Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

Aladdin Knowledge Systems Ltd.

Product Version Certified: eToken 2.1 for Windows NT, Windows 2000, Windows 98
Certified For Use With: Check Point NG

Check Point

Product Description: Aladdin eToken provides cost-effective strong user authentication and password management solutions. It provides enhanced security and ensures safe information access; improved password and ID management; and secure mobility of digital credentials/certificates and keys. Aladdin's product vision and innovation is evidenced by the company being awarded two key patents covering this security technology: USB devices with a smart card and USB devices as portable storage for credentials.

Company Description: Aladdin Knowledge Systems, Ltd. is a global provider of security solutions that reduce software theft, authenticate network users and protect against unwanted Internet and e-mail content, including spam, viruses and spyware. Its security products are organized into two segments: Software Digital Rights Management (DRM) and Enterprise Security. Aladdin’s Software DRM products allow software publishers to protect their intellectual property and increase revenues by reducing losses from software theft and piracy. Its Enterprise Security solutions enable organizations to secure their information technology assets by controlling who has access to their networks (authentication) and what content their users can utilize (content security).

Key Features and Benefits

eToken smart-card based devices contain a highly secure microprocessor chip which enables the generation of encryption keys and cryptographic operations on-board the device. This means the sensitive private keys are never exposed to the insecure PC environment and are not vulnerable to viruses, worms, trojan horses and other common threats.

eToken devices enhance Checkpoint VPN security and usability through:

  • Strong Two-factor Authentication - Users are required to connect their eToken device and enter a password/PIN to authenticate themselves or digitally sign data and transactions.
  • High Portability - Because the keys are securely stored on the eToken device, you can use them wherever they are, whenever they need – from any computer with a standard USB port.
  • Ease of Use - Users can perform PKI operations easily and intuitively, in the same way that they use their eToken for other security applications.

eToken also offers One-Time Password (OTP) tokens and hybrid OTP and smart card tokens to enable user authentication using OTP.

All eToken devices are managed via eToken’s Token Management System (TMS). TMS manages the eToken device life cycle, from initial enrollment through revocation, including scenarios of lost or damaged tokens. Tracking token usage is possible through a robust set of auditing and reporting tools. TMS is built on an open architecture -- providing management-level integration with a range of security applications through configurable connectors.

OPSEC Integration

Check Point VPN supports full PKI authentication based on private keys generated on eToken smart card based devices. The eToken smart card chip is able to generate and securely store a user’s Private Key. To authenticate and establish a VPN connection, a user simply needs to present the certificate corresponding to the user’s Private Key which is also stored on the eToken device. SecureClient integration with the eToken CSP is done via the CAPI interface.

User certificates may be generated on Checkpoint VPN Internal CA or on a third party external CA. eToken TMS synchronizes with Checkpoint’s user directory via the LDAP interface to enable complete and robust management of user credentials on TMS.

Checkpoint VPN also supports two-factor authentication using One-Time Passwords (OTP) provided by eToken NG-OTP or eToken PASS devices. OTP authentication requests are forwarded by Checkpoint VPN to any RADIUS sever. The RADIUS server forwards the request to eToken TMS for request authentication.