manual
Table Of Contents
- Contents
- Overview
- Situation – Description
- Solution
- Technical Concept
- Conclusion
- Appendix A – Delta Airlines Access Examples
- Appendix B Local Network Logon
- Appendix C – The VASCO VRM & Tokens work with BM
- About VASCO Data Security
•
•
•
•
User-managed passwords are the single largest cause of incorrect authentication
VASCO delivers strong authentication and guarantees data integrity for electronic transactions
by means of the Digipass Family of Tokens. In the concept, we implemented the cures for the
weak areas of authentication and data integrity. To avoid the static nature of passwords, we
needed something that delivered dynamic passwords, was highly portable and flexible to
integrate into any environment and on top of that, not expensive. In other words, we needed
to implement strong security with a maximum of flexibility and a minimal total cost of
ownership. We considered security to be a trade-off between: security, flexibility, price and
ease of use and therefore developed the Digipass tokens.
What is a Digipass token?
A Digipass token is a handheld device that calculates dynamic passwords, also known as One
Time Passwords (OTP), for the positive authentication of a user on a remote system. It is also
able to calculate digital signatures also known as electronic signatures, or Message
Authentication Codes (MAC), to protect electronic transactions and guarantee the integrity of
the contents of these transactions.
The calculation of these OTP’s and MAC’s is based upon the publicly available Data
Encryption Standard (DES) algorithm. The DES algorithm is proven to be strong in
numerous fields of application by renowned institutions and industry leading companies. To
provide an even higher level of security the Triple DES algorithm is supported as well.
Security has three factors:
What you have (the Digipass token itself)
What you know (the PIN code to activate the Digipass token)
Who you are (biometrics, voice, retina scan, fingerprint, etc.)
Since the biometrics industry today is still in the development stage and products in this area
tend to be extremely expensive, we based the Digipass Family of tokens on the first two
factors of the list. This means that in order to enter a remote system or to digitally sign data
you need the hardware device itself (factor 1). This means that if you do not physically have
the token you will never be able to log on to the system. On top of that you need to know the
PIN code for the token (factor 2), to be able to use the applications stored inside. Both of
these factors help to make sure that a physical person is authenticating or signing instead of a
computer or another device.
These factors also enable extremely high portability. Therefore, we say that you can use a
Digipass token Anytime, Anywhere and Anyhow.
Technical Description
In the technical description on our Digipass Family of tokens we will elaborate on the three
(3) most frequently used implementation modes of the DES algorithm in conjunction with
www.vasco.com ∙ Using Digipass Strong User Authentication with Novell NMAS and ICHAIN ∙ 7