Authentication Tokens

The advanced smart-card technology is provided by the highly visionary developer of integrated tokens, the German company, Giesecke & Devrient (G&D, www.gi-de.com). G&D is a leading developer of smart-card technologies for credit cards, access cards, and personal identification (PIV) cards. Giritech has worked closely with G&D to ensure that G&D’s new generation of secure authentication, memory and encryption devices supports the functionality of G/On. Although G/On 5’s plug-in architecture will enable the support of multiple different tokens, G/On 5 is developed specifically to support G&D’s series of smart-card based tokens called G&D StarSign© Mobility Token.

Currently, G/On 5 supports two G&D tokens and it is the intent of Giritech and G&D to support all of the G&D StarSign Mobility Tokens in the 2010-2011 time frame.

G/On Authentication Tokens with smart card

G/On MicroSmart 1GB

Based on Giesecke & Devrient StarSign® Mobile Security Card. This device is a standard microSD flash
memory card combined with an additional integrated smart-card chip that is used by G/On for authentication.

The flash memory is used for the storage of the G/On client software and associated application clients and data. The G/On microSD supports Windows, Mac, and Linux and can be used in mobile devices such as high speed broadband modems (e.g. USBConnect QUALCOMM 3G or HUAWEI Mobile Connect Modem E180 used by mobile carriers around the world), Laptops, PDAs and other mobile devices with a microSD interface. The G/On MicroSmart operates without any installation of drivers and doesn’t require administrator rights on the device thus reducing costs for implementation, support and help desks.

G/On USB

MicroSmart 1GB

(based on Giesecke & Devrient StarSign® Mobility Token µSD). This G/On USB device offers a high degree of mobility, versatility and convenience as it supports Windows, Mac, and Linux based devices with a USB port. It uses the same integrated smart- card and microSD flash memory for storage as the G/On MicroSmart but is housed in an adapter specially built for the higher heat emission of this special microSD card. The G/On USB MicroSmart requires no installation of drivers and can be used on any PC and does not require administrative rights.

G/On Authentication Tokens without smart card

G/On USB H4 1GB (Windows Only!)

Based on Hagiwara UDRW G3 technology. This Windows Only USB device contains flash memory, a separate CD-ROM partition, and a hidden memory zone accessible only to the G/On Server. The device offers automatic launch of the G/On Windows client without any prior

installation or administrator rights, storage of G/On Client software on write protected CD partition and read/write memory for storage of data and application clients. Authentication functionality is based on a private key stored in a hidden memory zone. G/On USB H3 1GB was the standard token device used with earlier generations of G/On.

G/On 5 also supports the previous generation H2 (128 MB) of the Hagiwara USB Tokens. However, G/On 5 does not support the first generation, H1 (64 MB) of the Hagiwara Tokens used for the very first versions of G/On.

G/On Computer User Token (Windows Only!)

This special token makes it possible to use personal laptops or other personal computing devices as G/On authentication factors. The G/On Computer User Token stores its private keys in a registry entry for the specific user account on the computer and uses the MAC address of the enabled network adapters to link the private key to the computer.

This option is particular valuable in these scenarios:

1. Businesses that are already providing personal laptops to employees and staff can use these devices as the hardware authentication factor in addition to user name and password. The company saves the cost of separate authentication tokens and the logistics of managing these tokens. From a user perspective, the hardware part of the two-factor authentication becomes totally transparent.
2. Schools, colleges, and universities are more and more relying on students and staff using their own laptops for studies and work. The G/On Device Token enables the schools to allow students and staff to use these personal devices for secure access to campus network. Forcing two-factor authentication is critical in these environments for secure identification of user, the device and the resources that are accessed. The G/On administrator can from one centralized tool manage, control, and document who has access to what. G/On’s Windows, Mac and Linux clients supports the most popular devices used in the educational sector today.

G/On Mobile Token (iPad and iPhone)

An iPad and an iPhone can to a very large degree be considered a personal device and, hence, it can be used as a personal authentication token. The Mobile Token stores its private key in a secured area on the iPad and iPhone and uses a unique device identification number to link the private key to the iOS device.The Mobile Token is enrolled on the G/On Server and provides two-factor authentication together with userid and password.

Use of the iPad and iPhone as authentication tokens provide a superior and convenient user experience and the IT administrator can quickly deny access for the device in case it is lost or stolen.

G/On SoftToken

In addition to hardware based authentication tokens, G/On 5 also supports software based tokens. G/On SoftToken is a challenge-response based authentication using public key cryptography but without the need for a X.509 based Public Key Infrastructure (PKI). The soft-token is generated by the G/On Server and allows authentication of users from a wide range of hardware devices. Note: Like other soft-token based solutions, the G/On SoftToken is not tied to the hardware device and should normally only be used on trusted hardware devices (computers, USB keys, external storage devices etc.). Please notice: SoftTokens MUST be stored on removable drives and devices.

Planned G/On Hardware Authentication Tokens (availability pending):

G/On USB SafeSmart 1GB (pending)

Based on Giesecke & Devrient StarSign® Mobility Token Classic. This USB device contains flash memory, a separate CD-ROM partition, a flash controller supporting data encryption, and a smart-card and supports Windows, Mac and Linux. Provided the ability of the operating systems, this device offers automatic launch of the G/On client without any prior installation or administrator rights. The G/On USB SafeSmart permits automatic encryption of data stored on the token fully transparent to the user and the smart-card ensures the security of the identities stored on the token. In one single device, the G/On USB SafeSmart offers protection of data in transit as well as at rest.

G/On USB MultiSmart 1GB (pending)

Based on Giesecke & Devrient StarSign® Mobility Token ID1. This device provides the ultimate secure access solution by combining G/On with existing smart-cards for Personal Identity Verification (PIV) and supports Windows, Mac and Linux. Chip cards in ID1 format can be inserted into the device and be

used as G/On authentication. A second smart-card is included and can be used for authentication of the device in the case the PIV card issuer does not provide software access. The G/On USB MultiSmart functions as a user-friendly, driverless card reader in mini format and includes flash memory, hardware data encryption, CD-ROM partition, and an ARM7 processor. Except for drivers potentially required by the PIV card, the device itself requires no driver installation and does not require administrative rights on the PC.

Available G/On 5 Authentication Token overview

Top of Page