- The Validy USB Token
The Validy USB token is built around a secure micro-controller running the firmware for one or more of the following Validy applications: Validy Softnaos, Validy WebBusiness, Validy FileCrypt, or Validy SmartLicense.
The main characteristics of the micro-controller are:
- 32 bit architecture
- 256 Kbytes of ROM (for the code)
- 32 Kbytes of EPROM (for permanent data)
- 8 Kbytes of RAM (for the working set of applications)
- 256 Kbytes of external ciphered RAM (used as a paging area by Validy SoftNaos)
- USB full speed interface (12 Mbit/s) Cryptographic accelerator for DES and Triple DES
- Cryptographic accelerator for RSA up to 1024 bit keys (or 2048 bits using the Chinese Remainder Theorem)
- Countermeasures to protect against physical attacks.
The token acts as a CCID class device (Circuit Card Interface Device) on the USB bus and is supported by the CCID drivers that come with Windows, Linux, and MacOS X. The organization of the token is derived from the ISO 7816 standard. Transfer commands are analogous to type 4 extended APDUs (protocol T=1) but the token resources are not organized according to a hierarchical file system. Instruction codes (INS) defined by the standard are used when possible but new custom commands have also been defined.
Accesses to the resources of the token are subject to one or more authentication steps and all authentication methods use cryptographic challenges (External Authenticate) with a limited number of trials.
Each application corresponds to a specific fixed set of resources: files, cryptographic keys, and virtual machine for Validy SoftNaos.
Each token is initialized by Validy with default values before delivery. Users must customize their tokens before using them with the customization application provided by Validy.