Manualshelf

User's Manual

ManualsBrandsEUTRONSEC ManualsElectronicsUSB Webidentity
11121314151617181920
19
5 Features
This chapter describes the content and the features provided by WebIdentity for integrating with web-based and client-
server applications.
5.1 Integrated features
The WebIdentityDL device is a secure, portable and user-friendly hardware key with USB interface.
The device is characterized by the following technical specifications:
compliant with the USB specifications (Universal Serial Bus) v2.0 low speed devices and HID 1.11.
equipped with a univocal serial code for each key: each key is individually customized with a factory pre-set
identification code, different for each user.
It runs AES 256 bit On Board.
It implements secure data storage. The token is provided with about 8KB FLASH memory, processor-internal
and externally-accessible only in firmware-controlled mode; besides, no command can modify the serial
number. This architecture prevents (i) the possibility to copy the memory from one token to another (it is not
possible to clone the token), (ii) the direct modification of the memory content.
It implements secure data transmission. The data packets passing through the USB bus are protected with AES
cryptography and each packet includes a random value so as to avoid any possibility to read and identify the
transit commands and information.
It implements the http communication cryptography with the Blowdish algorithm with 256 bit key.
Self-powered: it does not use any internal batteries nor any external power supply.
Figure 5.1 displays the schematic make-up of the WebIdentity hardware token.
USB
Controller
USB
Connector
Type ‘A’
AES 256
Write only memory
Microchip +
Flash
Memory
Figure 5.1 – Make-up of WebIdentity token
The AES 256 on board operations have been designed for ensuring maximum security; indeed during the initialization
phase the AES key is stored in the write-only memory and used on board for AES computation.
As the key is write-only and executable, it is impossible to extract it from the token and therefore to obtain it
unlawfully. Any programs designed for monitoring the data transfer from the token to the PC would not be able to trace
back the symmetric key contained in the token in any way.
The flash memory is inside the WebIdentityDL processor; it can be accessed via the implemented commando, that is, it
is not possible to access data directly; in particular it is not possible to read the AES keys as there is no command that
may carry out such an operation.
Please be reminded that concept of write-only memory with on-board key computation is available also on the
WebIdentity3P model, which does not use the AES algorithm but the Triple DES 2EDE algorithm.