USB authentication tokens

  • Article

I've been evaluating USB tokens for two factor authentication for one of my current projects, I've got 3 of them for evaluation: Cryptoken, Axalto e-gate token and Omnikey 6121 token. The basic requirement is to allow VPN authentication into POC solution over the Internet. We used middleware from Raak Technologies to manage the tokens. All three work as advertised and provide two-factor authentication. Each has its own little quirks that might make a difference if it will be chosen for the current solution.

Cryptoken looks like a little silver bullet, it is very small and very sturdy, I think it can survive on the key chain and not break for at least couple years. Axalto token probably was the least durable one, it is a little bigger than Cryptoken, easier to hold and pull out from the USB port. Omnikey 6121 is the longest token, but it appears to be more sturdy than Axalto token. Axalto token and Omnikey both have SIM cards that were taken off from the Smart Card and inserted into the token. You can replace the SIM card in the token - token basically acts as USB smart card reader.

Cryptoken and OmniKey 6121 require the same USB drivers and Axalto had its own set of drivers. All of them work with Raak middleware.

One of the challenges with Cryptoken is that the default driver doesn't allow reinsertion of the token. If you take the token out from USB port, insert it back and try to access it you'll get error message. To fix this problem you need to reboot PC or install a static driver that will allow reinsertion of the token.

Axalto token didn't have the above problem, it just works.

Cryptoken is probably about 2-3 times faster than Axalto token, it has build in chip that processes all operations in the token, while Axalto has to rely on the drivers and processing speed of OS. Of course the speed advantage comes with price, Cryptoken almost as twice as expensive as Axalto e-gate USB token.

Overall, they all work and my customer will have to evaluate them and decide which one to use after using them with our POC.