One-factor authentication (user IDs and password) is still the most widely used method, primarily because it is simple, easy and there are no pieces of hardware to configure. But there are many applications where this is just not secure enough. In two-factor authentication, not only do users need to know a PIN but they also need to possess the correct token.. . .
One-factor authentication (user IDs and password) is still the most widely used method, primarily because it is simple, easy and there are no pieces of hardware to configure. But there are many applications where this is just not secure enough. In two-factor authentication, not only do users need to know a PIN but they also need to possess the correct token. This higher level of security, combined with the token's memory and cryptographic processing capabilities, makes it particularly attractive as a solution for many situations such as digitally signing documents and mails and authenticating the user remotely for access to corporate networks through VPNs.

Physically, the iKey 3000 token is small and purple, around the same size as a door key, with a USB plug at one end and a green LED and a key ring hole at the other. The plastic body has a fine finish and is fairly robust under normal circumstances, although the review sample could be prized apart fairly easily to reveal the printed circuit board and chips inside, wrapped in yellow transparent tape.

In situations where people wear tokens on a ribbon around their neck, the token should be fairly safe, but where this is not practical, it will probably end up on a key ring with the user's house and car keys - this also solves the problem of arriving at work without it. In these circumstances, the unprotected USB end is susceptible to damage, which if severe enough, could stop the token from fitting into the USB socket on the computer.

Inside, there is 32Kb of EEPROM of which 12Kb is used by the operating system, leaving approximately 20Kb - enough space to store a number of X.509 certificates and PGP keys. The iKey has a secure processor chip and runs the Giesecke & Devrient STARCOS SPK 2.3 operating system which has been ITSEC E4 High certified. Random number generation, generation and storage of keys, and resistance to known attacks are also part of the ITSEC E4 High evaluation. Public and private keys are generated on the token, as are all digital authentication and signing operations, thus precluding interception of private keys on the computer's USB port. The USB interface runs at 1.5M Baud, making key operations on a token with a few certificates on it take one to two seconds.

The link for this article located at SC Magazine is no longer available.