OPSEC Partners
Vasco
DIGIPASS & IDENTIKEY Server
Product Version Certified: DIGIPASS PKI Keys and IDENTIKEY
Certified For Use With: NGX VPN-1, Connectra, Software Blade Security Gateways and Endpoint Security Full Disk Encryption
Product Description: DIGIPASS PKI is the ideal solution for strong authentication and digital signature when using PKI certificates and keys. These products allow banks, enterprises and governments to sign transactions and documents. These solutions also provide non-repudiation of transactions. As a result the integrity and origin of the data are proved and the transaction partner is authenticated. DIGIPASS PKI products provide strong two-factor authentication for secure web login, Windows smart card PKI login for your desktop, e-mail signing and encrypting secure VPN access and disk encryption.
IDENTIKEY Server provides out-of-the-box DIGIPASS strong authentication for your Corporate Network and Application Access Security. Built with the customer in mind, IDENTIKEY Server provides support for hardware, software, zero footprint, e-signatures and mobile authentication right out-of-the-box. It is scalable to accommodate large and small implementations—all without the headaches commonly associated with the maintenance of two-factor authentication systems.
Company Description: VASCO is a world leader in Strong Authentication and e-Signature solutions, specializing in online accounts, identities, and transactions. A global software company, VASCO serves a customer base of over 9,000 companies in over 100 countries, including almost 1,350 international financial institutions. In addition to the financial sector, VASCO technologies secure sensitive information and transactions for the enterprise security, e-commerce, and e-government industries.
Key Features and Benefits
DIGIPASS PKI Key
PKI functionality
DIGIPASS KEY 200 combines the security of a smart card with the flexibility of a card reader. Generation of private and public keys is managed on the device. Keys cannot be exported, offering increased security. Digital certificates from any Certificate Authority can also be generated and stored on the device.
Secure USB Storage
DIGIPASS KEY 200 has three predefined memory partitions:
Support RFID technology
DIGIPASS KEY 200 supports RFID technology combining physical and logical access in one device. The contactless functionality of the device, allows you to execute secure and contactless transactions in a single step. Multiple environments and applications can be united in a single end-user device.
IDENTIKEY
Robust
IDENTIKEY Server is scalable to support tens of thousands of users, all without impacting the functionality and operability of mission-critical applications. The server can run on multiple platforms and has provisioning for large deployments, such as redundancy, automatic replication, and server failover.
Scalable
IDENTIKEY Server can be easily expanded to additional users without revamping the existing IT infrastructure. Adding more users and/or applications is as simple as purchasing additional licenses.
Flexible
IDENTIKEY Server can be linked to any web-based application via a SOAP API, allowing for easy server modifications. An SDK is provided to allow smooth integration of this functionality into web-based applications.
Easy installation
IDENTIKEY Server comes with an intuitive installation wizard to guide you through the setup process from start to finish.
Centralized web-based management
IDENTIKEY Server features a single web-based administration interface. This centralized management tool is accessible through any web browser from anywhere on the network, allowing for remote administration and presenting new opportunities for outsourced service providers.
Hassle-free rollout
A built-in automated deployment functionality reduces help desk involvement. IDENTIKEY Server offers tools to facilitate a smooth rollout or migration from existing products. Provisioning for software and DIGIPASS for Mobile is available right out of the box.
Low total cost of ownership
IDENTIKEY Server runs seamlessly on the existing infrastructure and does not require dedicated servers or appliances. Existing databases do not need to be replaced, as the data storage can be integrated in Active Directory or into a variety of ODBC-compliant databases.
OPSEC Integration
VASCO DIGIPASS PKI Key and Check Point Full Disk Encryption
VASCO CertiID and DIGIPASS Key 200 or DIGIPASS Key 860 and Check Point Full Disk Encryption pre-boot authentication prevents unauthorized users from accessing or manipulating information stored on a protected computer. Users must provide all required credentials before the operating system boot process even begins.
How it works
The partition key encryption is encrypted at install time in Windows using RSA public key cryptography. Windows CAPI is used to encrypt the partition key encryption key. When authenticating in the pre-boot environment using Smart Cards or Tokens Full Disk Encryption uses an open driver model based on the PKSC#11 standard to have the Smart Card or Token decrypt the partition key encryption key. All Smart Card/Token interaction in the pre-boot environment is handled by the associated driver.
VASCO IDENTIKEY and Check Point VPN Technologies
DIGIPASS® strong authentication adds an additional security layer to remote access, preventing unauthorized users to access the corporate network assets. By adding DIGIPASS strong authentication to Check Point Security Gateways and Connectra™, the customer has an easy-to-deploy remote access solution with enhanced security. SSL Network Extender adds SSL VPN functionality to the IPSec VPN capabilities of VPN-1 gateways, simplifying remote access deployment while providing maximum flexibility for any type of remote access scenario. SSL Network Extender is also available with Connectra. Check Point Connectra™ is a remote access gateway which combines SSL VPN, IPSec VPN and intrusion prevention with centralized management and straightforward deployment. VASCO® DIGIPASS offers one-time password (OTP) technology to protect user login and ensures that only authenticated users get access.
How it works
When remotely connecting to the corporate network via Check Point SSL Network Extender, the end-user is asked for an OTP generated by the VASCO DIGIPASS authenticator. Check Point Security Gateways and Connectra communicate with IDENTIKEY® Server, VASCO’s back-end authentication software, through RADIUS to validate the OTP. Upon successful validation of the OTP, the user is authenticated and the Check Point gateway sets up the SSL VPN connection.
Additional Information