SanDisk TrustedSignins User Manual

TrustedSignins™from SanDisk

Easy to Buy, Easy to Use

For many years, an account name and unchanging (or infrequently changing) password have been used to gain telephone or online access to an individual’s bank, brokerage, or other accounts. But account names aren’t necessarily private and passwords can be stolen, guessed, or even shared. In fact, with the dozens of account names and passwords that people need to remember, many of them get written down.

This has been considered an acceptable risk—until now—when many governments are mandating the use of tokens that generate a one-time password for financial transactions and companies and

g sites are now encouraging their use as well. Unfortunately,

gamin your customers and employees soon may find themselves with a necklace of tokens—one for each site or account—that except for granting access can’t do anything else. And that leads to dissatisfaction. TrustedSignins supports multiple virtual tokens that can be used to authenticate to hundreds of institutions.

Partnering With the Best

ering with RSA Security and VeriSign, the security industry’s

Partn

est names, SanDisk, the world’s leading supplier of flash memory

bigg data storage card products, has developed TrustedSignins. This revolutionary solution runs on a standard SanDisk USB flash memory device (UFD) and TrustedFlash mobile devices such as phones and handheld game consoles.

fit of TrustedSignins over dedicated tokens is that your

A be company does not need to bear the expense of stocking and supplying them to your customers. After an employee or customer buys a standard SanDisk device at any of the 185,000 retail locations, it is registered with their account at your company. As an incentive, your company can even offer a rebate.

™

memory cards for

Mass Storage

(R/W)

Applications

Public

Private

CD ROM

(ISO Image)

TrustedFlash™

Device Certificate

Secrets

(e.g. OTP Seeds)

Firmware

Memory

Controller

32-bit Crypto

Processor

TrustedFlash Technology

TrustedSignins is based on SanDisk's TrustedFlash technology. Every TrustedFlash device contains a unique readable electronic serial number, a device certificate, and an unknown

random encryption key. A custom controller partitions memory and manages access from the host PC. A 32-bit cryptographic co-processor automatically encrypts and decrypts all data written to and read from the device, protecting against information disclosure even if the components are directly targeted.

The host OS has no direct access to TrustedFlash memory. The devi

ce API supports strong authentication, including PKI, allowing authorized host processes to create and access their own information in the TrustedFlash partition while p

reventing access even by other processes

authorized to access other information within the

lash partition. For example, the shared secret used

edF

T to generate a one time password can be written and erased but not read from the device. Similarly, the device certificate can be used for authentication, verification, and signing but cannot be modified. The device certificate can be encapsulated in a PKCS#7 package, thus supporting

I applications.

SanDisk USB flash drives can make 3 disk volumes available to the host PC; a read-only CD ROM

e, a public volume, and a password-protected

imag private volume.*

For more information on TrustedFlash technology or TrustedSignins and how they can increase security while lowering costs, please send an email to

Trustedsignins@sandisk.com

Features and Advantages

• Based on TrustedFlash™Secure Storage Technology

ne device supports multiple virtual tokens

• and multiple algorithms

TH (Open Authentication) compliant

•

Up to 4.0GB of password protected flash memory storage

* TrustedSignins and the private volume require Windows 2000 Service

ck 4 and l

indo

SanDisk, the SanDisk logo and Cruzer are trademarks of SanDisk Corporation, registered in the United States and other countries. Gruvi, the gruvi logo, TrustedFlash, the TrustedFlash logo and TrustedSignins are trademarks of SanDisk Corporation. miniSD and the miniSD logo are trademarks. U3 and the U3 logo and the U3 smart logo are trademarks of U3, LLC. Other brand names mentioned herein are for

tifica

ater, Windows XP (all editions and service packs), and

r 2003.

ws S