DIGIPASS

DIGIPASS is a two-factor authentication platform that allows users to authenticate themselves to systems (such as DIGIPASS-enabled Internet banking or E-commerce sites) using IDs generated by handheld hardware devices. The system is based on the combination of hardware tokens possessed by the user and software authentication tools on the server-side that recognize the generated identification keys generated by the user tokens.

In brief: a user authenticates to a DIGIPASS-enabled system by supplying their user ID in combination with a one-time password that is generated on-the-fly by the hardware token they possess. Alternate identification schemes include challenge/response mechanisms, where the server generates a specific code that is entered on the hardware device, with a coded response then presented on the device that the user sends back to the waiting server; or a digital signature process wherein the user enters multiple pieces of transaction information pertaining to the task they are performing (such as part number, quantity, and dollar amount in an E-commerce transaction) and the hardware device generates a unique code that can be confirmed by the server. In all cases, the server software is able to recognize the provided ID as generated by the hardware device as false or genuine, allowing for identification based both on the user's known ID and the hardware device they possess. Access by the user to the device itself can also be protected via a user PIN.

The tokens themselves--called Digipass tokens--are offered by the vendor in a variety of flavors; from small single-button keychain devices that generate one-time passwords, to full sized handheld devices with complete numeric keypads and support for smartcards. Additionally, the vendor offers Pocket PC, Palm, JavaPhone, and Windows based software implementations allowing for software generation of one-time identification keys on existing PCs or handhelds; a "Virtual Digipass" process in which the server component sends the IDs to the user via SMS messaging; and Digipass for WEB (DP4WEB), in which the user registers online and receives a secure login applet (Java-based) and a cookie that stores their DIGIPASS secret on their PC itself.

Of note in the Digipass token line is the waterproof Digipass Go 7, billed by the vendor as the smallest Digipass in the Go series (< 10mm, weight half-an-ounce) and specifically designed so that it could be mailed using regular postage fees; and the newest entry in the line, the Digipass 850. The Digipass 850 is a smart card reader that replaces the Digipass 800. It supports usage in both connected and unconnected modes: When unconnected, it works as an EMV-CAP reader and provides OTP and E-signature features; and when connected (USB) it allows PIN entry and PIN changes as well as the ability to download applications onto the reader.

On the server side, the vendor offers the VACMAN line of tools for integrating DIGIPASS functionality within applications and platforms, and the Identikey Server which itself is based on VACMAN technology and available as a stand alone server application that can be integrated with existing applications via RADIUS and/or SOAP APIs. The VACMAN Middleware operates as somewhat of a DIGIPASS-enabled proxy between end users and existing authentication systems; while the VACMAN Controller is an API allowing for the implementation of DIGIPASS functions within custom applications.

Also available from the vendor is the aXs GUARD line of authentication appliances, the result of VASCO's acquisition of Able N.V. aXs GUARD leverages the VACMAN technology, is deployed between the LAN and the Internet, and is offered in two general flavors: The aXs Guard Identifier, which provides standalone DIGIPASS authentication and is offered in three models with scaled performance for SMEs; and the aXs Guard Gatekeeper, which includes support for DIGIPASS authentication as well as supports the mix-and-match, customer-selected loading of over 20 modules providing individual security features such as anti-virus, anti-spam, intrusion detection, remote access, SSL-VPN, etc. The aXs Guard Gatekeeper is currently offered in multiple models, with various interface options including 10/100/1000 Ethernet, ADSL over analog PSTN/ISDN line, or dual 10/100 Ethernet.

The DIGIPASS product line is available now. Contact VASCO for further information.