OTP Authenticators for SAS

15

Model Supported Management Platforms OTP securityalgorithm

Battery lifetime OTP length OTPcharactertype

Field

Programmable

eToken Pass Allows you to conveniently establish one-timepassword (OTP) –based secure access tonetwork resources, SaaS cloud applicationsand online services.

A compact and portable OTP authenticator,which offers secure two factor authentication,in time-sync and event-based modes.

OATHcompliant(HMAC-SHA1, OATHTOTP)

For event-basedOTPs: 7 years withup to 10 OTPclicks/day For time-synced OTPs: 5years with up to 10OTP clicks/day

6 characters Digits Yes

SafeNet GOLD Offering an additional layer of security beyondbasic OTP, the SafeNet GOLD is activatedwith a PIN, which prompts the authenticator toprovide an OTP. In challenge response mode,users activate GOLD with their PIN, and thenmust validate a numeric challenge on theirGOLD authenticator.

X9.9 –ChallengeresponsealgorithmSynchronous –proprietaryevent basedalgorithm

7 years 8 characters Digits No

KT-4 Token Can generate both time-sync and event-basedOTPs with a press of a button.

AES-256 bitencryption

5 - 6 years (replaceablebatteries ) (automaticpower off)

6- 8characters

Selectablecombination ofdigits, upperand lowercase lettersandpunctuation

Yes

RB-1 KeypadToken

The RB-1 Keypad Token offers rich branding andbadging options, while providing strongauthentication. The RB-1 generates event-basedOTPs with a press of a button, supportstransaction signing, and in challenge-responsemode, presents an OTP only after a user enterstheir PIN.

AES-256 bitencryption

For event-based OTPs:5 - 6 years (replaceablebatteries) (automaticpower off)For time-syncedOTPs: 5 - 6 years(replaceablebatteries )(automatic power off)

Up to 8characters

Selectablecombination ofdigits, upperand lowercase lettersandpunctuation

Yes

SmartPhone and SW Tokens

16

Model MobilePlatform

SecurityFeature

Mechanism Comment

MobilePASS

MobilePASS forApple iOS

Key StoreAccess

The OTP seed is stored in the iOSKeyChain

KeyChain enables “sandboxed keys”per application which means that eachapplication would onlyhas access to its own KeyChainelements. Therefore, no otherapplications are able to read theMobilePASS KeyChain data

Key Encryption The OTP seed is encrypted using AES256 before it is stored in key chain

Copy Protection When an iOS backup is initiated, allKeyChain elements are encrypted with anon-migratable device- specific key.Thus, the MobilePASS seed may berestored to the same iPhone device but isunusable when restored to a differentdevice (or a device that was wiped)

iOS 4.2 or later required

MobilePASS forAndroid

Key StoreAccess

The encrypted OTP seed is stored onthe Android OS using “internal storage”mechanism

Files saved to the internal storageare private to the particularapplication and other applicationscannot access them (nor can theuser). When the user uninstalls theapplication, these files are removed

Key Encryption The OTP seed is encrypted with AES256 before it is stored by the application

Copy Protection The MobilePASS application is markedwith the allowBackup attribute set tofalse to prevent it from being backed upfrom the device.

The allowBackup attributedetermines if an application's datacan be backed up and restored.

SAS - Tokenless AuthenticationModel Description

GrIDsureAuthentication

GrIDsure Authentication works by presenting the user with a matrix of cells duringenrollment containing random characters, from which the user selects a PersonalIdentification Pattern (PIP).Every time the challenge grid appears, the characters in the cells are different, so the user isalways entering a one-time passcode.

SmartPhone and SW TokensModel Description

SMS Token SMS Tokens offer the fastest and easiest way to turn any mobile phone into a token (phone-as-a-token functionality).

MP-1 SW Token SafeNet’s MP-1 Software Token offers event-sync and challenge-response-based OTPs,which can be seamlessly integrated into an enterprise’s logon workflows.