VASCO Data Security Extends PKI-Based Product Line

VASCO Data Security, a software security company specialising in authentication products, is extending its PKI-based product line with two new authenticators: DIGIPASS KEY 200 and DIGIPASS KEY 860. DIGIPASS KEY 200 is a USB device with a PKI smartcard and secure USB mass storage on a single device. DIGIPASS KEY 860 is a smartcard ID device, an OTP authenticator and secure USB storage in one.

DIGIPASS KEY 200 is best suited for use in corporate environments and can be used for local and remote access to the corporate network and applications, the use of PKI for encryption and digital signature and mobile data security. It combines PKI technology, secured mass storage and the possibility to integrate RFID technology for physical access.

DIGIPASS KEY 860 is adapted for banking environments: it helps banks to comply with stringent financial regulations (Sarbanes-Oxley, Basel II, HIPAA) and enhanced security requirements. It combines OTP technology with PKI and also offers secured mass storage and offers new opportunities to effectively combat phishing and man-in-the-middle attacks.

PKI functionality

Both DIGIPASS KEY 200 and DIGIPASS KEY 860 offer PKI-based digital signature for e-mails or transactions, encryption capability and strong authentication for PKI-enabled operating systems, VPNs and application. They both combine the security of a smartcard with the flexibility of a card reader, allowing the user to generate and securely store digital certificates from any Certificate Authority on the device. The generation of private and public keys is managed on the devices and the keys cannot be exported from the smart card on the devices.

OTP functionality

DIGIPASS KEY 860 offers device-based OTP generation: with one push on the button of the DIGIPASS KEY 860, an OTP will be generated on the screen of the authenticator. The user will type the OTP into the log-on screen on the PC to access the application.

When combining the use of PKI with OTP, customers will need to install VASCO’s authentication server technology (VACMAN Controller or IDENTIKEY) to offer event- and time-based OTP capability next to PKI-functionality.

DIGIPASS KEY 200 offers smartcard-based OTP generation through the use of DIGIPASS CertiID.

Secure USB Storage

Nowadays, employees often carry sensitive corporate information on portable USB drives. This data is freely accessible and the USB devices can easily be lost or stolen. With DIGIPASS KEY 200 and DIGIPASS KEY 860, sensitive corporate data can be encrypted and stored on the authenticator. For secure storage, user transparent on fly encryption technology is used by both devices: the encryption keys are created on installation and the user will access the sensitive data on the encrypted partition using his PIN. Devices are available with a storage capacity of 2, 4 or 8 Gb.

Both DIGIPASS KEY 200 and DIGIPASS KEY 860 can have three pre-defined memory partitions: a partition with CD-ROM capability, an encrypted partition and a non-secure hard disc partition. On the CD-ROM enabled partition, specific software can be stored. For instance, banks can store a secured browser on it, this way banking customers will always be directed to the right URL when connecting their USB-authenticator. The information on this partition cannot be altered; as a result customers are protected from phishing and man-in-the-middle attacks. The encrypted partition can be used for secure data storage. For instance, in the insurance world a policy could be put on the encrypted partition, the insured can sign it using PKI-based e-signature and would be able to access it for consultation in a later stage on the encrypted partition. The non-secured partition, allows the user to store accessory, non-confidential information.