Eutronsec - OTP technology products

OTPSign - OTPSign ITSEC-I - FOCUS

OTPSign è il nuovo token USB realizzato attraverso l’innovativa tecnologia ibrida EUTRONSEC-VASCO che unisce tutti i vantaggi dell’autenticazione OTP con le potenzialità offerte dalla tecnologia PKI.
OTPSign è un dispositivo che consente di accedere in modo veloce e protetto ai servizi digitali attraverso i canali telefonico, mobile e Internet, oltre a permettere transazioni sicure e non ripudiabili; il tutto in modo estremamente flessibile, economico e semplice. E’ dunque il prodotto ideale per tutte quelle realtà ed organizzazioni che intendono offrire alla propria clientela accessi multicanale in sicurezza (accessi corporate, accessi sicuri a banche dati, accessi a servizi finanziari, a servizi sanitari, ecc.).
OTPSign è un dispositivo sicuro M2: multicanale e multifunzione:

Multicanale, grazie alla tecnologia ibrida OTP USB che consente accessi sicuri da rete telefonica fissa e mobile, da Internet, nonché da Internet via USB token
Multifunzione, grazie alla tecnologia EUTRONSEC “all-in-one” che abbina alla componente OTP, le funzionalità di smart card crittografica e lettore smart sard congiuntamente alla memoria flash in formato USB.

OTPSign - OTPSign ITSEC-I - PRODUCT FEATURES

Standard ISO 7816 3-4, PKCS#11 v2.11, PC/SC, Microsoft CAPI, S/MIME, IPSec/IKE, X.509 v3

Operating systems Microsoft Windows 98/ME/2000/XP and LINUX

Interoperability Microsoft Internet Explorer, Microsoft Outlook, Lotus Notes 6.0x, Adobe Acrobat, VPN clients and with all applications using the reported standards

Activation and setup of OTP-PKI services
Integrating the OTP component in the existing networks is simple and easy. Any static password can be replaced instantly with the more secure OTPSign-generated dynamic password. You simply start the programming procedure.
With the existing PKI facilities, activation of the device cryptographic component is direct. The device flash memory can contain a CD-ROM partition, enabling simplified installation and configuration of the token.
OTPSign is fully interoperable with the entire Vasco Digipass product family; it works hand-in-hand with Vacman Controller or Vacman Server applications and with other 50 software programs by the main world vendors, thus allowing quick commissioning with low development costs

OTPSign - OTPSign ITSEC-I - TECH SPECS

OTP section

8 character LCD Display
Real time clock on board
Battery life: 5 years minimum
Compatibility with the Digipass VASCO family

USB PKI section

Transfer rate of cryptographic component: up to 115Kbps
Flash memory data reading speed: 18 MB/s
Flash memory data writing speed: 11 MB/s
Power supply: from USB bus (4.5V - 5.5V)

Minimum hardware requirements

Pentium 100MHz or higher
1 USB 1.1 port or higher

ITSEC-I Model
32K EEPROM, RSA 1024 bit cryptography, INFINEON SLE66CX322P cryptographic chip, CardOS 4.01A (ITSEC E4 High certified) or CardOS M4.2B (CC EAL 4+certified) or CardOS M4.3B (CC EAL 4+ certified) Siemens - chip CC EAL 5+ certified

OTPSign - OTPSign ITSEC-I - APPLICATION AREAS

Supported application

HB-Home Banking (antiphishing)
Intranet & Extranet authentication
e-Business security
e-Health security
e-Government security
PKI based application
Strong Authentication
Digital signature
Secure mail
File and disk envryption
Repository for data application

OTPSign is especially suitable for managing any various secure authentication needs, in particular within the Corporate and Banking ambit. The device flexibility makes it suited for handling Web access, remote access, login-LAN, VPN access and PKI authentication in total security.
OTPSign is handy, pocket-sized, light and user-friendly. By pressing the button a univocal one-time-password is displayed on the LCD screen, enabling the multichannel authentication.
The user can therefore be service authenticated instantly through the OTP password, besides carrying out any cryptographic operations required by the service: digital signing, secure data encrypting, non-repudiability and integrity guarantee of data exchanged through the SSL protocol.

Combo technology transforms your security device into a portable "virtual workspace".

Combo technology transforms a security device – the operation of which used to depend on external software applications – into a portable "virtual workspace", by pre-loading on-board the software necessary for its own working, the authentication applications that are used in connection with the device and a series of utilities that make the tool absolutely autonomous from the PC it is connected to.

The most outstanding feature is the possibility to use the device straightaway and on any PC, being guaranteed that no traces are left on the computer, as the flash component contains all the software that the user needs for activating the device and for operating it subsequently.

Thanks to an intelligent profiling system, the devices provided with Combo technology become highly customized tools which can safely store the user’s password, personal profiles and digital credentials.

Download the combo technology brochure

OTPSign - OTPSign ITSEC-P - FOCUS

Multicanale, grazie alla tecnologia ibrida OTP USB che consente accessi sicuri da rete telefonica fissa e mobile, da Internet, nonché da Internet via USB token
Multifunzione, grazie alla tecnologia EUTRONSEC “all-in-one” che abbina alla componente OTP, le funzionalità di smart card crittografica e lettore smart sard congiuntamente alla memoria flash in formato USB.

OTPSign - OTPSign ITSEC-P - PRODUCT FEATURES

OTPSign - OTPSign ITSEC-P - TECH SPECS

OTP section

8 character LCD Display
Real time clock on board
Battery life: 5 years minimum
Compatibility with the Digipass VASCO family

USB PKI section

Transfer rate of cryptographic component: up to 115Kbps
Flash memory data reading speed: 18 MB/s
Flash memory data writing speed: 11 MB/s
Power supply: from USB bus (4.5V - 5.5V)

Minimum hardware requirements

Pentium 100MHz or higher
1 USB 1.1 port or higher

ITSEC-I Model
32K EEPROM, RSA 1024 bit cryptography, PHILIPS P8WE5032 cryptographic chip, G&D StarCOS SPK 2.3 mask – Chip and mask ITSEC E4 High certified

OTPSign - OTPSign ITSEC-P - APPLICATION AREAS

Supported application

HB-Home Banking (antiphishing)
Intranet & Extranet authentication
e-Business security
e-Health security
e-Government security
PKI based application
Strong Authentication
Digital signature
Secure mail
File and disk envryption
Repository for data application

Combo technology transforms your security device into a portable "virtual workspace".

Download the combo technology brochure

OTPSign - OTPSign ITSEC-I-64 - FOCUS

Multicanale, grazie alla tecnologia ibrida OTP USB che consente accessi sicuri da rete telefonica fissa e mobile, da Internet, nonché da Internet via USB token
Multifunzione, grazie alla tecnologia EUTRONSEC “all-in-one” che abbina alla componente OTP, le funzionalità di smart card crittografica e lettore smart sard congiuntamente alla memoria flash in formato USB.

OTPSign - OTPSign ITSEC-I-64 - PRODUCT FEATURES

OTPSign - OTPSign ITSEC-I-64 - TECH SPECS

OTP section

8 character LCD Display
Real time clock on board
Battery life: 5 years minimum
Compatibility with the Digipass VASCO family

USB PKI section

Transfer rate of cryptographic component: up to 115Kbps
Flash memory data reading speed: 18 MB/s
Flash memory data writing speed: 11 MB/s
Power supply: from USB bus (4.5V - 5.5V)

Minimum hardware requirements

Pentium 100MHz or higher
1 USB 1.1 port or higher

ITSEC-I-64
64K EEPROM, RSA 2048 bit cryptography, INFINEON SLE66CX642P cryptographic chip, CardOS M4.3B Siemens mask – Chip CC EAL 5+ certified and mask CC EAL 4+ certified

OTPSign - OTPSign ITSEC-I-64 - APPLICATION AREAS

Supported application

HB-Home Banking (antiphishing)
Intranet & Extranet authentication
e-Business security
e-Health security
e-Government security
PKI based application
Strong Authentication
Digital signature
Secure mail
File and disk envryption
Repository for data application

Combo technology transforms your security device into a portable "virtual workspace".

Download the combo technology brochure

WebOTP - WebOTP - FOCUS

WebOTP è la soluzione dal prezzo assolutamente aggressivo che permette un’autenticazione sicura con un server Web.

La prerogativa principale di questo token è la possibilità di inviare le informazioni di autenticazione tramite la porta USB del computer senza dover installare nessun software e/o driver e senza la necessità di avere privilegi amministrativi.

Al server Web è trasmessa una stringa di autenticazione, che contiene l’identificativo dell’utente e un contatore incrementale, resa estremamente sicura da una doppia criptatura eseguita con algoritmo AES a 256 bit utilizzando prima la chiave privata dell’utente e poi quella del server Web.

WebOTP - WebOTP - PRODUCT FEATURES

The main features of WebOTP that distinguish it from a traditional OTP are as follows:

Usability – The interaction requested to the user is extremely reduced. The user is only requested to insert the device in a USB port upon authentication.

Identification – Besides being authenticated the user is also identified. Therefore it is not necessary to request the user an identifier like a username before authentication.

Secure authentication – Authentication is based on 128 information bits and on the AES 256 bits algorithm. It is therefore almost impossible to carry out a brute force attack.

In WebOTP the authentication is based on the use of the AES 256 bit symmetric cryptography algorithm, as opposed to the common hash algorithm used by traditional OTP devices.
Using a symmetric cryptography algorithm is possible for WebOTP thanks to the USB connection which does not prescribe any length limits in the authentication code. Symmetric cryptography requires operating with an authentication code of at least 128 bits, many more bits than a traditional OTP display with few figures can display.
The advantages of using a symmetric cryptography algorithm during OTP authentication are manifold:

Identification – Besides authentication the user, it is also possible to identify him/her. It is therefore possible for the user to avoid identification upon authentication. By comparison a traditional OTP always demands to know who the user is in advance.

Security – The authentication code contains 128 bit of security information. By comparison, the traditional display-equipped OTP’s use maximum 40 bits, often fewer .

Speed – The authentication check is easy and quick. The authentication server will be submitted to a much reduced workload . By comparison a traditional OTP with hash function requires a process by attempts for guessing the time values or the events used by the device.

Resistance to Brute Force Attack – Given the high security level of the authentication, it is not necessary to block access to the users after a certain number of unsuccessful attempts. By comparison, a traditional OTP is obliged to use block techniques for preventing brute force attacks.

Resistance to DoS Attack – The authentication server is especially proof against Denial Of Service – type attacks, which are programmed for requiring a high number of fictitious authentications in the attempt of blocking user access. The authentication check is very quick also in case of failure. By comparison, with a traditional OTP based on hash function a failed authentication case is always the worst possible event in terms of performance time.

Effective error management – In case of authentication failure, it is possible to know the exact reason of the failure. In particular it is possible to distinguish between errors due to faulty devices and errors due to attack attempts. For instance, it is possible to continue to use a time-based device with a flat battery as if it was an event-based device. By comparison, a traditional OTP with hash function has always got only one type of authentication failure and no further information is possible to infer from the error.

WebOTP - WebOTP - TECH SPECS

Size: 34x16x8 mm
Interconnection: USB 2.0 FullSpeed
Protocol: HID 1.11
Connector: USB Male Type A
Power supply: fed by USB port
Temperature: -20 - +80°C
Humidity: 20-95% relative humidity

WebOTP - WebOTP - SYSTEM REQUIREMENTS

The WebOTP device can be used on every system that is provided with a USB connection.

WebOTP is compatible with major operating system, in particular Windows, Linux e Mac OS X. Also all major web browsers are supported, including Internet Explorer, FireFox, Opera, Mozilla and Safari.

For being operative the system requires no software to install and no special permits are required.

WebOTP - WebOTP - APPLICATION AREAS

Watch the video clip with the product presentation.

WebOTP - WebOTPtime - FOCUS

WebOTPtime utilizza la medesima tecnologia del prodotto base WebOTP con l’aggiunta del fattore tempo nella autenticazione. Il token USB contiene infatti un timer che è sincronizzato con quello del Web server.

Una soluzione ancora più sicura, ideale anche per progetti di home banking.

WebOTP - WebOTPtime - PRODUCT FEATURES

he main features of WebOTP that distinguish it from a traditional OTP are as follows:

Usability – The interaction requested to the user is extremely reduced. The user is only requested to insert the device in a USB port upon authentication.

Identification – Besides being authenticated the user is also identified. Therefore it is not necessary to request the user an identifier like a username before authentication.

Secure authentication – Authentication is based on 128 information bits and on the AES 256 bits algorithm. It is therefore almost impossible to carry out a brute force attack.

In WebOTP the authentication is based on the use of the AES 256 bit symmetric cryptography algorithm, as opposed to the common hash algorithm used by traditional OTP devices.
Using a symmetric cryptography algorithm is possible for WebOTP thanks to the USB connection which does not prescribe any length limits in the authentication code. Symmetric cryptography requires operating with an authentication code of at least 128 bits, many more bits than a traditional OTP display with few figures can display.
The advantages of using a symmetric cryptography algorithm during OTP authentication are manifold:

Identification – Besides authentication the user, it is also possible to identify him/her. It is therefore possible for the user to avoid identification upon authentication. By comparison a traditional OTP always demands to know who the user is in advance.

Security – The authentication code contains 128 bit of security information. By comparison, the traditional display-equipped OTP’s use maximum 40 bits, often fewer .

Speed – The authentication check is easy and quick. The authentication server will be submitted to a much reduced workload . By comparison a traditional OTP with hash function requires a process by attempts for guessing the time values or the events used by the device.

Resistance to Brute Force Attack – Given the high security level of the authentication, it is not necessary to block access to the users after a certain number of unsuccessful attempts. By comparison, a traditional OTP is obliged to use block techniques for preventing brute force attacks.

Resistance to DoS Attack – The authentication server is especially proof against Denial Of Service – type attacks, which are programmed for requiring a high number of fictitious authentications in the attempt of blocking user access. The authentication check is very quick also in case of failure. By comparison, with a traditional OTP based on hash function a failed authentication case is always the worst possible event in terms of performance time.

Effective error management – In case of authentication failure, it is possible to know the exact reason of the failure. In particular it is possible to distinguish between errors due to faulty devices and errors due to attack attempts. For instance, it is possible to continue to use a time-based device with a flat battery as if it was an event-based device. By comparison, a traditional OTP with hash function has always got only one type of authentication failure and no further information is possible to infer from the error.

WebOTP - WebOTPtime - TECH SPECS

Size: 55x20x9 mm
Interconnection: USB 2.0 FullSpeed
Protocol: HID 1.11
Connector: USB Male Type A
Power supply: fed by USB port during operation, by battery for time keeping
Battery life: 5 years
Temperature: -10 - +60°C
Humidity: 20-95% relative humidity

WebOTP - WebOTPtime - SYSTEM REQUIREMENTS

WebOTP - WebOTPtime - APPLICATION AREAS