Comparing ePass with other security devices
|
ePass - the ultimate authentication technology |
| Function |
ePass 1000 |
ePass 2000 |
ePass 3000 |
Smart cards |
OTP's |
Biometric
Devices
|
| Security Level |
2 |
3 |
3 |
3 |
2 |
3 |
| Multiple Application Support |
3 |
3 |
3 |
3 |
1 |
2 |
| Ease of Deployment |
3 |
3 |
3 |
1 |
2 |
1 |
| Standard PKI Support |
3 |
3 |
3 |
3 |
1 |
1 |
| Portability |
3 |
3 |
3 |
2 |
3 |
1 |
| Durability |
3 |
3 |
3 |
2 |
2 |
1 |
Superior : 3, Average : 2, Poor : 1
top
ePass Architecture
1. Security States :
The ePass supports a three level security structure : Security Officer (SO), User and Guest.
| Security Officer (SO) State |
SO is the most privileged security state. SO requires a Personal Identification Number (PIN). This state allows changes to sensitive parameter settings and token initialization. If the ePass SO PIN is lost or forgotten it cannot be retrieved. In that case the device must be returned to ROCKEY where it will be reset to factory defaults. |
| User State |
The User State also requires entry of a PIN. ePass may be configured to allow a user to reset or change the User PIN. Personal information stored in ePass is normally accessed in the User State. There is a hardware counter in ePass to track user logon failure. The counter decrements each time the user fails at an attempt to log onto ePass. The user is locked out of ePass if the counter decrements to zero. The SO PIN would then be needed to reset the hardware counter. |
| Guest State |
The Guest State is the default state for access to ePass. Guest state allows read-only access to public information only. |
top
2. Device Attributes :
| Serial Number |
Each ePass unit has a 64-bit globally unique serial number. The serial number is burned into the unit at the factory and may be used by applications for quick reference to a specific unit. |
| LED |
Each ePass is equipped with a Light Emitting Diode (LED) that can be controlled by applications. |
| Access Control |
ePass supports Global Access Control. which defines access rights required for device command and retrieve functions. Global Access Control applies to all directories under the root directory. There are two access control : Create and Delete. |
top
3. Cryptographic Service :
| Hardware Random number Generator |
Both ePass1000 and 2000 can generate random numbers in hardware. Random numbers may be used when creating authentication digest code as well as seed for other cryptographic functions. |
| Hardware Encryption |
ePass1000 support MD5 algorithm whereas ePass2000 support 1024-bit RSA (signing and verification), DES and 3DES, SHA-1 and MD5. The keys are secure because the essential algorithms are performed in hardware. |
| MD5 HMAC |
Although much more reliable than simple checksum methods, MD5 does not provide a data integrity check because anyone can alter the input data and generate a corresponding output digest. Obviously, the hashed value needs to be protected. That is the target of the Hashed Message Authenticate Code (HMAC). HMAC can be used with the MD5 hash algorithm and a secret key to authenticate a message or collection of data. both ePass supports this industry standard method to provide a secure way for end users or applications to be authenticated without exposing their secret keys. |
| Hardware Key Pair Generation |
The key pair is generated in the ePass hardware. The big prime number used to generate keys is generated by a real random number generator on the chip. |
| Multi-level Access |
Both ePass have built-in file system which can be fully managed from the API library. ePass1000 support 2 levels security whereas ePass2000 support upto 16 levels. |
| Secure Storage Space |
Both ePass utilises a powerful processor that built with in-chip storage for firmware and data. This design is very secure because critical data and low level instruction sets are never leave the tokens. |
top |
