Specifications

Tokens

104 |

When properly configured, the users can use the certificates on the supported USB

authentication tokens to authenticate to Endpoint Encryption for Files and Folders.

However, you may want to consider using the Generic PKI token instead when working

with certificate based authentication in Endpoint Encryption for Files and Folders, see

more below.

Without certificates

The USB authentication tokens can also be used without digital certificates. If so, each

token must pass a Endpoint Encryption Manager Console for proper configuration.

Also, each user must be set to use the corresponding token for authentication.

NOTE:Whenupgradingruntimeenvironments(RTEs)fortheAladdineTokens,beawarethatthereis

incompatibilitybetweentheeTokenRTEversionsavailableinEndpointEncryption.Ifyouhaveaninstalled

eTokenRTEof3.00andwanttoupgradeEndpointEncryptionforFilesandFoldersandtheeTokenRTEto

3.60,thenyoumustfirstuninstalltheexistingEndpointEncryptionforFilesandFoldersclient,restartthe

machineandtheninstallthenewversionwiththecorrectRTE.

USB token for user local keys

A special case related to USB tokens is the user local keys – these may be stored on

any USB stick with memory capacity and are protected either with a password or a

user imported certificate.

To begin with, unlike the previously mentioned USB tokens, the encryption key store

for local user keys may be stored directly on the USB token. However, this requires

the USB token to have a storage memory area that can be mapped by the PC.

Typically, this is not the case with plain USB authentication tokens. Thus, for user local

key stores on a USB drive involves the usage of a USB flash memory. These drives

typically have a FAT formatted storage area that is mapped by the PC. Thus, the

encryption key store for user local keys is not itself protected by any internal token

structures or on-board cryptographic processor. However, they may be protected by a

private key that corresponds to the user’s digital certificate and that is protected by

built-in security mechanisms on the card. This holds both for USB authentication

tokens and smart cards.

Smart cards

Like with USB authentication tokens, smart cards can be used with or without digital

certificates for authentication to Endpoint Encryption for Files and Folders.

A number of smart cards are supported by Endpoint Encryption for Files and Folders,

both for PKI and non-PKI usage. For a list of directly supported cards, please consult

your McAfee representative.