What is eToken Enterprise? - tlk

More documents

Recommendations

Info

eToken R2 Features Hardware Random Number Generation The eToken PRO has a true hardware random number generator that is used internally for RSA key generation and authentication challenges. Physically Protected Chip The eToken PRO is implemented in a secure chipcard that meets the ITSEC 4 standard. All data stored on the eToken PRO is stored internally within this chipcard and is intrinsically secure. Access Protection The eToken PRO possesses a comprehensive access control mechanism that protects data and keys stored on the eToken. Access to data can be controlled by a variety of mechanisms, such as challenge-response authentication or PIN entry. USB Data Traffic Encryption Data passing between the eToken PRO and the host computer is protected using secure messaging, a mechanism that enables selective encryption and/or authentication of data or traffic. Secure messaging uses the 3DES symmetric algorithm. The eToken R2: Uses a secure microcontroller (EEPROM), with 16K/32K bytes of secured memory, and a 128-bit DESX on-chip processor. Provides full support for storage of PKI-based keys and certificates. Enables compatible implementation with smartcard applications. Supports PKCS#11, CAPI and Application Protocol Data Unit (APDU) APIs. On-board Cryptographic Functionality. The eToken R2 supports the DESX symmetric algorithm with 120-bit keys. eToken R2 uses this algorithm internally to encrypt all sensitive data and to perform the challenge-response user authentication protocol. The eToken R2 can be used as an encryption/decryption engine to protect information on a PC. 10 Introduction
RNG-based Challenge-response Logon The eToken R2 has a pseudo-random number generator based on a truly random seed and the DESX function, which is believed to be pseudo-random. As such, the eToken R2 can be used only for logging in to the token. In order to verify the password, eToken R2 generates a random challenge and sends it to the PC. The response is verified against the stored password. This enables eToken to securely authenticate the user using two-factor authentication. Physically Protected Chip The eToken R2 is implemented as a secure microcontroller and external EEPROM pair. The EEPROM is used to store all eToken data. Sensitive data, such as user data and encryption keys are encrypted on the EEPROM using DESX with keys stored in the microcontroller. These keys cannot be read or accessed in any way. Access Protection The eToken R2 differentiates between public, private and secret data. The eToken can be in either a logged in or logged out state. Only the eToken R2 user can log in to the token by using the challenge response mechanism as detailed above. Once logged in, the user may read and write public and private data or write and use secret data. In the logged out state, it is only possible to read public data and use secret data. Secure On-token Memory Storage An eToken R2, together with the correct password, can be used to store secret data securely. For example, storage of a password for an application can utilize this type of secure memory. eToken R2 provides a secure means for storing RSA keys. These keys can be used for signing messages and decrypting private information that was sent in a secure manner. USB Data Traffic Encryption Once the user is logged in to the eToken R2, sensitive data traffic is always encrypted. eToken R2’s data traffic encryption uses DESX with a session key randomly generated during the login procedure. The secret information on the eToken is accessible only after the correct password is verified, and cannot be retrieved without it. eToken Models 11
Page 1: Reference Guide Version 2.0
Page 4 and 5: iv ALADDIN KNOWLEDGE SYSTEMS LTD. E
Page 6 and 7: 7. Limitation of Remedies In the ev
Page 8 and 9: CE Compliance UL Certification ISO
Page 10 and 11: Getting Started with eToken . . . .
Page 12 and 13: What is eToken Enterprise? What is
Page 14 and 15: High security: Using a hardware key
Page 16 and 17: Logging into a company desktop Remo
Page 18 and 19: PKI Standards eToken supports the m
Page 22 and 23: eToken Enterprise Security Solution
Page 24 and 25: Digital Certificates Overview A dig
Page 26 and 27: Securing Email with Certificates Th
Page 28 and 29: Note Whenever you receive a digital
Page 30 and 31: Accounts Dept. Subordinate CA Certi
Page 32 and 33: Password Storage and Authentication
Page 34 and 35: 24 Security Concepts
Page 36 and 37: Minimum Requirements Note The follo
Page 38 and 39: In this case a warning message appe
Page 40 and 41: Your eToken extension cable package
Page 42 and 43: To personalize the eToken: 1 Insert
Page 44 and 45: The following dialog appears: 9 Ent
Page 46 and 47: Setting Up a New eToken User When a
Page 48 and 49: Problems and Possible Solutions The
Page 50 and 51: Checking USB Support In order for y
Page 52 and 53: 42 Troubleshooting
Page 54: K Key generation . . . . . . . . .

What is eToken Enterprise? - tlk

Create successful ePaper yourself

Delete template?

Save as template?