DIGIPASS™ Authentication Token DIGIPASS™ Token family consists of various DIGIPASS™ Authentication Token models to fit your security needs. DIGIPASS™ authentication token generates time- or event-synchronized one-time dynamic password and Challenge-Response to secure authentication, and even supports Digital-Signatures for signing online or offline transactions.
IDENTIKEY™ Authentication Server IDENTIKEY™ Authentication Server products combine seamlessly with DIGIPASS™ authentication token family to form an easy-to-use and -deploy total security solution. IDENTIKEY™ Servers support all DIGIPASS™ token features and are totally platform- and application-independent, fully scaleable to fit your existing applications. So that you do not have to re-build your systems but just add it on.
STRONG AUTHENTICATION HAS NEVER BEEN SO ULTRA-PORTABLE & ULTRA-EASY TO USE
The DIGIPASS™ GO1 provides affordable security in applications and networks where user acceptance is crucial. DIGIPASS™ GO1 can be used in the traditional banking market as well as in the corporate networking and e-commerce markets. In both markets, security flaws due to statistic passwords as PIN (Personal Identification Number) and TAN (TransAction Number) are imminent.
DIGIPASS™ GO1 is ultra-portable and can be used anywhere, anyhow and at any time. It can be carried in a shirt pocket, clipped on a belt, worn on a necklace or as a classy key holder. This is reinforced by its stylish design. The combination of aesthetics and security will ensure that users will like to deploy and to wear the DIGIPASS™ GO1.
For security in applications and networks, user application is absolutely crucial. Balance that against the need for an affordable solution that is very easy to use. DIGIPASS™ GO1 offers all that in an attractive, smooth design. What's more? It can be carried easily in a pocket, on a keyring or clipped to a belt for true "anywhere, anytime and anyhow" security.
DIGIPASS™ GO1 - PRODUCT BRIEF
EASY TO USE The DIGIPASS™ GO1 offers the ultimate in user-friendly high security. With a simple and easy click users open the DIGIPASS™ GO1 and an unique One-Time-Password is displayed on the high contrast LCD. All they need to do is read it and key it into their application - wherever. So it can be combined with different platforms, like PCs, telephones, Internet kiosks, or mobile phones.
EASY TO DEPLOY The DIGIPASS™ GO1 is rapidly integrated into existing networks. So any static password in an application can be replaced to greatly improve to a dynamic password security system. Once the token is uniquely programmed and distributed to the user, they no longer need to contact the network manager. A PIN is not even needed to lock DIGIPASS™ GO1 token. The long battery lifespan of 5 years yields a very high Return On Investment. DIGIPASS™ GO1 can even be re-use by reprogramming with new and unique encryption keys and/or algorithms.
SECURITY WITHIN EVERYBODY'S REACH Not all security measures require sophisticated procedures with multiple fields to be entered. When strong authentication is secure enough, e.g. in corporate networking or remote access to banking applications, users tend to accept simpler devices. When the design is stylish and the user is given the final choice of how to use it, then half of the acceptance battle is already won. DIGIPASS™ GO1 offers the use with a choice to carry it in a pocket or around his / her neck for moving within the company, on a keyring so as not to forget it in the morning or clipped to a belt like a mobile phone. So user acceptance is considerably enhanced, and network management intervention is reduced to the strict minimum.
DIGIPASS™ GO1 - KEY FEATURES
Comes with complete accessories to carry it in a pocket, around the neck, on a keyring or on a belt.
Only weights 29 grams
Dimension: 15 X 35 X 68 mm (H X W X L)
8-character LCD display
Activated automatically when window is slid open
DES or 3-DES algorithm
Real-time clock embedded
Compatible with DIGIPASS™ family tokens
Programming with DIGIPASS™ Programmer toolkit
Combining a PC PIN entry is possbile
Expected batter lifespan of 5 years
Time and Even Synchronous
ULTRA-PORTABLE, STRONG AUTHENTICATION FOR HIGHEST CONVENIENCE & USER ACCEPTABILITY
User acceptance of security tools is a crucial factor in guaranteeing the success of security solution implementations for secure access to remote applications and networks. An alternative to the risk that static PINs and TAN lists pose, the DIGIPASS™ GO3 is very affordable, ultra-user friendly, and quick and efficient to rollout to users. These advantages allow you to close all security gaps in user authentication in a matter of hours.
The GO3 is also able to carry corporate logos, branding and custom colours to suit your business. The DIGIPASS™ GO3 is the perfect balance between an elegant design, and an unrivaled degree of portability and affordability in an easy to use security device.
DIGIPASS™ GO3 - PRODUCT BRIEF
EASY TO USE
The touch of a button?encapsulates all that busy users could want in a device that their employer requires them to use. The DIGIPASS™ GO3 is very small, and features a high contrast LCD display and a single button. This combination offers the ultimate in user-friendliness and high security: One push on the button and the DIGIPASS™ GO3 shows a unique one-time password on its LCD display. The user then enters this one-time password into their application login screen.
The DIGIPASS™ GO3 can be combined with different platforms, including PCs, telephones, Internet kiosks and mobiles phones, making its use practically anywhere at anytime a plus for users and organisations alike.
EASY TO DEPLOY
The integration of DIGIPASS™ GO3 into existing networks is simple and fast. Any static password or existing TAN (pre-printed lists of TransAction Numbers) numbers can be replaced instantly with the more secure DIGIPASS™ GO3 dynamic password. Once the unit has been programmed (to suit your authentication needs) and is handed over to the user, there is no need to read lengthy manuals or call on the network manager. Itís use is obvious and simple, requiring virtually no support or training. Unlike other tokens, the user cannot lock the DIGIPASS™ GO3, as no PIN entry is required. If required, the DIGIPASS™ GO3 can be reprogrammed for distribution to another user in cases where an employee is promoted, or even leaves the company.
DIGIPASS™ GO3 is fully interoperable with all members of the DIGIPASS™ family and works seamlessly together with the VACMAN Controller or Vacman Server and over 50 vendor applications to ensure deployment at the lowest total cost of ownership.
SECURITY WITHIN EVERYBODY'S REACH
Not all security measures require sophisticated procedures with multiple steps and physical entries required to authenticate users. Neither should it pose a large expense... the DIGIPASS™ GO3 normal battery lifetime of 5 years and beyond offers a very high return of investment. Strong authentication using DIGIPASS™ GO3 is the simply implemented, affordable solution. Whether in corporate networking or remote access to banking information - users more readily accept simpler devices that guarantee secure access.
Whatís more, the DIGIPASS™ GO3 can be:
Carried on a key chain
Attached to an existing proximity card
Worn around the neck, or
Simply be carried in a pocket or purse!
When the design is stylish and the user is not confronted with procedures or difficult to use tools, the acceptance battle is won.
DIGIPASS™ GO3 - KEY FEATURES
So light to go - Only 10 grams in weight, including battery.
So small to carry - 12.5 x 30 x 60 mm (H x W x L)
8-character LCD display
Activated by pushing a single button
DES or 3-DES
Real-time clock embedded
Time synchronous or Time and Event synchronous encryption
Optional PIN protection on a PC
Expected 5 years battery lifespan
Personalization parameters to make it unique
STRONG AUTHENTICATION & DIGITAL SIGNATURE FOR PDA MOBILE SECURITY
Pocket PC's are merging with mobile phones, digital cameras, digital music players, GPS receivers thus becoming all-in-one universal digital assistants. DIGIPASS™ for Pocket PC adds yet another functionality: it turns the Pocket PC into a personal hardware security token.
With DIGIPASS™ for Pocket PC, the Pocket PC or smart phone becomes a hardware token providing one-time passwords, challenge - response remote authentication and digital signatures. This transformation is achieved in pure software so no extension slots, no wires, no add-on modules to tangle with.
Many Pocket PC devices have wireless connectivity capabilities, relying on WAP, GPRS or similar technologies. With such connected Pocket PC's, DIGIPASS™ provides strong user authentication and digital signatures for over-the-air mobile commerce transactions.
Multiple profile support is one of the many features of the DIGIPASS™ for Pocket PC. It allows more than one virtual token on one Pocket PC, each with its own secret key for access to different servers, networks and web sites.
DIGIPASS™ PRO200 protects access to corporate networks, e-business and e-commerce applications by eliminating the weakest link in the security infrastructure: the use of static passwords.
Unlike human-created passwords that are easily stolen, guessed, reused, or shared, DIGIPASS™ PRO200 generates single-use passwords that change every 36 seconds. Protect the network from the inside-out, for internal employees on their desktop machines to the outside remote users on their laptops. DIGIPASS™ PRO200 offers secure remote access and extended digital signature capabilities on PDAs and smart phones.
DIGIPASS™ PRO200 - PRODUCT BRIEF
ANOTHER STEP TOWARDS DIGITAL CONVERGENCE PDAs are merging with mobile phones, digital cameras, digital music players. GPS receivers and becoming all-in-one universal digital assistants. DIGIPASS™ PRO200 adds yet another functionality: it turns the PDA into a personal hardware security device.
STRONG AUTHENTICATION FOR M-COMMERCE Many PDA devices have wireless connectivity, relying on WAP, GPRS or similar technologies. As a result, PDA's enabled with DIGIPASS™ PRO200 provide strong user authentication and Digital-Signatures for wireless mobile commerce transaction. DIGIPASS™ PRO200 provides end-to-end secure data exchange, between the end-user and the m-commerce store or bank. It does not rely on the underlying wireless connectivity infrastructure. DIGIPASS™ works equally well over mobile phones, GPRS or 3G networks.
WORK OFF-LINE OR OVER LAGACY NETWORKS: ANYTIME AND ANYWHERE DIGIPASS™ PRO200 can work on-line, off-line or wirelessly. DIGIPASS™ One-Time-Passwords and digital signatures can be communicated over any available medium. Telephone lines, Internet, VPN, corporate LAN, Kiosks or even fax - everything will do. DIGIPASS™ can also be used for traditional touch-tone phone banking. One-time passwords can even be used with a live operator by voice: truly anytime, anywhere connectivity.
ONE DEVICE TO ACCESS MULTIPLE NETWORKS AND WEB SITES DIGIPASS™ PRO200 allows more than one virtual token in one PDA, each with its own secret key for access to different servers, networks and web sites.
EASY TO DEPLOY DIGIPASS™ PRO200 can be easily installed by individual end-users or centrally deployed throughout the organizations. It is installed in a straightforward, wizard-assisted process with a customary use of the cradle and the specific Sync technology.
Two types of activation are supported:
(i) offline, whereby each client receives a personalization file and activation code;
(ii) online / interactive, allows initialization via e-mail or telephone.
DIGIPASS™ PRO200 Pocket PC: Windows CE 3.0, Pocket PC 2002
DIGIPASS™ PRO200 Palm: PalmOS 3.0 and higher
DIGIPASS™ PRO200 Symbian: Symbian OS 6.x Crystal & Quartz
DIGIPASS™ PRO200 - KEY FEATURES
Remote user authentication with One-Time-Passwords or Challenge-Response
Digital-Signatures (message authentication codes)
Mobile commerce, mobile banking, etc.
Traditional phone / fax banking
Network security, remote office, telecommuting
Wireless protocol agnostic: works over TDMA, CDMA, GSM, GPRS or 3G networks
Works off-line or over legacy networks: LAN, dial-up modems, Internet, fax, voice. Operational when no wireless connection available
Compatible with all DIGIPASS™ family members and server tools
Multiple profile support: one PDA to access all networks and web sites
DIGIPASS™ PRO200 - PASSWORD MANAGEMENT
User-chosen and changeable password
The system operator defines usage and length of the password
Locks after a certain number of invalid password entries
In the "Unlock mode", a reversed Challenge-Response scheme can be employed to re-activate a locked DIGIPASS™ PRO200
DIGIPASS™ PRO200 - CRYPTOGRAPHIC FEATURES
Data Encryption standard (DES) and triple DES
Challenge input up to 16 digits long.
Responses are shown in decimal or hexadecimal format
Different functions can be assigned to each application:
Time independent response with external Challenge (X9.9)
Time-based response with external challenge
Event-based response with external challenge
Time-based one-time password generation
Event-based one-time password generation
Time- and Event-based one-time password generation
A single check digit (per ISO 7064-6) can be applied on the Challenge and / or Response
SECURE ACCESS & USER AUTHENTICATION FOR NEW E-BANKING SERVICES WITH ONE-TIME PASSWORD AND DIGITAL-SIGNATURE
The handheld DIGIPASS™ PRO300 provides financial institutions and companies with a secure means of customer or employee identification and authentication for remote access to their computer systems and networks. The DIGIPASS™ Pro 300 is ideally suited for large public banking applications such as telebanking, home banking, PC banking, phone banking and Internet banking where authentication and e-signatures are key requirements.
The user interface has been conceived to work in an intuitive way, requiring a minimum number of keystrokes, so that the user can start using the DIGIPASS™ PRO300 almost without referring to a user guide. Thanks to the optical interface, the user can even read challenges directly from the computer screen.
The small hand-held DIGIPASS™ PRO300 authentication device secures authetication in any network structures and eliminates weak links. DIGIPASS™ PRO300 generates an One-Time-Password that enables you to identify customers, employees and remote users who are accessing your computer systems or networks. Digital-Signature even enhance security by signing financial transactions. Most valuably, it provides secure access from any locations.
DIGIPASS™ PRO300 - PRODUCT BRIEF
STRONG TWO-FACTOR AUTHENTICATION DIGIPASS™ PRO300 security solution is based on Two-Factor Strong Authentication. To gain access to applications and services, users must have a Personal Identification Number (PIN) and a hand-held DIGIPASS™ PRO300. The PIN is entered onto the DIGIPASS™ PRO300 which then computes a time-based or even-based dynamic One-Time-Password. The One-Time-Password enables authorized access to the network resoources.
INTUITIVE USER INTERFACE AND ADVANCED DESIGN Made of robust and shock-resistant materials, with an intelligent power management battery of expected 7 to 10 years long lifespan, unique encrpytion parameters, make DIGIPASS™ PRO300 a reliable and yet secure total security solution. Its ergonomic keypad and simple user interface are so easy to use, neither technical training nor user guide is even needed. Universally recognizable LCD display icons walk user through simple operation steps.
MAXIMUM CUSTOMIZATION DIGIPASS™ PRO300 is designed to fit your specific applications. Security parameters such as PIN length, number of PIN trials, password length, type of cryptographic algorithm, challenge-response length, all are programmable to satisfy your needs. Results: you get an optimum balance of user-friendliness cost-efficiency and security.
BANKING WITH DIGIPASS™ PRO300 DIGIPASS™ PRO300 technology is deployed with success in wide array of application environments. For instances, more than 250 financial institutions around the world overcome security challenges of online-banking and -transaction, by deploying DIGIPASS™ PRO300 solution, without compromising existing infrastructures. Easy-to- deploy and -use DIGIPASS™ PRO300 solutions provide high security and total reliable e-banking services via phone, fax, and Internet. Treating security issues seriously and effectively, their existing customers' loyalty is increased while offering potential new customers the benefit of heightened security.
SAFER INTERNET TRANSACTION, MORE OPPORTUNITY DIGIPASS™ PRO300 technology enhances the security of your web services and help you regain your total control. Whether it is using DIGIPASS™ PRO300 to generate dynamic One-Time-Password for restricted area logons or compute Digital Signatures for signing financial transactions, you have greater control over who is trying to perform what activity and hence competitive edge.
SECURING COPORATE NETWORKING, BUILDING COMPETITIVE ADVANTAGES Should Corporate Networking security be seriously addressed? Yes, because exchange of information is a competitive advantage to put your corporation staying ahead of the curve. And itís vital to keep this alive, securing corporate computing is as important as money transaction and security must not be deminished. DIGIPASS™ PRO300 provides highly secure solutions for guarding against breaches of confidentiality and unauthoirzed access to corporate data resources. Furthermore, DIGIPASS™ PRO300 technology wins high scores for offering more functionality and flexibility at a low total cost of ownership.
DIGIPASS™ PRO300 - KEY FEATURES
Internal real-time clock
Intelligent Power Management conserves battery life
Expected 7 to 10 years lifespan battery
PIN is user changeable
PIN Trial-and-Lock self-protect system
Remote Unlocking mechanism
Usage period controllable
ON/OFF/ERASE functions on a single button
Unique Initialization per DIGIPASS™ PRO300
Total control on Initialization
Administratively defined PIN length, PIN trials, password length, transaction parameters
Optical Interface for Initialization/reading Challenge-code or transaction parameters
Digital-Signature guarantees transmitted data integrity
Size: 85 x 47 x 15 mm
Weight: 37 grams
DIGIPASS™ PRO300 - CRYPTOGRAPHIC CHARATERISTICS
Conforming Data Encryption Standard (DES or Triple-DES options)
Programmable number of applications with unique DES key and parameters
Up to 16 Challenge digits for Responses computing
Manually key in or optically read from any computer monitor of Challenge code or transaction parameters for Digital-Signature computing
Decimal or hexadecimal format Response options
Optional Check-Digit (ISO 7064-6 standard) for Challenge and/or Response approach
Time- and Event-based One-Time-Password
Time-based Response with external Challenge
Event-based Response with external Challenge
Time-independent Response with external Challenge (X9.9)
SECURE YOUR NETWORK RESOURCES WITH THE STYLISH, STATE-OF-THE-ART DESIGN DIGIPASS™ PRO560. WITH DIGIPASS™ PRO560, YOU CAN OFFER STRONG AUTHENTICATION & DIGITAL-SIGNATURE IN YOUR OWN LANGUAGE.
DIGIPASS™ PRO560 is an authentication code generator that provides secure customer or employee identification for access to computer systems. At the same time it can generate e-signature and even host authentication.
Financial institutions and other companies are aware that user log-on names and static passwords are insufficient for user authentication, as they can easily be stolen and misused. Strong authentication is the solution to this problem.
DIGIPASS™ PRO560's security is based on two-factor strong authentication; combining something the user possesses (a DIGIPASS™ token) and something the user knows (a PIN to access the DIGIPASS™).
DIGIPASS™ PRO560 eliminates the weakest link in any security structure, i.e. the use of static passwords. DIGIPASS™ PRO560 generates an One-Time-Password that enables you to identify customers, employees and remote users who are accessing your computer systems or networks. Digital-Signatures mechanism can be deploy to further secure the electronic transactions.
DIGIPASS™ PRO560 - PRODUCT BRIEF
STRONG TWO-FACTOR AUTHENTICATION DIGIPASS™ PRO560 is based on strong two-factor authentication. To gain access to applications and services, you need to use DIGIPASS™ PRO560 to generate a dynamic One-Time password, that is used for secure strong authentication.
INTUITIVE USER INTERFACE AND ADVANCED DESIGN Made of robust and shock-resistant materials, with contemporary & sleek design, DIGIPASS™ PRO560 comes with an integrated hard-cover. All these make DIGIPASS™ PRO560 a reliable and yet essential part of any enterprise security solution. Its ergonomic keypad and bitmap LCD display supporting special characters and customized messages, make it easy to use. Programmable messages walk end-user through the entire operation. DIGIPASS™ PRO560 enhances DIGIPASS™ family in offering new features such as a Personal Unlocking Key (PUK), which is widely used in mobile handsets. Now, DIGIPASS™ PRO560 also supports AES, the future encryption standard.
MAXIMUM FLEXIBILITY DIGIPASS™ PRO560 is scaleable to meet your specific applications. Security parameters such as PIN length, number of PIN trials, types of cryptographic algorithm, Challenge-Response length, are all programmable. Furthermore, if the use locks his DIGIPASS™ due to a forgotten PIN, he can unlock it with a PUK. Result: you get an optimum balance of user-acceptance, cost-efficiency and security.
BANKING WITH DIGIPASS™ DIGIPASS™ PRO560 technology is deployed with success in wide array of application environments. For instances, more than 250 financial institutions around the world overcome security challenges of online-banking and -transaction, by deploying DIGIPASS™ PRO560 solution, without compromising existing infrastructures. Easy-to- deploy and -use DIGIPASS™ PRO560 solutions provide high security and total reliable e-banking services via phone, fax, and Internet. Treating security issues seriously and effectively, their existing customers' loyalty is increased while offering potential new customers the benefit of heightened security.
DIGIPASS™ PRO560 - KEY FEATURES
Internal real-time clock
Charaters, messages & logos can be fully specified for instructions or marketing purposes
Support up to 4 different languages
Possibility to use default account number, internal counter and decimal numbers (e.g. amount of money) in Digital-Signature
Diagnostic features like display internal time, serial number, and battery level.
Expected 5 years battery lifespan
PIN is user changeable - optional PIN and its length can be selected
PIN Trial-and-Lock self-protect system
Remote Unlocking or PUK Local Unlocking mechanisms
Fully cutomization of secrets and options done by DIGILINK station
Digital-Signature guarantees transmitted data integrity
Tactile keypad technology with 11 silicon rubber keys + 1 jog dial
Integrated hard cover to protect display and keypad
Large display with one line of 9 by 60 dots to allow for logo and language specific characters
Size: 88 x 59 x 7 mm
Weight: 41 grams
DIGIPASS™ PRO560 - CRYPTOGRAPHIC FEATURES
Conforms DES (Data Encryption Standard) and Triple-DES, enabling the highest possible level of logical security
Conforms AED (Advanced Encryption Standard), future encryption standard compatible
Supports 4 different platform-independent applications or hosts at maximum, each for authentication or signature, or both.
Extended signatures are possible by using signature counter
Variable length Challenge input and Response output (decimal or hexadecimal formats)
Possibility to add check-digit on the Challenge and/or Response
Supports all cryptographic modes of DIGIPASS™ PRO 250, 300 and 700
SIMPLIFY YOUR ADVANCED REMOTE-USER AUTHENTICATION & TRANSACTIONS
With the DIGIPASS™ PRO700, secure network access and complex digital signatures become possible without putting any extra burden on the user.
The DIGIPASS™ PRO700 enables network access specialists to bring the overall remote access security to a superior level while building an incredibly flexible, economic and yet user-friendly security infrastructure. They can define several applications, each with the most appropriate settings, just by changing parameters (e.g. PIN length, number of trials, lengths of challenge, concatenated fields).
The easy-to-follow, on-screen instructions and the large, comfortable keypad make the user immediately familiar with the DIGIPASS™ PRO700. With all display messages programmable and in their native language, the use of the token becomes simple, even for the most complex authentication schemes.
Belonging to the DIGIPASS™ family, it benefits from all existing programming and authentication software that already supports the other family members.
Secure access to more advanced applications is a reality with the DIGIPASS™ PRO700, a security solution that fits in the palm of your hand. Supporting 8 independent applications at maximum, the DIGIPASS™ PRO700 boasts a remarkable index of features that enable security managers and application owners to easily enhance their network security.
DIGIPASS™ PRO700 - PRODUCT BRIEF
STRONG TWO-FACTOR AUTHENTICATION The DIGIPASS™ PRO700 solutions is based on strong two-factor authentication. To gain access to applications and services you must have a PIN (Personal Identification Number) and a handheld DIGIPASS™ Pro700. The PIN code is entered into the DIGIPASS™ Pro700 so as to activate it, DIGIPASS™ Pro700 then calculates an One-Time dynamic password that is used for secured authentication to the system resources.
EASE OF USE With 3-line LCD display, that can display application-specific information, the DIGIPASS™ PRO700 is ideally suited for sophisticated or complicated transactions. Its object-oriented concept allows it to fit into existing user interfaces and terminology, specific application customization is even possible, now. Up to 8 independent applications at maximum can be hosted with no less than 64 messages in two languages - logos and country-specific language characters. Security manager can program user guides, walk-through, marketing messages, etc into the DIGIPASS™ Pro700. As a result, the user can execute highly sophisticated operations or transactions in total secured manner without the need for training manuals. DIGIPASS™ Pro700 offers security managers, application owners and users the full benefits of "triple-A" security - Anywhere, Anyhow, and Anytime.
EASY TO IMPLEMENT AND MANAGE DIGIPASS™ Pro700 is easily customized to your specific applications. Administrators can fine-tune this security solution to meet specific application needs, form PIN length and number of PIN trials to challenge and response length. Initialization of DIGIPASS™ Pro700 is a fast, secure and manageable process, resulting in the optimum balance of use-friendliness, cost-efficiency and security.
DIGIPASS™ PRO700 - KEY FEATURES
Programmable use interfaces in two-languages - graphical and character languages
On-screen messages guide the user and further simplify helpdesk queries
Color and logo options offer strong branding
High contrast 12-digit, 3-line LCD display (1 line for icons, 1 line 7 x 5 dot-matrix and 1 line 7-segment for optimal legibility)
Tactile keypad technology with silicone rubber key tops (16 keys)
Integlligent battery management give a life expectancy of 7 years
Dimmensions: 90 x 60 x 10 mm (L x W x H)
Weight: 35 grams
DIGIPASS™ PRO700 - CRYPTOGRAPHIC FEATURES
Supports DES (Data Encryption Standard) and Triple-DES, enabling the highest possible level of logical security
Supports 8 different platform-independent applications or hosts at maximum, each with unique keys and parameters
Digital-Signatures can be calculated based on fractional (left- or right-aligned) amounts, hidden or visible counters, default values and time stamps.
Up to 24 digits of challenge or data field input can be keyed in or read from a computer screen with optical interface
Responses or Digital-Signatures are shown on the display in decimal or hexadecimal formats (24-digit at maximum). An optional check-digit (ISO-7064-6 basis) can be applied on Challenge, Response and Digital-Signature functions.
Supports full range of time- and event-based authentication mechanisms, using the internal and unalterable real-time clock
Mutual signature verification allows small groups to be authenticated, eliminating the need for a dedicated server.
PORTABLE INTELLIGENT SMART CARD READER WITH STRONG AUTHENTICATION & DIGITAL SIGNATURES
The DIGIPASS™ PRO800 brings token technology to the immense, worldwide installed base of smart cards. This smart card can be a banking smart card (e.g. with electronic purse functionality) but can also be any private scheme smart card.
The philosophy of the DIGIPASS™ PRO800 is based on a brand-new factory-to-field concept. In this concept, the DIGIPASS™ PRO800 is distributed immediately to the field in large volumes, without requiring any intermediate personalization. With smart cards this personalization has, in fact, already been done and is re-used. This means that any user taking any DIGIPASS™ PRO800 converts it into his own token simply by inserting his personal smart card. Hence the cost of ownership of such authentication system becomes a fraction of that of a separate system that requires administration, distribution and initialization of tokens.
The DIGIPASS™ PRO800 is used unconnected and performs as a normal DIGIPASS™ - performing strong authentication and e-Signatures, all combined with a long battery lifetime.
Want to achieve stronger network security? Looking for a flexible & expandable way to leverage your investments in smart cards without the cost of specialized programming? The highly portable DIGIPASS™ PRO800 smart card reader offers unparalleled value and security, at any time and from any place.
DIGIPASS™ PRO800 - PRODUCT BRIEF
EASY TO IMPLEMENT AND MANAGE Smart card issuers such as financial institutions, banks, telecom operators, ASPís, distribution companies ... can deploy the DIGIPASS™ PRO800 smart card reader quickly and cost-effectively. Itís less expensive than standard smart card readers, with no software drivers to install or specialized programming required. In addition, the systemís so simple and easy to manage, help-desk costs are minimized.
Best of all, organisations already using other DIGIPASS™ authentication devices can seamlessly migrate to the DIGIPASS™ PRO800 without changing the security infrastructure thatís already in place.
HOW DOES DIGIPASS™ PRO800 WORKS? The DIGIPASS™ PRO800 smart card-reader can be used at any time, from any place and on any platform (PC or MAC, telephone or Internet). Just insert the smart card into the DIGIPASS™ PRO800 and enter the cardís Personal Identification Number (PIN). Unique secrets are automatically created, personalising the reader for that particular user. As soon as the card is removed, it reverts to a blank screen.
The strength of DIGIPASS™ PRO800 security is based on Two-Factor authentication approach, which are:
1. Something the user possess: the smart card
2. Something the user knows: the smart card PIN
All data entry is done on a telephone-like keypad. Instructions and graphics are displayed on DIGIPASS™ PRO800's 2-line LCD display. the user is prompted every step of the way, receiving corrective prompts when errors are made.
FACTORY TO FIELD The DIGIPASS™ PRO800 initialises itself and becomes unique at the moment that a user inserts his smart card and enters his PIN. As soon as the card is removed from the DIGIPASS™ PRO800, all secrets are immediately erased. As DIGIPASS™ PRO800 is platform independent and needs no personalization prior delivery to the customer, every reader is identical. Therefore it can be produced and distributed in a very cost-effective and easy way.
OPEN AND SECURE ACCESS Since the DIGIPASS™ PRO800 is a self-initialising authentication device that is unconnected, it offers secure remote access at any time, from any place, on any platform (PC or MAC, telephone, Internet, etc.). As soon as the card is removed from the DIGIPASS™ PRO800, all secrets are immediately erased.
AUTHENTICATION SERVICES Once activated, DIGIPASS™ PRO800 can generate dynamic One-Time-Passwords to log-on remotely to computer networks, compute Digital Signatures to sign transactions or accept Challenge messages and computes the corresponding Responses.
LOW COST OF OWNERSHIP DIGIPASS™ PRO800 eliminates the need to provide customers with a smart card and a separate authentication token. It combines the instrinsic security of the smart card with the advantages of unconnected tokens. In Addition, DIGIPASS™ PRO800 requires no extra personalization by the network owner and can be delivered in bulk. DIGIPASS™ PRO800 allows you to reduce the total cost of ownership of your security infrastructure by lowering the number of support calls on your helpdesk.
DIGIPASS™ PRO800 - KEY FEATURES
High-contrast, 10-character, 2-line LCD (1 line 60 X 7 dot-matrix line + 1 line of 14-segment characters)
Tactile keypad with silicon rubber keys
Intelligent battery management for a 3-5 years lifespan
DES and 3-DES supported
Real-time clock embedded
PIN Trial-and-Lock self-protect system
Compatible with ISO7816 smart cards
Support of T=0 and T=1 smart cards
Compatible with existing host systems for any DIGIPASS™ family tokens
Dimension: 63X 95 X 16 mm
Weight: 58 gram
DIGIPASS™ PRODUCT COMPARISON TABLE
DIGIPASS™ TOKEN FAMILY
Algorithm Option: Time/Event/Challenge
time event -
time event -
time event challenge
time event challenge
time event challenge
time event challenge
time event challenge
DES / 3-DES
Challenge-Response Unlocking (Remote)
Puk Code Unlocking (Local)
N° Of Application
4 × 2
prog or smartcard
Expected Lifespan (In Year)
easy & mini
easy & mini
portable & functional
long-life & functional
message in multiple languages
complex digital signature
security + reader
INTEGRATE STRONG AUTHENTICATION INTO YOUR APPLICATIONS WITHOUT REWRITING THE CODES
Effective network security demands a partnership between system administrators and authorized users. Unfortunately, you cannot always count on users to change their passwords regularly and that creates an invitation to hackers.
VACMAN™ Controller - PRODUCT BRIEF
VACMAN™ Controller can reliably secure any part of your network without requiring changes to your existing applications. Simply link VACMAN™ Controller to the application, and it automatically handles login requests from any users youíve authorized to have a DIGIPASS™ token. It is that easy.
ZERO KNOWLEDGE INTEGRATION Designed by specialists in system entry security, VACMAN™ Controller makes it easy to administer a high level of access control. You simply add a field to your existing user database, describing the unique DIGIPASS™ token assigned to the user. VACMAN™ Controller takes it from there, automatically authenticating the logon request using the security sequence you specify, whether it is a One-Time-Password using dynamic One-Time-Password or a Challenge-Response authentication mechanism or a transaction signing Digital-Signature.
You may also specify what type of DIGIPASS™ you give your customer; from the small DIGIPASS™ GO1, or PRO300 to the sophisticated smart card based DIGIPASS™ PRO800, or even PDA or PC based DIGIPASS™ Soft version.
Simply tailor your security solution according to the needs of your company.
ACHIEVE LOW TOTAL COST OF OWNERSHIP VACMAN™ Controller is a cost-effective solution requiring only a couple of days to implement. Provide your company the flexibility to follow new standards and developments in network security. A low, total cost of ownership is a reality with VACMAN™ Controller.
UNMATCHED VERSATILITY VACMAN™ Controller gives you the freedom to offer remote access to nearly any type of application, from simple data exchanges to full-fledged e-commerce solutions. Thereís no need to limit the applications you make available to remote users, because VACMAN™ Controller can provide precisely the level of strong authentication you require (including a full range of time and/or event-based security schemes).
HASSLE-FREE STRONG AUTHENTICATION It used to be anything but easy to implement a strong authentication security scheme. You could buy a specific access control server, only to find that itís often tough to configure to work with existing applications. Or you could build a custom solution, putting a new burden on the IT department with no guarantee that your home-grown approach would provide an adequate level of security.
VACMAN™ Controller offers a flexible alternative: an API-type solution that provides strong security, while requiring minimal changes to your current system. Just build a few calls into your applications, then it is up and running. It is a long-term solution because upgrades are available through a maintenance contract, to ensure that your access control system will always incorporate the latest in encryption technology standards and new additions to the DIGIPASS™ family tokens.
MULTI-PLATFORM SUPPORT VACMAN™ Controller protects your IT investment by offering security for nearly any operating system or platform. Itís a proven solution, operating flawlessly in many different environments today. VACMAN™ Controller is completely scaleable, supporting an unlimited number of authorized users.
VACMAN™ Controller - KEY FEATURES
Complete application independent
Support for most processors and platforms
ASCII and EBCDIC support
32-bit to 64-bit memory support
Multi-thread and multi-task aware code
Compatible with all current and future DIGIPASS™ family tokens
Various authentication approaches available:
Time and/or event based authentication mechanisms
Supports DES and 3-DES
PIN Trial-and-Lock self-protect system
Easy maintenance / upgrade
EASILY ADD STRONG AUTHENTICATION TO YOUR EXISTING REMOTE ACCESS SOLUTION
Your Firewalls and RADIUS servers solve a lot of problems, when it comes to provide remote access to the company network. Do you worry that unauthorized users may try to exploit your static passwords to their own advantage without your permission? Do you want to increase your network protection, promote your users productivity and do it without replacing or redesigning your remote access solution?
Now, with IDENTIKEY™ Server, you can!
IDENTIKEY™ Server - PRODUCT BRIEF
SOLID SECURITY = BUSINESS VALUE Remote Access is one of the most valuable and vulnerable areas in a corporate network. Without remote access, productivity can grind to a halt. Consider what would happen, for example, if your sales people, telecommuting employees, or customers lost access to your central database or other network resources. Today, you cannot afford to leave valuable corporate data and systems unprotected. IDENTIKEY™ Server is the simple and cost-effective solution to help you positively identify the remote users who are requesting access to your network.
POWERED BY DIGIPASS™ DIGIPASS™ strong authentication technology is specifically designed to ensure that remote access doesnít become the weak link in your network security infrastructure. With a DIGIPASS™ token in hand, your authorized users will be able to prove that they are who they say they are - quickly and easily. They simply use an individually assigned DIGIPASS™ token to generate a dynamic One-Time-Password and theyíre in business.
EASY TO INTEGRATE IDENTIKEY™ Server makes things easy and yet highly secure on the network administratorís end, too. This solution can be used to tighten the security for remote access in ANY RADIUS environment. Itís designed to enforce DIGIPASS™ strong authentication technology in combination with any RADIUS server. But thatís not all: IDENTIKEY™ Server can also serve as a back-end authentication server to any RADIUS enabled firewall application. The secret? IDENTIKEY™ Server is an unique software offers RADIUS-proxying capabilities, in addition to strong support for the RADIUS protocol and DIGIPASS™ authentication devices.
COMPLETELY COMPATIBLE Once IDENTIKEY™ Server is installed and configured, you can use the Audit Console to monitor incoming and outgoing RADIUS traffic (or any other events) on the IDENTIKEY™ Server server. The Audit Console presents all the statistical information you need to manage your remote access environment - providing details on events that have occurred since IDENTIKEY™ Server started running, including:
number of information messages
errors and fatal errors
Both the Admin Graphical User Interface (GUI) and the Audit Console can be run remotely. Both are written in highly portable JAVA Swing-based code to fit future platform support. There are no hardware or software conflicts to worry handling all strong authentication challenges and about, because IDENTIKEY™ Server uses a non-intrusive method of enabling DIGIPASS™ authentication. Simply place IDENTIKEY™ Server between the NAS and your existing RADIUS server - without affecting the performance of either.
EASY TO ADMINISTER AND AUDIT IDENTIKEY™ Server fits seamlessly into any RADIUS environment without creating new management headaches. A single interface lets you assign and manage the DIGIPASS™ tokens you've distributed to authorized users, while automatically responses. This same tool also allows you to configure all the other features of IDENTIKEY™ Server.
AUTO-MANAGEMENT The IDENTIKEY™ Server solution is designed for easy administration, whether youíre authenticating a few dozen remote users, or tens of thousands. By combining powerful features - such as Dynamic User Registration, Auto Token Assign, and Token Graceperiod - the IDENTIKEY™ Server technology automatically manages itself after the initial configuration.
IDENTIKEY™ Server is extremely flexible, giving you many different ways to create user accounts and assign tokens. In addition to the Auto-Management method, the technology allows you to:
Import users and assign tokens from an input file
"Bulk assign" users and tokens that have been loaded into the database
Assign a token based on a user
Assign a token based on a token
Use command line interface (CLI) to create users and assign tokens
IDENTIKEY™ Server - KEY FEATURES
Why use IDENTIKEY™ Server?
Strong Two-Factor authentication IDENTIKEY™ Server and DIGIPASS™ solution eliminate the weakest link in any security structure, the use of static passwords. It is a turnkey solution that can be up and running in minutes, not hours or weeks.
Dynamic User Registration (DUR) Refers to the automatic expansion of the IDENTIKEY™ Server database to include users who are allowed to authenticate to the third party RADIUS Server. DUR creates the user in the database, if the user account is not yet present, and the third party authenticates the user.
Autolearn passwords Automatically learned passwords is a feature that allows static user passwords, assigned to the user on the back-end RADIUS server, to be autostored in the database. Upon valid DIGIPASS™ authentication in IDENTIKEY™ Server, the "autolearned" user password is automatically played to the back-end RADIUS server.
Token Auto Assign An unassigned DIGIPASS™ can automatically be assigned to a new user, whether the user was created by the Admin GUI or DUR. A logfile containing the assignment specific parameters (Serial Number, User-Id, User-Name, etc.) is then created.
User Passthru DIGIPASS™ and static password authentication are supported simultaneously. Passthru allows a user to be authenticated by the back-end RADIUS server without any treatment on the IDENTIKEY™ Server. This option can be activated globally, even to the user-level.
DIGIPASS™ Grace Period The user static password is accepted (for a certain period of time) even when a DIGIPASS™ has already been assigned. The grace period will end after the specified time has expired, OR at the first time the DIGIPASS™ is used within this period.
Admin GUI By using Admin GUI, administration can be run locally or remotely, it features all administration previleges such as: