your ultimate authentication solution - … - aptech.pdf · your ultimate authentication solution...

YOUR ULTIMATEAUTHENTICATION SOLUTION

A l a d d i n . c o m / e T o k e n

台灣代理商: 玉山科技股份有限公司

http://www.asiapeak.com

(02)77128295

e T o k e n O v e r v i e w

The Password Authentication Paradigm

In today’s business world, security in general - and user authentication in particular - are critical components in enabling business and protecting sensitive corporate information. By implementing strong user authentication solutions, you enable your customers, partners, and employees to boost their productivity by using your business applications wherever they are – in the office, at home, or on the road.

In a business world that requires your organization to be compliant with key industry regulations such as HIPAA, FDA, Sarbanes Oxley and Basel II, strong user authentication is a critical element in protecting information and individuals’ privacy.

Passwords, the primary tool for user authentication, can be easily stolen, lost, shared or cracked. Due to the need to manage multiple passwords and to ensure the effectiveness of passwords used, organizations have adopted stringent password policies. This has translated into more complex passwords and consequently, made them more difficult to remember. To cope, users are writing their passwords down, compromising the security they were meant to improve.

1

Aladdin’s eToken suite of strong authentication and password management solutions ensures that only authorized individuals access an organization’s sensitive information - enabling business, protecting data, lowering IT costs, and boosting user productivity.Source: IDC, «Worldwide Identity and Access Management 2007 - 2011 Forecast and 2006 Vendor Shares,Doc. # 207609, July, 2007

AUTHENTICATIONeToken - Your Ultimate Authentication Solution

Aladdin eToken provides strong authentication and password management solutions, offering:

• Enhanced security and ensured safe information access

• Cost-effective password management

• A means to safely carry your personal digital credentials with you, wherever you go

About the size of an average house key, Aladdin eToken is an easy to use and highly portable USB-based smartcard device. It enables both users and IT/security administrators to more effectively manage the authentication process by securely storing passwords, PKI keys and digital certificates, and other personal credentials onboard the eToken.

eToken provides strong two-factor user authentication

Something you have -

The eToken device

Something you know -

The eToken password



(02)77128295

SOLUTIONS


eToken Solutions

Today’s business world demands that you have instant and secure access to all your sensitive business assets, at any time from wherever you are. More than that, it demands that you do more with less. eToken delivers a broad platform of solutions to enable greater standardization, with lower deployment and management costs.

2

Secure Network AccessNetwork LogoneToken enables strong user authentication when logging on to protected network resources, supporting both smartcard logon technology using PKI and the native Microsoft password-based logon mechanism by storing users’ access credentials.

VPN Security (Secure Remote Access)eToken enables strong user authentication when remotely accessing the corporate network, offering seamless integration with leading VPN systems. eToken supports multiple VPN authentication methods including one-time passwords and digital certificates.

Web AccesseToken enables strong user authentication when accessing protected web resources and signing sensitive digital transactions. eToken supports multiple web authentication methods including one-time passwords and digital certificates.

Data SecurityPC/Boot Protection, File & Data Encryption

eToken offers seamless integration with many types of data protection systems, ranging from full disk encryption and boot protection, to specific folder and file encryption.

Secure E-mail

eToken offers e-mail encryption and signing with seamless connectivity to major e-mail clients using standard security features.

Digital Signing (Non-repudiation)Transactions and documents can be digitally signed with eToken through PKI technology, ensuring the authenticity of electronic transactions.

Password ManagementEnterprise Single Sign-OnWith eToken, users no longer need to remember passwords for different accounts – their single eToken password combined with their eToken device is all they need to securely access their network, web, and Windows-based applications. eToken manages the user’s credentials and automatically submits them to different application logon screens.



(02)77128295

APPLICATIONS

The eToken product offering provides a robust and flexible framework for integration with many of today’s leading security solutions, giving you a solution to all your strong authentication and password management needs.

PRODUCTSeToken Product Offering

eToken Security Applications

Strong AuthenticationeToken strong user authentication applications offer you the ultimate power and flexibility to secure access to your digital business resources. eToken provides strong user authentication by requiring both your personal eToken device (something you have) and your eToken password (something you know).

Public Key Infrastructure (PKI)

eToken PKI capabilities enable you to authenticate yourself, encrypt, and sign digital information with full confidence. With eToken PKI capabilities you can securely access your corporate network, secure your personal files, carry out e-commerce transactions, sign your e-mails, and much more – all with perfect mobility and strong protection.

e T o k e n O v e r v i e w3



(02)77128295

eToken enables you to simply and flexibly implement PKI-based strong user authentication and encryption

solutions in the Windows, Macintosh, and Linux environments, by securely generating and storing PKI private

keys and digital certificates onboard the token.

One-Time Password (OTP) AuthenticationeToken One-Time Password (OTP) authentication offers secure clientless network logon using one-time

passwords, giving you the versatility to securely log onto your network from wherever you are, without the

need for any client software installation or a USB connection.

The eToken OTP architecture includes the eToken RADIUS server for back-end OTP authentication, which

enables integration with any RADIUS-enabled gateway/application, including leading VPN solutions, web access

solutions, and more. The eToken RADIUS server utilizes the Active Directory infrastructure (via Aladdin TMS) for

user information.

eToken PKI and OTP authentication solutions include enterprise-level management with eToken TMS - The eToken Token Management System (TMS) enables full deployment and

life-cycle management of all eToken devices and the authentication solutions associated with

them in a single system.

A l a d d i n . c o m / e T o k e n 4



(02)77128295

Password ManagementeToken provides a secure token-based single sign-on solution for enterprises. With its set of easy-to-use applications, eToken enables you to securely store and manage all of your logon credentials on a single eToken device. You no longer need to remember numerous passwords for all of your applications and accounts - just your single eToken password.

eToken Single Sign-On (SSO)

eToken SSO secures and simplifies the logon process to all your enterprise and personal password-protected accounts - from initial network logon to entering your Windows-based and web-based applications - by securely storing your personal application logon credentials on the eToken smartcard and automatically submitting them during logon. All you need to do is connect the eToken to your computer and present your single eToken password to access all your protected applications.

eToken SSO removes the burden of remembering multiple passwords from users, significantly reducing the work load on the IT help desk and increasing security. Users can easily manage complex, unique passwords for each application, and comply with even the most stringent organizational password policies. For added security and ease of use, eToken SSO supports automatic handling of application password change requests and assignment of random passwords.

eToken SSO provides a simple, secure, and easy to deploy solution for managing passwords, inherently integrated with strong two-factor authentication. It requires no back-office integration or complex set-up efforts so you can quickly start reaping the benefits.

eToken SSO includes robust enterprise level management - Beyond offering secure and convenient access to users, eToken SSO also provides intuitive, easy-to-use management tools so that you can fully manage your users’ SSO usage and enable the use of the eToken to securely access your home-grown applications. eToken SSO is fully integrated with Aladdin’s eToken Token Management System (TMS), which provides administrators with a full suite of token management services including eToken deployment and revocation, user self-service password reset, backup/restoration of user credentials, and a solution for employee on the road lost token situations.




(02)77128295

eToken Web Sign-On (WSO)

eToken WSO enables easy, convenient and secure storage and management of all of your web logon and access credentials. Your personal web form credentials can be securely saved on the eToken smartcard and accessed only by you. You no longer need to memorize all your web account passwords and other credentials; all you need to do is to connect your eToken to the computer and enter your eToken password.

WSO integrates into your browser with a user-friendly toolbar that enables you to easily save web form credentials on the eToken, automatically fill in saved web forms, and manage your saved credentials.

eToken stores much more than passwords – it can securely hold all logon information including PIN numbers, account numbers, credit card details, telephone numbers, URLs, expiration dates and account notes.

eToken Network Logon

The eToken Network Logon application provides a cost-effective and secure method for implementing token-based strong authentication to networks.

eToken can store your username, password, and domain name for network access and communicates with the Microsoft network logon (GINA) mechanism. All you need to do is connect your eToken and enter the eToken password to gain network access.

eToken Network Logon includes robust enterprise level management - The eToken Network Logon

offering is fully integrated with the Aladdin’s eToken Token Management System (TMS), providing full

deployment and life cycle management capabilities for all of your users’ tokens and the eToken network logon

solutions associated with them.

ADVANCEDPASSWORD

MANAGEMENT




(02)77128295

Identity & Token Management

eToken Token Management System (TMS)

The eToken Token Management System (TMS) is a robust system that provides full life-cycle management of the eToken solution within an organization. TMS links security devices with users, organizational rules, and the associated security applications in a single automated and fully configurable system, enabling centralized management of any mix of eToken authentication devices and technologies including PKI, OTP, and password-based authentication.

eToken TMS provides powerful tools so that you can cost-effectively and conveniently handle all aspects of token life-cycle management. TMS capabilities include token deployment and revocation, web-based user self-service token enrollment and password reset, automatic backup and restore of user credentials, handling of lost and damaged tokens including a solution for employee-on-the-road lost token situations, and much more.

eToken TMS has an open, standards-based architecture, based on configurable connectors for integrating with a wide variety of security applications including single sign-on, certification authorities, disk encryption applications, and more. Seamlessly integrated into Microsoft Active Directory (or operated in a standalone, e.g. shadow domain mode), TMS enables you to intuitively manage tokens throughout the organization, and transparently links token management with user organizational policies. TMS includes a robust SDK for integration and management of third-party security applications.

To give you peace of mind and enable compliance with regulations, TMS was designed with security in mind. A role-based access mechanism for administrators and encryption of user data ensures that only authorized individuals gain access to sensitive user information stored on the system. In addition, TMS offers comprehensive auditing and reporting capabilities for tracking of the token inventory and usage.

For additional information regarding eToken security applications - http://www.Aladdin.com/eToken




(02)77128295

PARTNERSSOLUTIONeToken Enabled Third-Party Applications

eToken Software Developer’s Kit (SDK)

If your organization is developing customized security applications or any application – such as e-banking or e-healthcare – that can benefit from strong user authentication and digital signatures, the eToken Software Developer’s Kit (SDK) is for you. The eToken SDK provides everything you need to integrate eToken security functionality into your applications.

This user-friendly SDK includes a set of industry standard APIs and supporting documentation, enabling seamless integration with third-party applications. The eToken SDK uses standard security interfaces for Windows, Linux, Microsoft CAPI, and PKCS#11 interfaces, and enables integration with boot protection security solutions which require logon prior to operating system loading.

The eToken SDK supports the entire suite of eToken devices and form factors, giving you a high level of flexibility in developing eToken-based solutions. In addition, the entire eToken suite of security applications can be integrated into any third-party solution developed with eToken SDK, enabling you to further enhance your solution offering.

eToken Solution Partners

eToken integrates with a variety of third-party applications from leading security companies. Together with its solution partners, eToken offers you a comprehensive set of security solutions for all of your organization’s needs.

Partner*

Check Point

Cisco

Citrix

CA

Entrust

HID

IBM

Microsoft

Novell

PGP

RSA

SafeBoot

SAP

Utimaco

VeriSign

Router provisioning

Proximity

Code signing

Boot Protection& Disk Encryption

E-mailProtection

SingleSign On

VPN & WebRemoteAccess

CA/PKI OtherNetwork/

WorkstationLogon

*Partial listFor additional information - http://www.Aladdin.com/partners




(02)77128295

DEVICES

9

Choosing the Right eToken DeviceeToken’s suite of devices allows organizations complete flexibility to meet their individual needs. From USB tokens for PCs and remote environments, to smartcards for access control and identity badges – eToken’s accessibility, efficiency and portability mean it’s the smart choice for organizations looking to stay ahead in today’s ever changing, digitalized world. All devices support the same security interfaces and work seamlessly with eToken and third-party security applications.

eToken PRO

eToken PRO is a USB, readerless smartcard. It is a low cost device that enables strong, two-factor authentication and is easy to deploy. eToken PRO’s secure, on-board RSA 1024-bit and 2048-bit key operations enable seamless integration into any PKI or other security architectures.

eToken NG-OTP

eToken NG-OTP is a hybrid USB and One Time Password (OTP) token, offering all of the functionality of eToken PRO with the addition of OTP technology for strong authentication in detached mode. eToken NG-OTP integrates multiple strong authentication methods and enables a wide variety of security related solutions, all in one device.

eToken NG-FLASH

eToken NG-FLASH offers the same functionality as eToken PRO, with the addition of Flash memory for mobile data storage.

eToken PRO Smartcard

eToken PRO Smartcard offers the same functionality as eToken PRO USB, but with a traditional credit card form factor. The eToken PRO Smartcard is operable with a standard smartcard reader.

eToken PASS

eToken PASS is a compact and portable one-time password (OTP) token providing strong user authentication to network resources.

Proximity (Physical) Access

eToken can integrate with proximity access solutions, combining both physical access and logical access in one device. Proximity technology can be integrated with both USB and smartcard eToken form factors.

eToken CertificationsThe Aladdin eToken meets the highest industry standards and certifications. Product Certifications:

eToken PRO 32K has tested compatible with Cisco Integrated Services Routers (ISR) 1800/2800/3800.

eToken PRO 32/64K and eToken NG-OTP were tested compatible with Cisco Concentrator 3005-4.1.7, Cisco

PIX 501 v6.3(3)and Cisco ACS v3.3 Go to http://www.aladdin.com/etoken/cisco/disclaimer.asp

for full disclaimer.

e T o k e n O v e r v i e w



(02)77128295

10

Technical SpecificationseToken PRO Specifications• Operating systems Windows 2000/XP/2003/Vista

Mac OS X, Linux (32K and 64K token models only)

• API & standards support PKCS#11 v2.01, Microsoft CAPI, PC/SC,X.509 V3 certificate storage, SSL v3, IPSec/IKE

• Models (by memory size) 32K, 64K (Siemens CardOS)

72K (Java Virtual Machine)

• On board security algorithms RSA 1024-bit / 2048-bit, DES, 3DES (Triple DES), SHA1, SHA256

• Security certifications FIPS 140-1 L2&3; Common Criteria EAL5/EAL5+ (smart card chip) / EAL4+ (smart card OS) Pending: FIPS 140-2 and CC EAL4 (certifications differ per model; please inquire)

• ISO specification support Support for ISO 7816-1 to 4 specifications

• Water resistance certification IP X8 – IEC 529

• Casing Hard molded plastic, tamper evident

• Memory data retention At least 10 years

• Memory cell rewrites At least 500,000

eToken NG-OTP Specifications• Operating systems Windows 2000/XP/2003/Vista; Mac OS X; Linux

• API & standards support PKCS#11 v2.01, Microsoft CAPI, PC/SC, X.509 v3 certificate storage, SSL v3, IPSec/IKE


• On b oard security algorithms RSA 1024-bit / 2048-bit*, DES, 3DES (Triple DES), SHA1

(*) Available with 64K model

• Security certifications Common Criteria EAL5/EAL5+ (smart card chip) / EAL4+ (smart card OS); Pending: FIPS 140-2

• OTP security algorithm OATH compliant (based on HMAC/SHA1)


• Casing Hard molded plastic

• Battery lifetime 10,000 OTP generations / 5 years



eToken NG-FLASH Specifications• Operating systems Windows 2000/XP/Vista; Mac OS X; Linux

• API & standards support PKCS#11 v2.01, Microsoft CAPI, PC/SC, X.509 v3 certificate storage, SSL v3, IPSec/IKE

• Smart card memory 64K (Siemens CardOS)

• Flash memory options 256MB, 512MB, 1GB, 2GB, 4GB

• On board security algorithms RSA 1024-bit / 2048-bit, DES, 3DES (Triple DES), SHA1

• Security certifications Common Criteria EAL5/EAL5+ (smart card chip) / EAL4+ (smart card OS); Pending: FIPS 140-2



• Smart card memory data retention At least 10 years

• Smart card memory cell rewrites At least 500,000

eToken PRO Smartcard Specifications• Operating systems Windows 2000/XP/2003/Vista

Mac OS X, Linux (32K and 64K token models only)

• API & standards support PKCS#11 v2.01, Microsoft CAPI, PC/SC , X.509 v3 certificate storage, SSL v3, IPSec/IKE


72K (Java Virtual Machine)

• On board security algorithms RSA 1024-bit / 2048-bit, DES, 3DES (Triple DES), SHA1, SHA256

• Security certifications Common Criteria EAL4+/EAL5+ (smart card chip and OS) Pending: CC EAL4 (certifications differ per model; please inquire)

• ISO specification support Support for ISO 7816 1 to 4 specifications



eToken PASS Specifications• OTP security algorithm OATH compliant (based on HMAC-SHA1)

• Battery lifetime 14,000 clicks / 7 Years





(02)77128295

About Aladdin

Aladdin (NASDAQ: ALDN) is a leader in digital security, providing solutions for software Digital Rights Management and Internet security since 1985. Serving more than 30,000 customers worldwide, Aladdin products include: the USB-based eToken™ device for strong user authentication and password management; the eSafe® line of integrated content security solutions that protect networks against malicious, inappropriate and nonproductive Internet-borne content; and the HASP® family of leading software Digital Rights Management products. To learn more, visit the Aladdin Web site at http://www.Aladdin.com.

17/10/2007 © Aladdin Know

ledge Systems, Ltd. is a registered tradem

ark and eToken is a trademark of Aladdin Know

ledge Systems Ltd. All other product nam

es are tradem

arks or registered trademarks of their respective ow

ners. 05000

Printed

in Israel

North America T: +1-800-562-2543, +1-847-818-3800UK T: +44-1753-622-266Germany T: +49-89-89-4221-0France T: +33-1-41-37-70-30Benelux T: +31-30-688-0800Spain T: +34-91-375-99-00

Italy T: +39-333-9356711Israel T: +972-3-978-1111China T: +86-21-63847800India T: +919-82-1217402Japan T: +81-426-607-191All other inquiries T: +972-3-978-1111

For more contact information, visit: www.Aladdin.com/contact



(02)77128295

your ultimate authentication solution - … - aptech.pdf · your ultimate authentication solution...

Documents