Our Approach to PKI

PKI Technology is based on Keys - Private and Public key pairs. We discuss PKI technology in full detail somewhere else in this website. At this point it suffices to know that we get the keys from either Thales or SafeNet HSM. As a corporate policy we always store the master encryption keys back in the HSM. For dedicated deployments we use PCIe HSMs cards but for large orgnizations or high key demand scenarios the "Bill of Materials" will specify LAN HSMs instead. These are general purpose HSMs as opposed to payment HSMs

The most secure data security solutions must combine software and hardware. The hardware is necessary and needed to make it harder for the intruder to break or replace the security built-in. Hardware adds another level of difficulty, a major difficulty for the intruder to surmount. The main idea behind most security schemes is to make it hard enough that the intruder for whatever reason sees futility in his or her effort at breaking the system so he or she gives up.

The Trust Token®

The Trust Token® is a smartcard chip technology embedded with a secure element. The interface is USB for versatility without compromising security of smartcard technology. The Token features Hardware- Secured Key Management and Storage.

Cryptographic Algorithm supported include: DES, 3DES, AES128/192/256, SHA-1, SHA-256, SHA-384, SHA-512 and MD5. The Token is well suited to the most demanding smartcard based authentication.

Minimal Cost PKI Deployment

Our minimal cost PKI deployment requires a Microsoft Windows environment with Active Directory and Certificate Services installed. Our personnel will certify your environment or install these components as part of the deployment.

The Trust Token interfaces seamlessly with Microsoft Windows Plug and Play driverless environment operating simply as a standard smart card with no driver required in the Windows environment.

We have the option to serve the keys to our customers via secure web servers as an alternative to purchasing an HSM. In all cases, however, the keys come from an HSM.

Trust Token® Specification

  • FIPS 140 - 2 Level 3 and EAL4+ compliant.
  • 32 bit High Performance Smartcard Processor - competitive processing power to ensure speedy key pair generation, encryption/decryption, key signing, and document signature validation.
  • 128K User Memory, 2MB Flash Memory- ample enough for storing certificates, keys and other sensitive data.
  • All credentials stored inside the Trust Token are encrypted and cannot be exported.
  • The USB interface is protected from packet sniffing.
  • Like in other smart cards encryption/ decryption processes take place on board the token within the secure element.
  • C and Java APIs can be made available for integration use by your in-house applications developers if required.

Other Use Cases

Once installed, the Trust Token can be used corporate-wide to sign-in to or access secure networks, sign emails, sign Microsoft Office documents, authenticate VPN access and to sign Adobe format (pdf) documents.

The Trust Token can be used as a tool to partly implement items in your Corporate Security Policy Document.

The Web of Trusts, Certificates and Authentication

Your organization will eventually use or need to manage a lot of certificates and keys. There are registered organizations who are recognized and currently issue certificates for identification on the web - SSL Certifcate Providers. Their certificates are recognized by all the browsers and manufacturers of Operating Systems. People often refer to them as Public Certificate Authorities (CA) but really they are Certificate Issuing Companies or Registrars .

Technically the servers that generate the certificates are the Certificate Authorities - Root CA, Policy CA etc. There is more on CAs elsewhere on this website

A business organization will in future typically deploy and manage a large number of certificates. Will you purchase all of those from recognized Public CAs? It would not be economical to order every certificate from a Public Certificate Authority (CA). Your organization will have to self-issue some certificates.

Call us for the details or register for our training course titltled "Introdution to PKI and Certificate Management"

Order your pack of Trust Tokens today. There is a minimum order quantity of fifty units.

These are ready to use, plug and play in a Microsoft Windows server environment. Call us today for Pricing!

Head Office

Data & Scientific

160 Sheppard Ave. West

North York, Ontario M2N 1M8

Canada.

General Inquiries: +1 416-360-0133

Sales: +1 888-830-5299

Technical Support: +1 416-360-0133

Fax : +1 416-360-0501

E-mail : info@datasci.net

International Offices

USA

Buffalo, New York

Nigeria

Area 11, Abuja