Developers: | Aladdin R.D. |
Last Release Date: | 2015/12/12 |
Technology: | Cybersecurity - Authentication |
Content |
- Independent generator of one-time passwords.
- Does not require connection to the computer.
- As the generator of one-time passwords is completely compatible to eToken NG-OTP.
- Works under control of eToken TMS 2.0.
- The guaranteed service life – 7 years or 14,000 generation.
eToken PASS can be used for authentication in any applications and services supporting the authentication protocol RADIUS – VPN, Microsoft ISA, Microsoft IIS, Outlook Web Access and many others.
The developer kit of eToken OTP SDK 2.0 allows to add easily support of authentication by one-time passwords to proprietary applications.
Advantages
- Does not require installation of the additional client software.
- Does not require installation of drivers.
- Works without connection to the computer – there is no need of existence of free port USB.
- Opportunity for work in any operating system.
- Opportunity for work from mobile devices.
- The one-time password works only during one communication session – the user can not worry that the password can be spotted is intercepted.
- Low price.
Principle of work In eToken PASS the algorithm of generation of one-time passwords (One-Time Password – OTP) developed within an initiative of OATH is implemented. This algorithm is based on an algorithm of HMAC and SHA-1 hash function. For calculation of OTP value two input parameters – secret key (starting value for the generator) and the current value of the counter (quantity of necessary cycles of generation) are accepted. Starting value is kept both in the device, and on the server in the eToken TMS system. The counter in the device increases at each generation of OTP, on the server – at each successful authentication on OTP.
At a request for authentication check of OTP is performed by the RADIUS server (Microsoft IAS, FreeRadius and others) which addresses the eToken TMS system performing generation of OTP on server side. If the OTP value entered by the user, matches the value received on the server, authentication is considered successful, and RADIUS the server sends the corresponding answer.
The batch of eToken PASS devices is delivered with the ciphered file containing starting values for all devices of a batch. This file is imported by the administrator to the eToken TMS system. After that input of its serial number is necessary for the user for purpose of the device (it is printed on the device body).
In case of lock-out of the counter of generation in the device and on the server, the eToken TMS system allows to resynchronize easily – to bring value on the server into accord to the value which is kept in the device. For this purpose the system administrator or the user (in the presence of the corresponding permissions) should generate two consecutive OTP values and send them to the server via the eToken TMS Web interface.
For the purpose of security gain the eToken TMS system allows to use secondary meaning of OTP PIN – in this case for authentication the user in addition to a user name and OTP enters the secondary OTP PIN confidential meaning. This value is set at purpose of the device to the user.
2017: Removal from sales of products of the line of eToken
The notification on plans of the termination of sale, support and maintenance of USB tokens and smart cards of the eToken PRO family (Java), eToken and CIPF of Kriptotoken as a part of the products eToken GOST[1].
Products of the line of eToken are removed from sales since the beginning of 2017. The conditions of completion of sales and product lifecycle of a line of eToken PRO (Java) specified in the table provided below extend to all existing form factors (an USB token, a smart card and so forth). The list includes the products which both are not certified, and certified. The detailed list of models for all listed products is specified in the section "Articles and names" of the Notification.
Model
- last sale date on March 31, 2017, end date of support on December 1, 2020.
- eToken PRO (Java) eToken NG-FLASH Java eToken NG-OTP eToken PRO , ( ), (Java), Anywhere
- last sale date on January 31, 2017, end date of support on December 1, 2020.
- eToken 4100 Smartcard, eToken 5100/5105, eToken 5200/5205
- last sale date on August 31, 2017, end date of support on December 1, 2018.
- The products containing a CIPF of Kriptotoken (eToken GOST)
Technical support of the products purchased earlier will be performed before end of the paid period of technical support.
Instead of electronic keys of eToken PRO (Java) and eToken the Aladdin R.D. company offers new domestic USB tokens, smart cards, the built-in modules of security (chips), OTR tokens of JaCarta PRO, JaCarta PKI, JaCarta WebPass developed and manufactured by it in the Russian Federation.
The substituted model
- eToken, eToken PRO (Java), SafeNet eToken
- JaCarta PRO - Compatible model
- JaCarta PKI - Functional analog
- there is no eToken PRO Anywhere -
- eToken NG-FLASH (Java) - In 2018 it is going to provide a similar product in JaCarta line
- eToken NG-OTP (Java) - The functional analog creating value OTR and transferring him on USB port
2016: eToken PASS is certified by FSTEC
On August 26, 2016 the Aladdin R.D. company declared prolongation of the FSTEC certificate of Russia of a hardware and software system of authentication and information storage of users "Electronic key of eToken 5".
Certificate of conformity No. 1883 of FSTEC of Russia confirms compliance of a HSS of authentication and information storage of users "Electronic key of eToken 5" to requirements of the regulating document "Protection against unauthorized access to information[2]. Part 1. Information security software. Classification by the level of absence control of not declared opportunities" (State Technical Commission of Russia, 1999) being an information protection software and hardware from unauthorized access, has the estimated trust level of OUD 2 on the 4th level of control.
According to the statement of developer company, certificate validity period till August 11, 2019.