GUARDIANEDGE ADVANCED AUTHENTICATION

Extend Data Protection with Strong, Multi-factor Authentication

Many organizations require a more secure way to authenticate users during log-on and before accessing data on PCs, laptops, removable storage devices, and removable media. A multi-factor authentication solution meets this need by requiring users to both know something (their ID and password) and have something (a physical identifier like a smartcard) before granting access to systems and encrypted data.

GuardianEdge™ Advanced Authentication provides multi-factor authentication for GuardianEdge Hard Disk Encryption, GuardianEdge Encrypted Drive Manager and GuardianEdge Removable Storage Encryption:

  • When used with GuardianEdge Hard Disk Encryption or GuardianEdge Encrypted Drive Manager, it extends the security of user log-on with multi-factor authentication to protect access to encrypted data stored on fixed disk drives
  • With GuardianEdge Removable Storage Encryption, it enables the use of multi-factor authentication to safeguard access to data stored on removable storage devices and removable media

contact

By deploying GuardianEdge Advanced Authentication organizations can:

  • Use Smartcards/Common Access Cards/PIV Cards to extend user authentication
  • Employ X.509-compliant cards readers and tokens
  • Add strong multi-factor authentication for user login with GuardianEdge Hard Disk Encryption and GuardianEdge Encrypted Drive Manager as an additional layer of protection for data stored on laptops and desktops
  • Expand access protection for encrypted data stored on removable storage devices and removable media controlled by GuardianEdge Removable Storage Encryption
 
  • Additional protection for data on laptops and desktops with authentication using smartcards (including CAC or PIV cards) before access to Windows is granted
  • Safeguard data on removable storage devices and media with multi-factor authentication access control
  • Extensive support for cards, readers and tokens
 

Supported Readers


Embedded Readers

  • Dell E4200 (Broadcom Corp. 5880)
  • Dell E6400 (Broadcom Corp. 5880)
  • Dell M6400 (Broadcom Corp. 5880)
  • Dell D410 Embedded Reader (TI PCI GemCore Based Smart Card Controller)
  • Dell D420 / D430 Embedded Reader (O2Micro OZ776 USB CCID Smartcard Reader)
  • Dell D600 Embedded Reader (O2Micro 02711EC1 PCMCIA/Smart Card Controller)
  • Dell D610 Embedded Reader (TI PCI GemCore Based Smart Card Controller)
  • Dell D620 Embedded Reader (OZ6912 /601/711E0 CardBus/SmartCardBus Controller)
  • Fujitsu 4210—O2Micro OZ711MP1/MS1 MemoryCardBus Controller
  • Fujitsu 4215—O2Micro OZ711MP1/MS1 MemoryCardBus Controller
  • Dell D630—O2Micro OZ711EZ1 MemoryCardBus Controller
  • Dell D820—O2Micro OZ711EZ1 MemoryCardBus Controller

PCMCIA Readers

  • HP SCM SCR 243 PCMCIA
  • Axalto Reflex USB v2, Reflex 20 PCMCIA v2 & v3
  • ActivIdentity PCMCIA
  • SCM SCR 201, SCR 241, SCR 243 PCMCIA

USB Readers - All CCID-compliant USB smart card readers including the following:

  • ActivIdentity USB Reader 3.0
  • Axalto Reflex USB v3
  • Dell SK 3106 keyboard w/ SmartCard reader
  • GemPC Express, Pinpad*, Twin
  • SCM SCR3311 USB Reader

*Computer keyboard must be used to enter PIN


Supported Cards and Tokens


Aladdin Data Model

All tokens with the Aladdin eToken data model are supported.

The following tokens from Aladdin have been tested with the eToken data model:

  • PRO Javacard 72k, NG-OTP 32K, NG-OTP 64K
  • PRO 32K, PRO 64K

CACv2 Data Model †

All tokens with the CACv2 data model are supported.

The following tokens have been tested with the CACv2 data model:

  • Axalto Access 64K v2, Access Cyberflex 64K v1 SM4.1
  • Gemalto Cyberflex Access 64K v2c, GemXpresso 64K R3 FIPS V2#2
  • Oberthur CosmopolIC 32K V4, 64K v5.2 Fast ATR, 64K v5.2 Fast ATR (dual)
  • Schlumberger Access Cyberflex Access32K V2 SM7.2

CAC Next Generation (NG) Data Model

All tokens with the CAC Next Generation (NG) data model are supported.  This data model is also referred to as “Transitional PIV”.

The following tokens have been tested with the CAC Next Generation (NG) data model:

  • Gemalto TOPDLGX4
  • ID-One Cosmo 64 v5.2D Fast ATR with PIV application SDK
  • Oberthur CosmopolIC 64K v5.2 Fast ATR (dual), 72K v5.2 Fast ATR (dual)

GSC-IS 2.1 Data Model

  • Axalto Cyberflex 64K v1
  • Axalto Cyberflex 64K v2c
  • Cyberflex Access 64K v1 SM4.1

PIV I/PIV II Data Model

All tokens with the PIV I/PIV II data model are supported.

The following tokens have been tested with the PIV I/PIV II data model:

  • Athena IDProtect Duo PIV
  • Gemalto SafesITe PIV TPC DM
  • Oberthur PIV End Point Dual Interface Smart Card

RSA Data Model

†Single Sign-On is not supported.

All tokens with the RSA data model are supported.

The following tokens have been tested with the RSA data model:

  • RSA SID800
  • RSA Smart Card 5200

Note: Contactless authentication is not supported. Dual-interface tokens must be inserted into a reader.


PKI Environment Support

  • Supports X.509-compliant Public Key Infrastructure systems

GuardianEdge Data Protection Platform Integration

  • Single Management Console: Provides a single, Active Directory integrated management console for administering the GuardianEdge suite of endpoint data protection controls
  • Shared Services: Shared security and management services across data protection applications
  • Auditing and Reporting: Unified auditing and reporting environment
  • Lightweight client environment: Single sign-on integration; secure client/server communications; minimal to no intrusion into existing user workflows and operation

Active Directory Integrated Administration and Management

  • Tight integrated with Active Directory enables GPO-based policy deployment
  • Easily scales to meet enterprise requirements
  • Role-based policy administration
  • Detailed audit records to verify policy enforcement

Key/Password Administration and Recovery

  • Simple and secure administrative access to encrypted PCs in the event of lost tokens or passwords with self-service or admin-assisted recovery
  • Central master certificate (private key) digital certificate based recovery of encrypted data on portable media devices
Email Page Print Page Bookmark and Share top of page