EUTRONSEC S p A AAF CLASS B COMPUTING DEVICE PERIPHERAL User Manual OTPSign Combo Overview v1 0 1

EUTRONSEC S.p.A. CLASS B COMPUTING DEVICE PERIPHERAL OTPSign Combo Overview v1 0 1

UserManual.wiki >

EUTRONSEC S p A >

AAF User Manual

Users Manual

Overview version 1.0.1

EUTRON Infosecurity - Key Solutions for IT Security Tel. +39 035 - 6970.80 Fax: +39 035 - 6970.92 Via Gandhi 12 - I-24048 Treviolo (Bergamo) e-mail: info@eutron.com web: www.eutron.com/infosecurity © Copyright 2006 by Eutron Infosecurity S.r.l.- Italy - 24048 Treviolo BG Via Gandhi, 12 © 2006 Eutron Infosecurity S.r.l. All rights reserved The names of the other products mentioned are trademarks of their respective owners. This hardware key is in compliance with the following test specification: CEI EN 61000-4-2; CEI EN 61000-4-3; CISPR22 as required by: CEI EN 61000-6-1, CEI EN 61000-6-2, CEI EN 61000-6-3, CEI EN 61000-6-4 which are specified for the following test: • “ESD Immunity test” • “Radiated radio-frequency and electromagnetic field immunity test” • “Radiated Emission Verification” In compliance with the “Essential Requisites” for the EMC Directive 89/336/EEC. FCC ID: TFC-AAF EUTRON Infosecurity S.r.l. OTPSign Combo (1) Supply: 5V DC Absorption: 250 mA This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: - Reorient or relocate the receiving antenna. - Increase the separation between the equipment and receiver. - Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. - Consult the dealer or an experienced radio/TV technician for help. Caution: changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. 1 The models subjected to this mark are the following: OTPSign Combo ITSEC-I , OTPSign Combo ITSEC-P and OTPSign Combo FIPS.

EUTRON Infosecurity - Key Solutions for IT Security Tel. +39 035 - 6970.80 Fax: +39 035 - 6970.92 Via Gandhi 12 - I-24048 Treviolo (Bergamo) e-mail: info@eutron.com web: www.eutron.com/infosecurity IMPORTANT REMARKS Due to the limited space on the product shell, all FCC certification references are on this technical manual. Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

EUTRON Infosecurity - Key Solutions for IT Security Tel. +39 035 - 6970.80 Fax: +39 035 - 6970.92 Via Gandhi 12 - I-24048 Treviolo (Bergamo) e-mail: info@eutron.com web: www.eutron.com/infosecurity 1. Introduction OTPSign Combo is an “all-in-one” device in a USB key, which offers the following functions: OTP + Smart Card + USB memory OTPSign Combo is the new USB token realized by applying the innovatory EUTRON-VASCO hybrid technology that combines the advantages of OTP authentication with the potential offered by PKI technology. OTPSign Combo is a device that enables accessing the digital services quickly and safely through the telephone, mobile and Internet channels, besides allowing secure and non-repudiable transactions; it is therefore an extremely flexible, inexpensive and simple solution. This product is ideal for all those entities and organizations that intend to offer their customers secure multichannel accesses to corporate archives, bank data, financial services, health services et cetera). OTPSign Combo is an M2 secure device: multichannel and multipurpose: • Multichannel, thanks to the OTP USB hybrid technology that allows secure access from the fixed and mobile telephone network, from the Internet and via Internet through the USB token • Multipurpose, thanks to the EUTRON «all-in-one» technology which combines the OTP component with the smart card cryptography function and the smart card reader, jointly with the USB format flash memory. 2. Main functionalities OTP Functionalities • One-Time-Password authentication • Button-operated OTP generation • OTP Encryption: Time synchronous / Time and Event synchronous • Compatibility with the whole Digipass VASCO family PKI Functionalities • Signature and on-board generation of the 1024 bit RSA key pair • X 509 v3 certificates and secure key storage • PIN for private key protection USB memory functionalities

EUTRON Infosecurity - Key Solutions for IT Security Tel. +39 035 - 6970.80 Fax: +39 035 - 6970.92 Via Gandhi 12 - I-24048 Treviolo (Bergamo) e-mail: info@eutron.com web: www.eutron.com/infosecurity • Flash Memory: 128 MB – 256MB – 512 MB – 1 GB – 2 GB – 4 GB • Standard Mass Storage • CD-ROM with autorun function • Encrypted Mass Storage, with AES 256 bit • Write-protected Mass Storage (read-only partition) 3. Models • ITSEC-I with 32K EEPROM, RSA 1024 bit cryptography, INFINEON SLE66CX322P cryptographic chip, CardOS 4.01A (ITSEC E4 High certified) or CardOS M4.2B (CC EAL 4+certified) or CardOS M4.3B (CC EAL 4+ certified) Siemens - chip CC EAL 5+ certified • ITSEC-I-64 with 64K EEPROM, RSA 2048 bit cryptography, INFINEON SLE66CX642P cryptographic chip, CardOS M4.3B Siemens mask – Chip CC EAL 5+ certified and mask CC EAL 4+ certified • ITSEC-P with 32K EEPROM, RSA 1024 bit cryptography, PHILIPS P8WE5032 cryptographic chip, G&D StarCOS SPK 2.3 mask – Chip and mask ITSEC E4 High certified • FIPS with 32K EEPROM, RSA 1024 bit cryptography, PHILIPS P8WE5032 cryptographic chip, G&D StarCOS SPK 2.4 mask 4. Specifications Standard ISO 7816 3-4, PKCS#11 v2.11, PC/SC, Microsoft CAPI, S/MIME, IPSec/IKE, X.509 v3 Operating systems Microsoft Windows 98/ME/2000/XP and LINUX Interoperability Microsoft Internet Explorer, Microsoft Outlook, Lotus Notes 6.0x, Adobe Acrobat, VPN clients and with all applications using the reported standards 5. Technical specifications OTP section • 8 character LCD Display • Real time clock on board • Battery life: 5 years minimum • Compatibility with the Digipass VASCO family USB PKI section • Transfer rate of cryptographic component: up to 115Kbps • Flash memory data reading speed: 18 MB/s • Flash memory data writing speed: 11 MB/s • Power supply: from USB bus (4.5V - 5.5V) Minimum hardware requirements • Pentium 100MHz or higher • 1 USB 1.1 port or higher 6. Activation and setup of OTP-PKI services Integrating the OTP component in the existing networks is simple and easy. Any static password can be replaced instantly with the more secure OTPSign Combo-generated dynamic password. You simply start the programming procedure. With the existing PKI facilities, activation of the device cryptographic component is direct. The device flash memory can contain a CD-ROM partition, enabling simplified installation and configuration of the token.

EUTRON Infosecurity - Key Solutions for IT Security Tel. +39 035 - 6970.80 Fax: +39 035 - 6970.92 Via Gandhi 12 - I-24048 Treviolo (Bergamo) e-mail: info@eutron.com web: www.eutron.com/infosecurity OTPSign Combo is fully interoperable with the entire Vasco Digipass product family; it works hand-in-hand with Vacman Controller or Vacman Server applications and with other 50 software programs by the main world vendors, thus allowing quick commissioning with low development costs. 7. Operation scope and usability OTPSign Combo is especially suitable for managing any various secure authentication needs, in particular within the Corporate and Banking ambit. The device flexibility makes it suited for handling Web access, remote access, login-LAN, VPN access and PKI authentication in total security. OTPSign Combo is handy, pocket-sized, light and user-friendly. By pressing the button a univocal one-time-password is displayed on the LCD screen, enabling the multichannel authentication. The user can therefore be service authenticated instantly through the OTP password, besides carrying out any cryptographic operations required by the service: digital signing, secure data encrypting, non-repudiability and integrity guarantee of data exchanged through the SSL protocol. OTPSign Combo is also the ideal token for home banking: it provides the fulfilment, longed-for by banking services in particular, which are under various informational attacks and risks (“phising” especially), of the need for simple, effective and really secure authentication and transactions; it also meets the wish of the most important banks to offer their Clients on-line top-quality services.

Navigation menu