CRYPTOCard is a two-factor authentication platform in which users can authenticate themselves to Web servers, operating systems, and VPNs via a one-time-password based mechanism. With CRYPTOCard, users carry with them a token (multiple types of tokens are supported, including hardware and software) that generates a one-time-password (OTP) code that can be used in combination with the user's memorized PIN (in some cases the users must enter their PIN to actually retrieve the OTP) to authenticate to their systems. This password is valid only for that first use; after which it will no longer work.

The two primary components of a CRYPTOCard deployment are the CRYPTO-Server, which provides the centralized authentication mechanism for the network; and the CRYPTOCard tokens, which the users carry with them in order to retrieve OTPs.

The CRYPTO-Server is offered for Windows, Mac, and Linux (SLES 9 and Red Hat) servers and is itself managed via the CRYPTO-Console, an administration interface that provides token management, initialization, server licensing, and reporting functions. CRYPTO-Server is modularized (all modules are installed by default) with the core server module handling the authentication requests received from the Protocol Server Module as well as the token management, reporting, directory access, database access, and housekeeping functions. A separate Protocol Server Module provides the communicational interface to 3rd party gear (including RADIUS, HTTP/HTTPS, CAP, and MSCHAPv2); while the database connector and the LDAP connector handle communications with the database repository (which holds token data and potentially end user information) and LDAP directories, respectively. The product uses MySQL by default; but the vendor notes that several other databases are supported. And if LDAP is not used, an internal directory is created in the DB to store the necessary user information.

CRYPTO-Server provides components allowing for the use of the two-factor authentication tokens in system logins, VPN connections, and Web Server (both Apache and IIS modules are available) communications.

On the user's side, tokens are available that generate the OTPs needed to authenticate to a CRYPTOCard-enabled network.

Available hardware tokens include the vendor's key chain token, which generates the OTP when a button is pressed on the device (the user either appends or prepends their PIN to the passcode), or a calculator style device in which the user must enter their PIN in order to retrieve the PIN. Both of these devices can be purchased as preprogrammed, ready to use devices; or as uninitialized, programmable formats in which multiple parameters such as encryption level, key length, and authentication mode (event synchronous/challenge response) can be specified. When tokens are purchased uninitialized, additional initializer hardware components must also be purchased; these initializers are used in combination with the CRYPTO-Server and attach via serial or USB connections.

Software tokens are software components that are loaded directly on portable devices, enabling them to be used to generate OTPs. They support deployment on Smart Cards (64K Java), USB dongles, or on computers/PDAs (Windows 98/2000/2003/XP/XP Pro, Red Hat Linux Enterprise 3/4, SLES 9, Mac OS X 10.3/10.4, and PDAs running PocketPC).

Rounding out the vendor's product set are the CRYPTOCard developer APIs, which allow developers to integrate CRYPTOCard based authentication into their own applications.

New to the CRYPTOCard arsenal are an updated Mac OS X server with "Universal" support (Intel or Power PC) and software token support for BlackBerry handhelds.

5-token starter kits (either 5 of the same type of token or mixed token samplers) for the CYPRTOCard platform include the CRYPTO-Server and are available starting at $499. a 25 user license for the server is priced at $1,249; and a free (5 user) evaluation version is also available.

Visit the CRYPTOCard Web site for further information.