FAMILY BROCHURE. Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication

Transcription

1 FAMILY BROCHURE Gemalto Authenticators Diverse Form Factors for Convenient Strong

2 Diverse Form Factors for Convenient Strong. Offering the broadest range of authentication methods and form factors supported by any single vendor, Gemalto facilitates and empowers enterprise-wide initiatives for maintaining and improving strong authentication. Gemalto's authenticators include hardware and software OTP tokens, X.509 certificate-based USB tokens and smart cards, OOB, hybrid tokens, and phone tokens for all mobile platforms. Many Gemalto hardware tokens support physical access control to secure buildings and sites. Allowing you to address numerous use cases, assurance levels and threat vectors, Gemalto's authenticators are supported by authentication platforms which offer uniform, centralized policy management delivered in the cloud or on premises. Gemalto management solutions include Service (SAS), Trusted Access (STA) and Manager. To tailor strong authentication to your business and IT needs, choose from the authenticators shown below. Hardware OTP Tokens Gemalto's OTP hardware tokens provide a strong and scalable foundation for securing access to enterprise and cloud applications, and complying with privacy and security regulations. Gemalto's hardware tokens offer rich case-branding options, and are field-programmable by the customer, enabling organizations to maintain stringent control over their own critical OTP security data. Management Platform SAS/STA Manager OTP 110 OTP 110 is a cost effective OATH-compliant OTP hardware token that features waterproof casing, and enables two-factor authentication in time-sync and event-based modes, for secure access to a broad range of enterprise resources, including network resources, SaaS cloud applications and online services. etoken PASS etoken PASS is an OATH compliant token that allows organizations to conveniently establish one-time password (OTP) -based secure access to network resources, SaaS cloud applications and online services. A compact and portable OTP authenticator, etoken PASS offers secure two factor authentication, in timesync and event-based modes. GOLD Offering an additional layer of security beyond basic OTP, the GOLD is activated with a personal identification number (PIN), which prompts the authenticator to provide an OTP. In challenge response mode, users activate GOLD with their PIN, and then must validate a numeric challenge on their GOLD authenticator. KT-4 Token The KT-4 token is a hardware token that can generate both time-sync and event-based OTPs with a press of a button. OTPs can be configured to comprise passcodes of varying lengths and selectable combinations of digits, upper and lower case letters and punctuation. RB-1 Keypad Token The RB-1 generates event-based OTPs with a press of a button, and in challenge-response mode, presents an OTP only after a user enters their PIN. Gemalto Authenticators - Family Brochure 2

3 Certificate-based Smart Cards As convenient as another credit card in your wallet, Gemalto's credit card-size form factors enable enhanced security with PKI Certificate-Based- (CBA) and enable preboot authentication, disk encryption, file encryption, digital signatures, and secure certificate and key. All Gemalto smart card tokens can easily double as physical access cards to secure buildings and sites, in addition to offering rich branding options and support for photo-badging. Depending on the configuration, Gemalto's certificate-based authenticators are FIPS and CC certified. Middleware IDGo800 Mobile MD 3810 PKI minidriver-based smart card. Dual and FIPS certified MD 3811 PKI minidriver-based smart card. Dual. MIFARE Classic and/or MIFARE DESFire emulation MD 3840 PKI minidriver-based smart card. Dual and CC certified MD 830 PKI minidriver-based smart cards. FIPS certified MD 840 PKI minidriver-based smart cards. CC certified Prime 8840 Secure MicroSD card. CC certified Certificate-Based USB Tokens Gemalto's PKI Certificate-Based (CBA) USB tokens enable strong authentication to local and remote networks, including VPNs and web-based applications. Depending on their configuration, the certificate-based USB tokens can be FIPS and CC certified (for details, see the "Authenticator Technical Specifications" section). Providing pre-boot authentication, file encryption, disk encryption, digital signature, and secure certificate and key. Manager offers centralized management of authenticators, including certificate lifecycle and self-enrollment functionality. Management Platform SAS/STA Manager etoken 5110 The etoken 5110 provides PKI based two-factor authentication for secure remote and network access, as well as support for advanced security applications, including digital signature and pre-boot authentication. Requires Gemalto Authenticators - Family Brochure 3

4 Smartphone and Software Tokens Offering the convenience of phone-as-a-token authentication, Gemalto offers both PKI certificate-based and OTP tokens for portable memory sticks, desktops and smartphones, enabling strong authentication both in the office and on the go. Management Platform SAS/STA Manager etoken Virtual etoken Virtual is a software based two-factor authentication security solution that provides full PKI functionality for secure remote access, network access, and digital signing. Requires SMS Out-of-Band Delivered by SMS text messages, out-of-band authentication reduces the administrative overhead of a strong authentication solution by removing the need to install software or distribute hardware. Delivery is also available via . MobilePASS Supporting all leading mobile platforms, s MobilePASS family of OTP software authentication solutions generates One-time Passcodes via a software application installed on desktops or mobile devices. MobilePASS is available in time-sync and event-based configurations, as well as in challengeresponse mode, and offers optional PIN protection. MobilePASS+ MobilePASS+ is a next generation software token that lets users generate OTPs on their mobile devices, while also offering convenient out-of-band, single-tap push authentication. MobilePASS+ offers an enhanced user experience, with optional QR code enrollment and optional biometric fingerprint PIN on ios and Android devices. Tokenless Solutions Gemalto s tokenless technology enables any user to be authenticated anytime and anywhere. Management Platform SAS/STA Manager GrIDsure GrIDsure works by presenting the user with a matrix of cells during enrollment containing random characters, from which the user selects a Personal Identification Pattern (PIP). Every time the challenge grid appears, the characters in the cells are different, so the user is always entering a one-time passcode. Context-Based By evaluating predefined testable parameters, s Context- Based distinguishes between legitimate login attempts and suspicious ones, safeguarding networks and assets in a completely seamless, transparent manner. Context-Based provides secure access to a wide range of web-based resources, including SSL VPNs, webbased applications and cloud services. Gemalto Authenticators - Family Brochure 4

5 OTP Authenticator Technical Specifications Model Management Platform OTP security algorithm Battery lifetime OTP length OTP character type Field Programmable OTP 110 Trusted Access, Service OATH compliant (HOTP and TOTP) HMAC SHA-1 More than 5 years 6 to 8 chars Digits No etoken PASS Service, Manager OATH compliant (HOTP and TOTP available in SHA-1 and SHA-256) For event-based OTPs: 7 years For time-synced OTPs: 5 years 6 chars Digits GOLD STA/SAS, Manager X9.9 Challenge response algorithm Synchronous proprietary event based algorithm 7 years 8 chars Selectable combinations of digits, hexadecimal characters, and userfriendly alphanumeric characters KT-4 Token STA/SAS AES-256 bit encryption 5-6 years 6-8 chars Selectable combination of digits, upper and lower case letters and punctuation No RB-1 Keypad Token STA/SAS AES-256 bit encryption For event-based OTPs: 5-6 years For time-synced OTPs: 5-6 years Up to 8 chars Selectable combination of digits, upper and lower case letters and punctuation MobilePASS (software token) MobilePASS+ STA/SAS, Manager STA/SAS PKI Tokens Event OTP - HOTP HMAC- SHA-256 Time OTP - TOTP HMAC- SHA-256 Challengeresponse - OCRA HMAC- SHA-256 Event OTP - HOTP HMAC- SHA256 Time OTP - TOTP HMAC- SHA256 Challenge- response - OCRA HMAC-SHA256 N/A 8 chars Digits, dynamic reseeding allows organizations to reprogram tokens on-the-fly as required. N/A 8 chars Digits, dynamic reseeding allows organizations to reprogram tokens on-the-fly as required. Model Management Platform Operating Systems API Standards and Protocol Support On-Board Security Algorithms Standards and Specifications Security Certifications etoken 5110 Manager Windows Server 2008/R2, Windows Server 2012 and 2012 R2, Windows 7, Mac OS, Linux, Windows 8, Windows 10 PKCS#11, Microsoft CAPI, PC/SC, X.509 v3 certificate, SSL v3, IPSec/IKE, MS minidriver, CNG X.509 v3 certificate, SSL v3, IPSec/IKE etoken Symmetric: 3DES (Triple -DES), AES 128/192/256 bit -Hash: SHA1, SHA256 -RSA 1024-bit / 2048-bit - curves: P-256, -P-384 etoken 5110 FIPS -Symmetric: AES, 3DES (Triple DES) -128/192/256 bit -Hash: SHA-256 -RSA: 2048-bit, - curves: P-256, P-384 ISO to 4 specifications etoken level 3(SC chip and OS) etoken 5110 FIPS FIPS level 3 etoken 5110 CC CC EAL5+ etoken 5110 CC -Symmetric: 3DES (ECB, CBC), AES (128,192, 256 bits) -Hash: SHA-1, SHA-256, SHA-384, SHA-512 -RSA: up to RSA 2048 bits (and optionally up to 4096 bits) -RSA OAEP & RSA PSS - curves: P-256, P-384, P-521 bits, ECDSA, -On-card asymmetric key pair generation (RSA up to RSA2048 & curves) Gemalto Authenticators - Family Brochure 5

6 PKI Smart Cards Model Core Message Management Platform Dual Interface Middleware Memory Cryptographic Algorithms ISO Specification Compliance Certifications MD 3811 NFC compliant smart card with on board MIFARE Classic and MIFARE DESFire emulation vsec:cms and Manager -Symmetric: 3DES (ECB, CBC), AES (for secure -Hash: SHA-1, SHA-256, -RSA: up to RSA 2048 bits RSA OAEP & RSA PSS - curves: P-256, -On-card asymmetric key pair generation -ISO ISO less compatible with NFC Chip certified CC EAL5+ MD 3810 NFC compliant Smart card vsec:cms and Manager -Symmetric: 3DES (ECB, CBC), AES (For secure -Hash: SHA-1, SHA-256, -RSA: up to RSA 2048 bits RSA OAEP & RSA PSS - curves: P-256, -On-card asymmetric key pair generation -ISO ISO less compatible with NFC Chip certified CC EAL5+ MD 3840 NFC Smart card offer for European Digital Signature/ eidas vsec:cms Symmetric: 3DES (ECB, CBC), AES (For secure -Hash: SHA-1, SHA- 256, -RSA: up to RSA 2048 bits RSA OAEP & RSA PSS - curves: P-256, -On-card asymmetric key pair generation (RSA and Curves) -ISO ISO less compatible with NFC CC EAL5+ / PP Javacard CC EAL5+ /PP QSCD Javacard + MD applet Chip certified CC EAL5+ MD 830 Standard smart card offer for Logical & Physical Access Control Manager & vsec:cms No Symmetric: 3DES (ECB, CBC), AES (for secure -Hash:SHA-1, SHA-256, -RSA: up to RSA 2048 bits RSA OAEP & RSA PSS - curves: P-256, -On-card asymmetric key pair generation (RSA and Curves) ISO 7816 Java platform alone: FIPS Level 3 Java platform with MD applet: FIPS Level 3 Chip CC EAL6+ certified MD 840 Smart card offer for European Digital Signature/ eidas vsec:cms No - Symmetric: 3DES (ECB, CBC), AES (for secure -Hash: SHA-1, SHA-256, -RSA: up to RSA 2048 bits (and optionally up to 4096 bits) RSA OAEP & RSA PSS - curves: P-256, -On-card asymmetric key pair generation (RSA up to RSA2048 & curves) ISO 7816 CC EAL5+ / PP Javacard CC EAL5+ / PP QSCD Javacard + MD applet Chip CC EAL5+ certified Gemalto Authenticators - Family Brochure 6

7 Model Core Message Management Platform Dual Interface Middleware Memory Cryptographic Algorithms ISO Specification Compliance Certifications MD 8840 Manager IDGo Symmetric: 3DES (ECB, CBC), AES (128, 192, 256 bits) - Hash: SHA-1, SHA-256, - RSA: up to RSA 2048 (and optionally up to 4096 bits) - RSA OAEP and PSS - ELC: P-256, P-384, P-521 bits - On-card asymmetric key pair generation (RSA up to 2048, Curves) ISO Java OS: Common Criteria EAL5+ / Javacard PP (Protection Profile) - PKI applet: Common Criteria EAL5+ / PP SSCD certified - On request: FIPS140-2 Level 3. The secure chip, the Java OS and the PKI / OTP applets are already FIPS certified PIV v2.0 PIV card for Federal Agencies PIV Card management systems PIV certified Middleware This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the PIV Applet loaded on the Java Card platform -Hash: SHA-1 SHA-256 SHA-384 SHA Symmetric: AES (128-, 192-, 256-bit), Triple DES, double- and triple-length keys with (ECB or CBC modes) - Asymmetric: ECC (256-, 384-bit), RSA (1024-, 2048-bit) using an on-card security controller with key pair generation and true random number generator -ISO ISO less compatible with NFC -IU high coercively magnetic stripe FIPS 140-2, FIPS and GSA APL Overall Security level: 2 -Roles, Services, and : Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 SCP01 and SCP02 supported with scripting according to GP2.1.1 Amendment A SCP03 supported according to GP2.2 Amendment D ECC (256, 384 ) Asymetric algorithms supported nand Fips certified Contact readers Product name CT30 Picture Main features Casing Interface with host USB reader, compact and transparent casing, stand accessory as an option Main standards Transparent USB PC/SC, USB 2.0, CCID1.0, ISO 7816, EMV OS CT40 Similar to CT30 in a slinline casing Slim line USB PC/SC, USB 2.0, CCID1.0, ISO 7816, EMV CT510 Embedded reader in PC Express form factor PC Express USB (on PC Express connector) PC/SC, USB 2.0, CCID1.0, ISO 7816, EMV CT700 Desktop pinpad for secure pin entry Desktop pinpad USB PC/SC, USB 2.0, CCID1.0, ISO 7816, EMV Gemalto Authenticators - Family Brochure 7

8 Contact readers (continued) Product name Picture Main features Casing Interface with host Main standards OS CT710 Lightweight pinpad for secure pin entry Mobile pinpad USB PC/SC, USB 2.0, CCID1.0, ISO 7816, EMV Reader CT1100 Bluetooth badge holder for Mobile PKI with multi-host capability Badge holder Bluetooth Smart (and USB) Bluetooth 4.0, USB2.0, CCID1.0, ISO 7816, CE, FCC Android, ios Reader K1100 K30 K50 Bluetooth token for CA PKI use cases Compact, USB device offering multi-application dynamic smart card functionality Compact, tamper-evident USB device offering multiapplication dynamic smart card functionality. Token Token Token Bluetooth Smart (and USB) -USB -Plug and Play -CCID (Chip Card Interface Device) -Plug and Play -CCID (Chip Card Interface Device) -USB 2.0 full speed (12 Mbps) Contact Us: For all office locations and information, please visit safenet.gemalto.com Follow Us: blog.gemalto.com/security GEMALTO.COM Bluetooth 4.0, USB2.0, CCID1.0, ISO 7816, CE, FCC -ISO/IEC ,2,3,4: IC Cards with s -Microsoft Windows Hardware Quality Labs (WHQL), Windows Logo Program WLP 2.0 -USB 2.0 Full speed certified (USB readers listed on usb.org website) -CCID - Chip Card Interface Device 1.0 -ISO/IEC ,2,3,4: IC Cards with s -Microsoft Windows Hardware Quality Labs (WHQL), Windows Logo Program WLP 2.0 -USB 2.0 Full speed certified (USB readers listed on usb.org website) Android, ios Gemalto All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. FB (EN)-Nov Design: ELC Gemalto Authenticators - Family Brochure 8