 |
|
|
|
|
|
 |
|
||||
 |
|
 |
|
 |
|
 |
|
| Which
key is right for your security needs? Both the Enterprise and the SDK products are designed to work with the eToken, a USB authentication key,the size of an average house key. eToken offers two models of USB keys: eToken R2 and eToken PRO. Selecting the right key to meet your needs is a matter of cost and determining the kind of security needed. Both eToken models are identical in their physical casing, size and shape, and are equally robust, tamper and water-resistant. The eToken Pro is designed specifically to enable PKI based authentication and signing in a highly secure environment. The eToken R2 also fully supports PKI technology, by storing users' private key credentials on the token. Below is a chart with a brief comparison of the eToken R2 and eToken PRO keys: |
|
eToken
R2
|
eToken PRO |
| Encryption functions $ security standards: | |
| •
Uses a secure microcontroller (EEPROM), with 16K/32K bytes of secured memory, and a 120-bit DESX on-chip processor. • Provides full support for storage of PKI-based keys and certificates. • Enables compatible implementation with smartcard applications. • Supports PKCS#11, CAPI and Application Protocol Data Unit (APDU) APIs. |
•
Uses advanced smartcard chip technology, with on-chip cryptographic processing using RSA1024, 3xDES and SHA-1. • Supports PKCS#11, CAPI and APDU APIs. • Has ITSEC LE4 security certification approval. |
| On-board cryptographic functions: | |
| The
eToken R2 supports the DESX symmetric algorithm with 120-bit keys. eToken
R2 uses this algorithm internally to encrypt all sensitive data and to
perform the challenge-response user authentication protocol. The eToken R2 can be used as an encryption/decryption engine to protect information on a PC and the eToken. |
The
eToken PRO uses advanced Smartcard Chip technology that provides the following
on-chip cryptographic operations: • Asymmetric encryption/decryption and signing/verification with RSA keys up to 1024 bits long. • Symmetric DES and 3DES encryption, decryption and MACing with key lengths up to 168 bits long. • Message digesting using SHA-1 and optionally MD5 (through a downloadable module). The eToken PRO can perform a dual digest and signing operation on-chip. The rich feature set allows the eToken PRO to be used as a secure signing device and as an encryption/decryption engine to protect information on a PC. |
| Key generation: | |
| eToken R2 supports on-board key generation of symmetric Des-X keys. | The eToken PRO can generate truly random asymmetric RSA keys up to 1024 bits long. On average, generating a 1024-bit key takes 25 seconds. |
| Authentication challenges: | |
| The
eToken R2 has a pseudo-random number generator based on a truly random
seed and the DESX function, which is believed to be pseudo-random. As
such, the eToken R2 can be used only for logging in to the token.In order
to verify the password, eToken R2 generates a random challenge and sends
it to the PC. The response is verified against the stored password. This enables eToken to securely authenticate the user using two-factor authentication. |
The eToken PRO has a true hardware random number generator that is used internally for RSA key generation and authentication challenges. This offers strong PKI based authentcation. |
| Physical chip protection: | |
| The eToken R2 is implemented as a secure microcontroller and external EEPROM pair. The EEPROM is used to store all eToken data. Sensitive data, such as user data and encryption keys are encrypted on the EEPROM using DESX with keys stored in the microcontroller. These keys cannot be read or accessed in any way. | The eToken PRO is implemented in a secure chipcard that meets the ITSEC 4 standard. All data stored on the eToken PRO is stored internally within this chipcard and is intrinsically secure. |
| Access protection: | |
| The
eToken R2 differentiates between public, private and secret data. The
eToken can be in either a logged in or logged out state. Only the eToken R2 user can log in to the token by using the challenge response mechanism as detailed above. Once logged in, the user may read and write public and private data or write and use secret data. In the logged out state, it is only possible to read public data and use secret data. |
The
eToken PRO possesses a comprehensive access control mechanism that protects
data and keys stored on the eToken. Access to data can be controlled by a variety of mechanisms, such as challenge-response authentication or PIN entry. |
| USB Data Traffic Encryption: | |
| Once
the user is logged in to the eToken R2, sensitive data traffic is always
encrypted. eToken R2’s data traffic encryption uses DESX with a session
key randomly generated during the login procedure. The secret information on the eToken is accessible only after the correct password is verified, and cannot be retrieved without it. |
Data passing between the eToken PRO and the host computer is protected using secure messaging, a mechanism that enables selective encryption and/or authentication of data or traffic. Secure messaging uses the 3DES symmetric algorithm. |
| Contact unibrain for more information or your order, or click here for software updates |