Windows 2000 for Enterprise
Secure your Windows 2000 network.

iKey for Windows Smart Card Logon

SafeNet's iKey 1000 series and iKey 2032 can be used with Windows 2000 servers to add strong two-factor Authentication to Windows Logon.

The Windows 2000 Active Directory supports Public Key Infrastructure using X.509 Digital Certificates. Both the iKey 1000 series and iKey 2032 can store these Certificates that can be used for Secure Windows Logon, Secure Web Authentication/Access and Secure eMail. For customers requiring high assurance, SafeNet's iKey 2032 supports a number of additional security features:

  • On-board key generation
  • On-board signing (the private key never leaves the iKey)
  • Tamper-evident option (FIPS 140-1 Level 2 certification)

How does it work?
Up until the release of Windows 2000, Interactive Logon used Windows Basic, or Windows NT Challenge-Response mechanisms, with Username and Password based authentication. Now with Windows 2000 Active Directory networks, a 'smart-card' logon can be deployed, enabling iKey smart tokens to be used for User certificates and private keys.

In operation, Windows recognizes the insertion of an iKey into the USB port as an alternative to the standard 'CTRL+ALT+DEL' attention sequence to initiate a Logon. The user is then prompted for the iKey User PIN code, which controls access to public-private key data stored on the iKey. Because the PKI credentials are stored on the iKey the user can Roam within the network (use any other workstation), providing scope for a very flexible deployment of systems and users.

Windows Public Key Integration:
Windows 2000 PKI adds Certificate Services to the network.

Microsoft Certificate Services:
This allows for deployment of one or more Certificate Authorities (CA) These may be Microsoft CA's or third Party CA's; (e.g. Baltimore or Entrust). These CA's support issuing and revocation of Digital Certificates. The Certificate Service is integrated with Windows Active Directory.

The Windows 2000 integration of PKI does not replace existing Windows Domain trust-authorization mechanisms. However, it does enable the managing of Public Key applications to all Windows workstations and servers connected to a Windows 2000 Active Directory network; (e.g. including Windows NT and Windows 98 systems used as workstations).
Ïà¹ØÁ´½Ó