OTP Authenticators for SAS - KeyoneToken Pass Allows you to conveniently establish one-time password...
Transcript of OTP Authenticators for SAS - KeyoneToken Pass Allows you to conveniently establish one-time password...
OTP Authenticators for SAS
15
Model Supported Management Platforms OTP securityalgorithm
Battery lifetime OTP length OTPcharactertype
Field
Programmable
eToken Pass Allows you to conveniently establish one-timepassword (OTP) –based secure access tonetwork resources, SaaS cloud applicationsand online services.
A compact and portable OTP authenticator,which offers secure two factor authentication,in time-sync and event-based modes.
OATHcompliant(HMAC-SHA1, OATHTOTP)
For event-basedOTPs: 7 years withup to 10 OTPclicks/day For time-synced OTPs: 5years with up to 10OTP clicks/day
6 characters Digits Yes
SafeNet GOLD Offering an additional layer of security beyondbasic OTP, the SafeNet GOLD is activatedwith a PIN, which prompts the authenticator toprovide an OTP. In challenge response mode,users activate GOLD with their PIN, and thenmust validate a numeric challenge on theirGOLD authenticator.
X9.9 –ChallengeresponsealgorithmSynchronous –proprietaryevent basedalgorithm
7 years 8 characters Digits No
KT-4 Token Can generate both time-sync and event-basedOTPs with a press of a button.
AES-256 bitencryption
5 - 6 years (replaceablebatteries ) (automaticpower off)
6- 8characters
Selectablecombination ofdigits, upperand lowercase lettersandpunctuation
Yes
RB-1 KeypadToken
The RB-1 Keypad Token offers rich branding andbadging options, while providing strongauthentication. The RB-1 generates event-basedOTPs with a press of a button, supportstransaction signing, and in challenge-responsemode, presents an OTP only after a user enterstheir PIN.
AES-256 bitencryption
For event-based OTPs:5 - 6 years (replaceablebatteries) (automaticpower off)For time-syncedOTPs: 5 - 6 years(replaceablebatteries )(automatic power off)
Up to 8characters
Selectablecombination ofdigits, upperand lowercase lettersandpunctuation
Yes
SmartPhone and SW Tokens
16
Model MobilePlatform
SecurityFeature
Mechanism Comment
MobilePASS
MobilePASS forApple iOS
Key StoreAccess
The OTP seed is stored in the iOSKeyChain
KeyChain enables “sandboxed keys”per application which means that eachapplication would onlyhas access to its own KeyChainelements. Therefore, no otherapplications are able to read theMobilePASS KeyChain data
Key Encryption The OTP seed is encrypted using AES256 before it is stored in key chain
Copy Protection When an iOS backup is initiated, allKeyChain elements are encrypted with anon-migratable device- specific key.Thus, the MobilePASS seed may berestored to the same iPhone device but isunusable when restored to a differentdevice (or a device that was wiped)
iOS 4.2 or later required
MobilePASS forAndroid
Key StoreAccess
The encrypted OTP seed is stored onthe Android OS using “internal storage”mechanism
Files saved to the internal storageare private to the particularapplication and other applicationscannot access them (nor can theuser). When the user uninstalls theapplication, these files are removed
Key Encryption The OTP seed is encrypted with AES256 before it is stored by the application
Copy Protection The MobilePASS application is markedwith the allowBackup attribute set tofalse to prevent it from being backed upfrom the device.
The allowBackup attributedetermines if an application's datacan be backed up and restored.
SAS - Tokenless AuthenticationModel Description
GrIDsureAuthentication
GrIDsure Authentication works by presenting the user with a matrix of cells duringenrollment containing random characters, from which the user selects a PersonalIdentification Pattern (PIP).Every time the challenge grid appears, the characters in the cells are different, so the user isalways entering a one-time passcode.
SmartPhone and SW TokensModel Description
SMS Token SMS Tokens offer the fastest and easiest way to turn any mobile phone into a token (phone-as-a-token functionality).
MP-1 SW Token SafeNet’s MP-1 Software Token offers event-sync and challenge-response-based OTPs,which can be seamlessly integrated into an enterprise’s logon workflows.