Gemalto Smart Enterprise Guardian
Strengths: Secures removable media and stores certificates off the PC device.
Weaknesses: Price for a single purpose device is high.
Verdict: Good product for certificate storage and secured portable data.
SummarySmart Enterprise Guardian (SEG) v1.0 combines smart card-based PKI functionality with up to 2GB of encrypted mobile storage on a USB device. SEG provides removable/portable two-factor strong authentication. It is used to secure network or desktop logons, digital signatures and email/file encryption.
The SEG offering includes a 1- or 2GB USB key with a secure storage partition that maps on a user's computer to a drive called "private" to store sensitive files. This part of the memory is protected by a PIN and uses AES 256-bit encryption, which is a safeguard for secure network services using locally stored certificates. It allows a user additional security possibilities, such as options to secure logon and logoff, lock and unlock their Windows workstation, use secure screensavers in Windows, digitally sign Microsoft Office macros and Adobe Acrobat documents, open and verify signed documents, send and receive secure email using Microsoft or Mozilla email software, and connect securely with a web server. All this is delivered through a two-factor authentication device generating OATH-compliant one-time passwords (OTPs). The OTP value is transferred to the PC via the USB connection and allows authentication to resources, such as an ISA server, Outlook Web Access, Citrix Presentation Server and VPN devices that have Radius authentication support..
A zero-footprint solution, SEG does not require installation of any additional software and can be managed centrally. We plugged the USB device into our test PC and it loaded automatically. It then prompted us for our initial PIN and name and configured the public and private storage folders, which map as two drives under Windows My Computer. After five incorrect login attempts, access to the device is blocked and can only be unblocked through a PKI-based challenge-response mechanism.
This is a nice solution that provides added benefits for secure certificate storage on a USB key.