Asset: Rutoken MFA

2024

Start of production of Rutoken MFA C Nano

The company Aktiv"" began the production of Rutoken MFA C Nano devices, expanding the product line of hardware authenticators. Rutoken MFA C Nano is a miniature Russian production token that includes the characteristics of Rutoken MFA devices and is executed in a new form factor with a - USB C connector. The manufacturer announced this on September 16, 2024.

source = Asset

The device is suitable for working with laptops, tablets and smartphones. Due to its miniature size, the token protrudes slightly from the device, and therefore is practically not subject to different influences from the user. It is difficult enough to hook with a hand, cord or mouse. It also became convenient for the user to carry a smartphone in his pocket or a laptop in a bag with a token included there, which adds more convenience and mobility, and also reduces the likelihood of losing it.

Rutoken MFA acts as a single means of protecting online service accounts and uses two authentication factors. This allows you to completely abandon login and password authentication by switching to the use of reliable cryptographic methods, or to supplement login and password authentication with confirmation of possession of the second factor. The device is equipped with a touch button to confirm ownership and light indication. Confirmation of the physical presence of the user is carried out by touching the touch button on the case.

Rutoken MFA C Nano includes the characteristics of the first and second revisions of Rutoken MFA devices:

• Support for the FIDO2 protocol (the latest version of the FIDO_2_1 or CTAP2.1 protocol is implemented).
• Electronic signature algorithm ES256 (ECC P256).
• U2F Protocol Support (CTAP 1.2).
• Support for password-free authentication for 15 accounts by one authenticator.
• Granular deletion of detectable credentials through the MFA Manager utility.

Detectable accounts are accounts where private key-related metadata is stored in the authenticator's persistent memory.

Шаблон:Quote 'author = said Andrey Shpakov, Information Security Project Manager at Aktiv.

Selectively delete keys associated with a protected account from the memory of Rutoken devices using the MFA Manager utility

The company Aktiv"" released the second revision of the Rutoken MFA product line - devices for authentications web applications based on the FIDO2 technology stack. The company announced this on September 4, 2024.

Revision devices are supplemented with new features:

• selectively delete keys associated with the protected account (in WebAuthn terminology - detectable accounts) from the memory of Rutoken devices using the MFA Manager utility;
• the ability to update the Rutoken MFA OS by the user.

Revision devices are available for ordering. Together with the second revision of devices, the Aktiv Company releases the MFA Manager utility (mfaman) - it is free ON OS Windows 1011 for viewing and deleting detectable accounts (Discoverable Credentials), as well as receiving information about the version and serial number of the Rutoken MFA device.

Rutoken MFA acts as a single means of protecting online service accounts and uses two authentication factors. This allows you to completely abandon login and password authentication by switching to the use of reliable cryptographic methods, or to supplement login and password authentication with confirmation of possession of the second factor. The device is equipped with a touch button to confirm ownership and light indication. Confirmation of the physical presence of the user is carried out by touching the touch button on the case.

To start working with the device, just connect it to your computer. No additional programs need to be installed. The user can work with devices in all modern browsers and operating systems.

Rutoken MFA devices have backward compatibility with the U2F protocol (CTAP 1), previously implemented in the previous generation of authenticators - the Rutoken U2F model. Compatibility will allow the device to be used on portals where the current WebAuthn specification has not yet been implemented. Also, Rutoken MFA tokens allow you to quickly and safely protect your accounts in various services that support the WebAuthn specification, such as [Mail.ru]], vk.ru, VK ID, Yandex ID, Google, Apple ID, Microsoft.

Compatibility with Multifactor service

The specialists of the companies MULTIFACTOR and "" Aktiv checked the compatibility of the device Rutoken OTP and Rutoken MFA with the system two-factor authentication MULTIFACTOR for a secure remote connection to corporate information systems. According to the test results, the parties signed a certificate confirming compatibility. This was announced by "Asset" on March 22, 2024. More. here

Red OS Compatibility

The companies "Aktiv" and Red Software have confirmed the compatibility of user devices of the Rutoken MFA line and the domestic operating system Red OS for strict authentication when logging into local accounts. The company was informed about this on March 11, 2024.

source = Asset

The operation of the Rutoken MFA line devices is based on the FIDO2 technology stack (CTAP2). Using packages from the RED OS repository allows you to authenticate the user when logging in to the account according to this standard. After entering the login and password, the user must enter the PIN-code from the device (knowledge factor) and confirm his presence by clicking on the touch button (ownership factor). Thus, customers are able to use a single Rutoken MFA authenticator both for authentication tasks in web services and for logging into the OS.

The RED OS and Rutoken MFA product sharing scenarios are published on the following resources:

• Rutoken Documentation Portal;
• Knowledge base RED OS.

The compatibility of the solutions of the company "Aktiv" and RED SOFT is confirmed by a certificate.

The use of Rutoken MFA devices as authenticators when logging into the accounts of Russian operating systems creates effective scenarios for customers, said Andrey Shpakov, Information Security Project Manager at Aktiv.

{{quote 'author = noted Rustam Rustamov, Deputy General Director of RED SOFT.|RED OS is created as a safe environment for work. Our task ― to meet the highest standards and requirements for information security, since among RED SOFT customers there are many organizations and companies that seriously take care of the safety of their data. Products such as Rutoken MFA devices help expand the stack of information security solutions available to RED OS users, }}

Blitz Identity Provider Server Compatibility

Aktivs and Reak Soft have completed test tests of the collaboration of authentication devices in Rutoken MFA web applications based on the FIDO2 technology stack and the Blitz Identity Provider authentication server. This was announced by "Asset" on March 6, 2024.

Rutoken MFA devices act as a single means of protecting online service accounts and use two authentication factors: ownership of a physical device and knowledge of a PIN code. Rutoken MFA tokens are backward compatible with the U2F protocol, and also allow you to protect user accounts in various services that support the WebAuthn standard.

Confirmation of the correct collaboration of Rutoken MFA devices and the Blitz Identity Provider server was officially recorded in the compatibility certificate signed by Asset and Identity Blitz.

The joint use of Rutoken MFA devices and the Blitz Identity Provider authentication server provides customers with the opportunity to use secure and convenient password-free authentication in services and applications using worldwide authentication and authorization protocols. The use of such a product bundle in the customer's infrastructure effectively solves the problem of "weak" passwords, which is the root cause of most information security incidents, "said Andrey Shpakov, project manager for information security at Aktiv. - "We are pleased to cooperate with Identity Blitz in creating reliable tools for the seamless operation of elements of a comprehensive solution for protecting information resources.

Together, we strive to create a secure digital environment where every user can feel secure, and every company can be confident in the security of their systems. Blitz Identity Provider and Rutoken MFA compatibility emphasizes our priority in creating reliable, convenient and advanced information security solutions, "said Mikhail Vanin, CEO of Identity Blitz.

2023: Start of serial production of the Rutoken MFA line

On September 26, 2023, Aktiv announced the start of serial production and sales of the Rutoken MFA line of user devices for authentication in web applications. The devices run on a FIDO2 technology stack (CTAP2). Authenticators act as a single tool to protect online service accounts.

The line includes two devices:

• MFA C root, a token with a USB-C connector;
• MFA Micro root, compact token with USB-A connector.

The devices are equipped with a touch button to confirm ownership and operations on the devices.

Rutoken MFA authenticators operate according to the FIDO2 standard (CTAP2). This is an open standard for universal user authentication developed by the FIDO Alliance international consortium. It is an evolution of the U2F standard (CTAP1). It implements security improvements, and also introduces passwordless authentication mode, which allows you to completely abandon passwords in web services for simple, fast and secure authentication. In addition, the standard has added verification of the device PIN code before user authentication.

The standard is based on the use of asymmetric cryptography and electronic signature technologies. Keys on devices are unrecoverable and cannot "leak" through the Internet. For its operation, Rutoken MFA devices do not require driver installation and they work on all current desktop and mobile OS.

Aktiv takes into account the needs of corporate customers and launches a line of products that use international experience in the field of user authentication in web applications. Rutoken MFA is a domestic development that implements full support for the FIDO2 standard. When creating products, the specialists of Aktiv Company applied their experience in using high-speed hardware platforms and developing secure card operating systems. We are confident that by incorporating FIDO standards and Rutoken MFA products into our information systems, our customers will be able to solve the issue of high-quality and reliable user authentication without unnecessary difficulties and load on users. said Andrey Shpakov, Information Security Project Manager, Aktiv Company.