 |
|
|
SecureKeyAgent is a Microsoft Windows application designed to be a private security container for public/private keys used by SecureNetTerm and SecureFTP.
The key agent runs as a program in the windows tray, and provides digital certificate and SSH public/private key authentication support. It supports disk based SSH keys and well as those contained on smart cards, USB tokens,
and within the Microsoft browser certificate store for the TLS, SSH-1 and SSH-2 protocols.
Requests for RSA private key authentication for those keys located on a smart card or USB token in done by the device itself, the private key never leaves the device.
The agent supports the SSH agent forwarding protocol, thus allowing all private keys to reside on the users workstation or within a smart card or USB token.
SecureKeyAgent supports SSH private keys created by SecureNetTerm, SecureFTP, Putty and those created by the SSH Data Communication SSH client. If a SSH private key or certificate is passphrase protected, the passphrase
is requested upon the initial startup of SecureKeyAgent. The agent has the ability to export the
|
|
|
|
public key of a SSH disk based key, the public key of a certificate, and the certificate itself for uploading to the host.
SecureKeyAgent has been tested with all the smart cards and USB tokens supported by the Microsoft browser. The following is a summary of the benefits and abilities of these devices.
|
|
|
|
|
From the point of view of physical security, the USB token is a more ruggedised solution, with all the critical components covered with an outer frame, whereas all the smart card components are exposed.
The card is seen as easily damaged, with the electronics more exposed to tampering. The iButton device, from Dallas Semiconductor, is adverstised as an "Armored steel computer chip for everyday wear and tear".
|
|
|
|
|
|
|
|
|
|
|
|
From the PKI perspective, the Rainbow iKey2000 in particular has been specifically produced to work with all the main PKI vendors and features the PKCS-11libraries, Entrust libraries, MS-CAPI and is compatible with Baltimore, Entrust,
Xcert, and Verisign.
Adherance to the PKCS-11 and MS-CAPI standards enable access to these devices over the Internet.
Examples of this type of access can be found at the Aladdin eToken site, and of course all the major PKI vendors have the ability to generate the public/private keys for a digital certificate directly on the device with HTML scripting. A major advantage is that the RSA private key is generated on the device and never leaves it. Digital certificates can be ordered online and placed on the device in a matter of minutes. The GemPlus site provides an excellent example of the ability to issue a digital certificate online, for access to company protected data using standard browsers. Corporations that produce and manage their own certificates can grant/revoke access to critical applications/data in a matter of minutes.
|
|
|
|
 |
|
|
|
Identify Yourself
|
|
|
|
A digital identity can be achieved through the use of a two-factor authentication process: something you have and something you know. The something you have could take various forms, i.e. a smart card or token; the something you
know is the PIN.
The authentication information is never removed from the smart card or token and passed across the network, thereby ensuring a far higher level of security. The Aladdin eToken is also available in various colors, and access to the color is available electronically. This can be a very visual and effective way to provide different levels of access to sensitive areas/data.
However, as well as a smart card or tokens are as a method of security, they also benefit from network administration with single sign-on and sign-off advantage, saving the administrator valuable time should the user's access change.
|
|
|
|
|
|
|
|
What is a Digital Certificate?
|
|
|
|
A digital certificate is a set of electronic credentials that uniquely identify an individual. There are two parts to a digital certificate: a private key and a certificate.
Your private key is the piece of information that
uniquely identifies you within the Public Key Infrastructure. Anyone who has access to the private key can impersonate you without detection. An impersonator can read eyes-only messages or sign documents as you. As a result, it is
important to keep the private key secure. This is the main benefit of these devices. They serve as an impenetrable safe for the private key, ensuring that only the intended user has access to it. The private key can be generated
on-board and never leaves the device for signing and encryption operations.
The certificate is the public part of your digital certificate. It contains your name and other identifying information. It also contains the public
key, which is mathematically related to the private key. Using your certificate, other people can verify that you hold your private key, and therefore, must really be who you say you are.
|
|
|
|
|
|
|
|
Biometric Fingerprint Devices
|
|
|
these devices for authentication provides far greater security to the average business than was possible just a few years ago. SecureKeyAgent, combined with SecureNetTerm provides state of the
art communications, encryption and authentication for the client/server environment today.
Contact InterSoft International, Inc. for additional information.
|
|
|
|
|
|
|
Did you know security breaches cost companies $375 billion per year?
|
|
|
|
Today, SecureKeyAgent uses state-of-the-art hardware and software to ensure that the person accessing your confidential data is authorized, legitimate, and securely connected.
|
|
|
|
Issue #1: Is the person accessing our data who they claim to be?
|
|
|
|
SecureKeyAgent allows you to establish and confirm a users’ digital identity. A digital identity can be achieved through the use of a two-factor authentication process: 1) something you have and 2) something you know. The ‘something
you have’ can take the form of a smart card or token while the ‘something you know’ is the remote users personal identification number (PIN).
SecureKeyAgent supports disk based SSH Keys as well as external readers through its Smart Card/USB token manager. These devices ensure that the person sitting at the computer has the authority to access the system. The software
supports all the leading Smart Card / USB tokens using the RSA PKCS-11 standard. New external readers coming on the market (supported by SecureKeyAgent) include finger print verification to further enhance your security.
|
|
|
|
Issue #2: Is their connection secure?
|
|
|
|
Yes. SecureKeyAgent contains an SSH key agent that ensures that all traffic between the host and SecureNetTerm is kept secure via private key authentication over the secured SSH connections.
SecureKeyAgent, combined with SecureNetTerm provides state of the art communications, encryption and authentication for most client/server environments in use today.
|
|
|
|
Issue #3: Can this solution work in my environment?
|
|
|
|
Although SecureKeyAgent was designed primarily for use with SecureNetTerm, it can also be used as a standalone application for the management of PKCS-11 compliant Smart Card / USB tokens.
SecureKey Agent also works well with current applications such as browsers and email clients. Each application establishes its own unique session to obtain access to the Smart Card or USB token.
Smart Cards and tokens also help with network administration. Single sign-on and sign-off features save administrators valuable time should a user’s access privileges change.
SecureKeyAgent has been tested with the iButton Java 2 token, Aladdin eToken R2/PRO, RainBow iKey 2000 series, and the GemPlus GemSAFE smart card.
Bottom line: SecureKeyAgent is all you need to ensure that your data stays in the hands of the people you authorize to
use it.
|
|
|
|
