Authorization Write us Site map

 

 

  2007

 

 

PDF
(17,1 )

     

 

 

  2008

 

 

PDF
(6,1 )

     

 

 

  2009

 

 

PDF
(2,5 )

 

 

  2010

 

 

PDF
(806 )

     

 

 

  2011

 

 

PDF
(172 )

     

 

 

  2012

 

 

PDF
(806 )

     
Adobe Flash Player 9 .
Flash Player
 /  Products and services /  Products /  E-Kalit

E-Kalit

SOFTWARE DEVICE FOR PROTECTED STORAGE OF CRYPTOGRAPHIC KEYS
«E-KALIT»

  

 

 

 

Download invoice

License for wholesale

GUVOHNOMA

Driver for Windows 7

Driver for Windows XP

 

Device description

E-KALIT is a hardware-software device specifically designed for use in conjunction with information systems that require secure storage of secret encryption keys and electronic digital signature (EDS).

E-KALIT is a wearable USB-stick of a small size, allowing storage of personal cryptographic user settings in a secure trusted environment

E-KALIT allows you to:

- safely store personal settings of electronic digital signature, private digital signature keys, hashing keys, encryption keys, as well as public parameters (such as public-key certificate);

- make secure user authentication to access contents of memory devices based on knowledge of identity data (username and password);

- block access to the device memory when trying to guess passwords specified number of times;

- Issue a certificate of public key electronic digital signature on the request of a personal computer;

- load cryptographic keys and user certificates from a PC (for example, from the  program of EDS registration center);

- safely transfer to the device user identity data based on hash of a random number.

Exchange of information between the device and the PC is carried out on a special encryption protocol that prevents unauthorized access to cryptographic keys and user identification data in cases of USB bus interception. Included with the device comes a special driver for Windows XP operating system.

E-KALIT has no file system and when connected to a PC is not defined by the operation system as a storage device (flash memory), so standard file access to data from other programs is impossible.

Total volume of non-volatile memory - 32 KB. To store personal user settings there are two special protected areas of ​​not less than 4 Kbytes each: «PRK» - memory for storing private settings, «PBK» - memory for storing public settings. Free memory area is​​ used to store the device software. We recommend to store secret keys in «PRK», and public keys such as EDS user certificate - in «PBK».

Differentiation of device access rights

Data exchange with PC device is realized only after the user's authorization, for which the control program asks for identity data of a PC user: username and password up to 31 characters each.

If you enter incorrect name/password of more than the set number of times (5 on default), the corresponding account is disabled, the device ceases to take your identity data.

In E-KALIT there are two types of accounts - administrator and key holder. Depending on the imposed identity data, the device allows you to act in accordance with the account rights.

Regardless of the current authorizationstate at any time there is an opportunity to:

1. Know the status of memory areas:

  • availability of name / password of  administrator;
  • availability of name / password of key owner;
  • availability and correctness of data in «PBK»;
  • availability and correctness of data in «PRK».

2. Know the authorization status: authorized / not authorized.

3. Format the device. Here the pair login / password becomes UNICON / UNICON, the pair login / password of key owner is deleted, data in areas «PBK» and «PRK» is erased.

Administrator has the right to:

  •     Install a new pair of login / password for the administrator account;
  •     Install a new pair of login / password for the key owner account. Moreover, information stored in protected areas is cleared
  •     Unlock the key owner account;
  •     Change the number of available attempts to authenticate with administrator account;
  •     Change the number of available attempts to log in with key owner account.
  •     On default login / password of administrator - UNICON / UNICON.

Key owner has the right to:

  •     Record and read information from the closed area of ​​information storage;
  •     Record and read data from the opened area of ​​information storage.
  •     On default username and password of key owner is not available. Appointment of login / password is subject to authorization with administrator account.

DEVICE USE ORDER

Depending on a customer requirements, there are two main ways to supply E-KALIT: as part of final software (such as electronic document management software) and delivery of E-KALIT as a separate device - for integration with software of a customer proprietary.

In the first case, the device use order is described in administrator and user manuals of the related software.

In the second case, the device can be supplied with software library functions API (for OS Windows) and the programmer guidance. Description of the device use order is assigned to software developers.