USB Token -
|The Rainbow iKey 1000 USB-based two-factor authentication token provides a very cost-effective and easy-to-use control for multiple applications and network services, as in Virtual Private Networks (VPN), and controls Intranet, Extranet, and Internet access. The iKey 1000 series can also be used in Public Key Infrastructure (PKI) environments. The iKey 1000 token consists of a Microprocessor with a USB controller and memory all within a device small enough to store on your key chain. The iKey 1000 Series provides highly reliable storage capabilities as shown below.
The USB controller is USB 1.1/2.0 compliant device that acts similar to a smart card reader and smart card. The iKey 1000 also has support within the microprocessor firmware to perform on-board MD5 hashing. The storage within the iKey 1000 token is organized into directories and files. Access to files can be controlled through the use of the PIN-based access control security functions. The iKey 1000 security system provides for two levels; the end-user and the Enterprise Security Officer. An end-user can be authorized to perform sensitive functions in the iKey 1000 via PIN or pass phrase authentication. A Security Officer (SO) may also be authenticated to the token with a separate PIN or pass phrase to perform sensitive operations, such as initializing an End-user’s PIN.
One other such sensitive operation is initialization of PKI functionality on the iKey 1000 token. In the Windows version, it is a function of the Security Officer to decide whether to dedicate some of the overall iKey 1000 memory for exclusive use by PKI functionality embodied in the iKey 1000 series software libraries.
When enabled, the PKI libraries divide the dedicated memory into two areas. One area is for public storage where digital certificates, public keys, cookies and other unprotected data can be stored. The second storage area is for private storage of shared secrets and private keys. This private area has authenticated secure access and the data is held in encrypted form.
All PKI functions are performed within a Security Module embedded within the iKey 1000 Series Windows Client Software. When operations involving secure private objects are required, then the Security Module retrieves the necessary Private keys from the iKey 1000 token after first meeting the authentication requirements with a User PIN.
The iKey 1000 series software and token can perform variety of other cryptographic algorithms in addition to RSA, including: DES in ECB and CBC modes, DES, 3DES, RC2, RC4 and RC5.