will introduce respectively in next section. Please see below image:

Figure 2 Smart card logon configuration
2.2.1 Use preconfigured card

If you have a smart card certificate in ePass token, you may choose this method, the below image will appear: Figure 3 Select certificate
Here will show all certificate found on ePass token, select a correct certificate and make sure the certificate has no problem and click Next button (if the certificate has a problem on Trust field, just click on â€œMake this certificate trustedâ€ to add the certificate to the â€œtrusted peopleâ€ store), the below image will appear: Figure 4 Enter password
Please enter administrator password of your system and check the option of â€œLaunch a test after the completion of this wizardâ€ and click Next button, the below image will appear: Figure 5 Enter PIN
Here will list all certificates in ePass token, select the certificate you configured before and enter correct PIN of ePass token and click OK button to continue the test, please see below image: Figure 6 Test result
If the above image appear, that means you can continue to do smart card logon.

2.2.2 Configure a new set of credentials

Choose this method allows you to create a new certificate on the ePass token, the below image will appear: Figure 7 Smart card logon configuration
This page provides three methods to create new certificate.
1. If you are the first time to run this wizard, please choose â€œCreate a new certificate authorityâ€;
2. If a certificate and a private key already exists, please choose â€œUse this certification authorityâ€;
3. You can also import a certificate with p12 format.
After that, click Next button. Below image will appear: Figure 8 Enter PIN
In this step, the user will be request to enter correct PIN of ePass token and click Login to continue creating certificate. The following image will appear:Figure 9 Select certificate
Note: From here, it is the same steps as using "Use preconfigured card".
Here will show all certificate found on ePass token, select a correct certificate and make sure the certificate has no problem and click Next button (if the certificate has a problem on Trust field, just click on â€œMake this certificate trustedâ€ to add the certificate to the â€œtrusted peopleâ€ store), the below image will appear: The following image will appear:Figure 10 Enter Password
Please enter administrator password of your system and check the option of â€œLaunch a test after the completion of this wizardâ€ and click Next button, the below image will appear:Figure 11 Enter PIN
Here will list all certificates in ePass token, select the certificate you configured before and enter correct PIN of ePass token and click OK button to continue the test, please see below image:Figure 12 Test result
If the above image appear, that means you can continue to do smart card logon. You can also check the certificate in ePass token by using corresponding PKI manager, please see below image:Figure 13 Check certificate in ePass token

2.2.3 Perform Smart Card Logon with EIDAuthenticate

Please restart the computer and make sure that ePass token has connected to the computer, then there is a smart card account will appear, please see below image: Figure 14 Smart card account
Click smart card account and enter correct PIN of ePass token to login.Figure 15 Enter user PIN

3.Reference
[1] http://www.mysmartlogon.com/products/eidauthenticate.html

Drivers & FAQs

Errors & Solutions

Problem 1: Error in downloading certificate.

Reason
	1. Root Chain is not installed in system.
	2. System is different from the one where the request was generated for digital signature.
	3. Certificate enrollment request is deleted or removed from system.
	4. Token is not detected or token driver is not installed or are uninstalled from the system.
	5. Key Pair is not generated while enrolling for digital signature request or is deleted from the token.
Resolution
	1. Install Root chain in system.
	2. Make sure you are using the same system from where the request was generated.
	3. Open the token manager and Log-in to token to check whether token is detected by system.
	4. After Login into the token check whether the key pair is present in it.

Problem 2: "Error in Creating CSR" while enrolling certificate request.

Reason
	1. Token is not attached to the system, or is not detected by the system.
	2. 'Cryptographic Service provider' is not selected properly.
	3. If the token is Aladdin/eToken 32K.
Resolution
	1. Make sure that the token drivers are installed in the system.
	2. Check whether the token is connected to the system, and you are able to login to the token.
	3. Do not use SHA1 Compatible tokens, like Safenet iKey or eToken 32K for enrollment.

Problem 3: ePass2003 is detected by the system whereas ePass2003Auto is not detected.

Reason	System may be recognizing both drivers, for ePass2003 & ePass2003Auto, as different driver.
Resolution	Click on Start button go to Run and type devmgmt.msc for opening Device Manager. In the console tree find the epass2003Auto, right click on it and select uninstall. Remove the token and reconnect it, system automatically recognizes the driver and the drivers will be installed successfully in the system.

Problem 4: "Your CA is not trusted".

Reason
	This Notification comes when Root Chain is not installed in system or the browser settings are not proper.
Resolution
	1. Install Root Chain in system.
	2. Make browser settings as per website guideline.
	3. Check Java version recommended by website.

Problem 5: "Application Blocked by Security Setting or Application cannot be Run."

Reason
	System settings do not allow downloading of the required java applet.
Resolution
	Open Control Panel ⇨ Double Click on Java Icon ⇨ Click on Security Tab. Set security level to medium and then click on Edit Site list button. Click on Add button and add Trusted site or site URL where you are performing task.

Problem 6: "Fake Path" while signing XML file on Income Tax website.

Reason
	1. Internet Explorer settings are not proper.
	2. Internet Explorer version is below 7.
Resolution
	1. Internet Explorer version must be above 7.
	2. Open Tools Menu ⇨ Internet option ⇨ Click on Security Tab ⇨ Here first set all security to default zone. Now click on Internet Icon then click on Custom button. Now 'Reset custom settings' to medium. Enable all ActiveX controls and plug-ins. If the ActiveX Enable setting is (not secured) then select prompt but not disable.
	3. In the User Authentication Logon Section select Automatic logon with current user name and password.
	4. Click on OK and Apply Settings.
	5. Now click on Second Icon Local intranet ⇨ Reset this Zone to Low, apply it.

Problem 7: "Invalid Digital Signature Certificate" while Registering or Uploading of return.

Reason
	Name mentioned in the Digital Signature does not match with the account details.
Resolution
	Update Profile settings with the details of the person whose digital signature certificate is being used for filling return. Check the Name in Verification Part in XML file or in Pre-paired return.

Problem 8: "Invalid Digital Signature While Login."

Reason
	Registered certificate does not match with the certificate used for login.
Resolution
	After renewal of the certificate you need to update it on the respective portal where you are using the certificate for login or for e-tender. Each tender site have different process for registration so you need to contact respective site vender helpdesk.

Problem 9: "The Microsoft Cryptographic Service Provider Reported an Error..." while signing MCA PDF Document.

Reason
	System Cryptographic Services are not working properly or respective security patch is not installed in System.
Resolution
	If you are countering error "The Microsoft Cryptographic Service Provider reported an error:" in Adobe Acrobat Reader while signing MCA Documents. This error may face in Adobe Acrobat Reader Version 9.0 and above, this is error of Adobe Acrobat and not of USB Token, may face this error in any USB Token. Here is the link for the solution of the same: http://www.charteredinfo.com//DSC/TokenDrivers/AdobeReaderwithSecurityInstallation.zip Above link is for complete Adobe Acrobat Reader Download with Security Installation prompting to solve above error, details document included in above link, read instructions document carefully before installation.

Problem 10: Some ePass2003 tokens are not recognized.

Reason
	This problem is very rare and arises because the hardware chip in the token is not compatible with the latest driver version.
Resolution
	Please find the folder on the below link: http://www.charteredinfo.com/DSC/TokenDrivers/Token-Not-Recognized.zip , If the token is not getting detected by Windows or even ePass2003 drivers, please plug in the token in USB port and try running Step 1 and then Step 2 Application from the downloaded folder. Steps are as follows: Plug In token in USB Port. Run Step 1 - you will get message "Initialize Successfully". (Do not run Step 1 in case there is Certificate in token, Certificate in token will get erased – no issues in case of blank token.) Run Step 2 - and on successful up-gradation of token you will get message Upgraded Successfully. Plug out and Plug in token. Windows/Drivers will detect the token.

Problem 11: Token is not detected by system.

Reason
	1. Token drivers are not installed correctly or services are not running.
	2. Policy or Admin Rights issue.
	3. Same as Problem No. 10.
Suggestions
	1. Make sure token driver is installed correctly and you are able to login to the token.
	2. Verify that all required services for token is started and working fine. These services are Smartcard Services {Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.}, Cryptographic Services {Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.}, Certificate Propagation Services {Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.}. Open the Run Prompt (Window Key + 'R') and enter services.msc, Right Click on above mentioned service and select restart.
	3. Same as Problem No. 10.

Problem 12: How to verify Smartcard Services is running in system?

To check if the smart card services are running,

Press Ctrl+Alt+Del and then click 'Start Task Manager'.
In the 'Windows Task Manager Dialog Box, Click the Services Tab.
Click the Name column to sort the list alphabetically, and then type S.
In the name column, look for scardsvr, and then look under the status column to see if the services are running or stopped.

Problem 13: How to restart Smartcard Services in the system?

To Restart the smart card services,

Click 'Start', type cmd, Right Click cmd.exe and then click Run as Administrator.
If the user control dialog box appears, confirm that the action it displays is what you want and then click Yes.
At the command prompt, type net stop scardsvr.
At the command prompt type net start scardsvr.
You can use the following command at command prompt to check whether service is running sc queryex scardsvr.

Problem 14: Process for re-installation of Smartcard Services.

Open Command Prompt by click on Start/Run and writing cmd. Then enter the following commands and validate by enter. Regsvr32 C:\Windows\system32\scardssp.dll and press enter after that scardsvr reinstall and press enter.

Problem 15: How to Manually Install a Smartcard Reader?

Click 'Start' type device manager in search programs and files box and then type enter. Double click other devices; Right click the Smartcard Reader devices, and the click 'Update Driver Software'. In the Update driver software windows, clicks browse my computer for driver software and then follow the prompts to locate and install driver. When the driver finish installing the Smartcard reader device is listed in Device Manager in the Smartcard Reader. If the token device already listed in Smartcard Reader same steps is used for update driver.

Problem 16: System Restore and Driver Rollback Instructions.

Option 1: Backup Your System Using System Restore.
System Restore works a lot like the Undo command in Microsoft Word. You can use System Restore to return to your previous driver version if you create a restore point prior to installing the driver. System Restore does not affect your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or email) so you won't lose changes made to these files after the restore point is created. Windows XP steps to create a restore point (before installing the new driver):

Click Start
Point to All Programs
Point to Accessories
Point to System Tools
Click System Restore
Click Create a restore point, and then click Next
Type a name to identify this restore point and click Create

To return to this restore point, from the same System Restore Wizard select Restore my computer to an earlier time. Then select the date you created the restore point from the calendar in the Select a Restore Point screen. All of the restore points you created and you computer created on the selected date are listed by name in the list box to the right of the calendar. Windows Vista or Windows 7 steps to create a restore point (before installing the new driver):

Click Start
Click Control Panel
Windows Vista: Click System and Maintenance and then System or simply System (in Classic view). Windows 7: Click System and Security and then System.
In the left pane, click System Protection
On the System Protection tab, Click Create
Type a name to identify this restore point and click Create

To return to this restore point, select System Restore on the same System Protection tab as above. Next select Choose a different restore point and click Next. Then select the date and name of the restore point that you created and click Next. Finally select Finish.

Option 2: Roll Back To Your Previous Driver If you install the newer driver without first uninstalling the previous version, you may be able to simply roll back your driver to the previous version using these steps: Windows XP steps to roll back your driver:

Click Start
Click Control Panel
Click Performance and Maintenance and then System (in Category view) or System (in Classic view)
Select the Hardware Tab
Click Device Manager
Double-click on Smart Card Readers
Double-click on your token
Select the Driver Tab
Click on Roll Back Driver

Windows Vista or Windows 7 steps to roll back your driver:

Click Start
Click Control Panel
Windows Vista: Click System and Maintenance and then System or simply System (in Classic view). Windows 7: Click System and Security and then System.
In the left pane, click Device Manager
Double-click on Smart Card Readers
Double-click on your token
Select the Driver Tab
Click on Roll Back Driver

Problem 17: Firefox Compatibility Problem.

Reason
	Mozilla Firefox 3.0 version does not allow applet to access the host file system, it prevents application tools to perform certain operation. In such case there will be alert messages like "System error: Undefined".
Resolution
	Open Firefox browser. In Address Bar enter about:config In search text area type applet Double click on the given result. It enables the applet to run in the Firefox browser.

Problem 18: Verification code(CAPTCHA) is not visible.

Reason
	Verification code (CAPTCHA) is an .png image file that are streamed from the server. The lower version browser (IE < 7.0) does not support .png image. Windows OS is not updated with latest service pack.
Resolution
	Upgrade the browser version to latest version (IE 7.0) or above. Update windows latest service pack. Else use Mozilla Firefox.

Problem 19: "File Signing Failed" due to space (or) special characters.

Reason
	If chosen file has special characters like (& # @ ).
Resolution
	Remove the special characters from the file name and start uploading it.

Problem 20: "Failure! Certificate trusted chain validation failed."

Reason
	Server is not updated with the particular CA certificate.
Resolution
	Update the CA certificate to the server repository (JKS in the java base dir).

Problem 21: "Applet is not started or initialized."

Reason
	Client workstation does not contain JRE (Java Runtime environment). The installed JRE is old version, which does not support the application implementation.
Resolution
	Download latest JRE updates from the sun java website/from the download option of the tender site and install in the client workstation.

Problem 22: Your browser does not support javascript.

Reason
	The client workstation browser is disabled with javascript option.
Resolution
	Enable the javascript option in IE. Goto Internet Options ⇨ security ⇨ Custom level ⇨ Enable scripting

Problem 23: "Page Authorization Error."

Reason
	The logged in user does not have the access rights to view the page. So system throws page authorization error. If any permission is not set in the configuration file.
Resolution
	The system admin has to configure the rights to a particular group of mail.

Problem 24: "Get Certificate Public Key Failed: There was an error while exporting the Key Blob."

Reason
	Required Prerequisites NxtCryptoSetup is not available or incorrect setup installed.
Resolution
	Download NxtCryptoSetup - For epass2003 Click Here For etoken Click Here For Browser Settings Click Here

Problem 25: How to uninstall Internet Explorer 11 and restore Previous version of Internet Explorer

Resolution

Open the Panel ⇨ Program and Features ⇨ Installed update ⇨ enter IE 11 in search box.
Right Click on entry and select uninstall.
After restarting the machine Go to Tools Menu ⇨ Internet Option ⇨ Advance Tab ⇨ and select Rest button ⇨ Check the Delete Personal Settings and select Reset button.
Un-installation of Internet Explorer 11 is required when some web site is not compatible with this version and we need to working in previous version. First try with development Tool if it's not working then uninstall IE 11. Development Tools are available in Internet Explorer Tool Menu. Here you will find different Browser Modes. This process only works in Windows 7 not for windows 8, because Windows 8 come with IE 11.

Ask a Question

Email ID *:
Type Question *: