Technology |

Security experts like to say that there are now only two types of companies left in the United States: those that have been hacked and those that don't know they've been hacked

- ForMER FBI DIRECTOR R. MUELLER

WHAT IS SAFE Technology?

SAFE (Strong Authentication Front End) Technology which ties the user’s password and cryptographic secrets to the authentication transaction. What makes SAFE Technology unique is that the evidence for both factors is transmitted in a single encoded password packet. The evidence is intertwined and encrypted and cannot be separated in transit.

SAFE-Key – Two Factor Authentication (2 FA)

SAFE-Key user logs in with strong two factor authentication (2FA) for access to personal or corporate information, to send or receive encrypted email content, or to encrypt and protect files and directories.

One SAFE-Key – Multiple Capabilities

SAFE-Key user logs in at home or work on a desktop, laptop, or tablet with ENCRYPTED and SECURE username and password. Access to the Data Center Servers can only be achieved with the use of a SAFE-Key and the authentication of user’s identity.

safe technology starts with safe Password

Safe password features & Information

SAFE Password is a secure password technology that provides strong two-factor authentication (2FA) using a device to access computers and SAML supported cloud-computing environments. SAFE Password is not a password vault or one-time password system.

SAFE Password supports Security Assertion Markup Language (SAML) an industry standard for Single Sign On (SSO) and integrates easily with any large service or identity provider that supports SAML (ie: Google Apps for Work, Dropbox, and Salesforce). If SAML is not available at a client location, SAFE Password can be implemented through a secure authentication server that integrates with a client’s SSO system or other authorization server. This process requires integration services and the cooperation of the client’s IT department.

What makes SAFE Password technology more secure than other authentication solutions?

SAFE Password obstructs attacks executed by: keystroke loggers, phishing, man in the middle, man-in-the browser, side-channel, replay, and brute force hacking, while other solutions do not.
With SAFE Password, the user's actual password is not visible in plain text during authentication: not on the desktop, not across the internet, not on the server, and not in the database. In the event of an attack on the database, the actual passwords cannot be viewed, compromised, or replayed.
SAFE Password manages multiple passwords and multiple login domains with the same device.
A SAFE Password protected login cannot be replayed or separated from the secure packet. If the user's password is compromised, lost, shared, or stolen, it is useless without the device.

FIPS 140-2 Level 3 Validated

TM: A Certification Mark of NIST, which does not imply product
endorsement by NIST, the U.S. or Canadian Governments.

SAFE-Key Device by BiObex, LLC
(When utilizing a Trusted Path as specified in the Security Policy)

in accordance with the Derived Test Requirements for FIPS 140-2, Security Requirements for Cryptographic Modules. FIPS 140-2 specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system protecting Sensitive Information (United States) or Protected Information (Canada) within computer and telecommunications systems (including voice systems).

Products which use the above identified cryptographic module may be labeled as complying with the requirements of FIPS 140-2 so long as the product, throughout its life cycle, continues to use the validated version of the cryptographic module as specified in this certificate. The validation report contains additional details concerning test results. No reliability test has been performed and no warranty of the products by both agencies is either expressed or implied.

This certificate includes details on the scope of conformance and validation authority signatures on the reverse.

FIPS 140-2 provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range and potential applications and environments in which cryptographic modules may be employed. The security requirements cover eleven areas related to the secure design and implementation of a cryptographic module. The scope of conformance achieved by the cryptographic modules as tested in the product identified as:

SAFE-Key Device by BiObex, LLC
(Hardware Version: 1.4; Firmware Version: Boot 1.2.0.0, PEM 1.2.0.0, BIOS 1.2.0.0; Hardware)

Overall Level Achieved: 3
and tested by the Cryptographic Module Testing accredited laboratory: CEAL: a CygnaCom Solutions Laboratory, NVLAP Lab Code 200002-0

CRYPTIK Version 9.0c is as follows:

Cryptographic Module Specification:
Cryptographic Module Ports and Interfaces:
Roles, Services, and Authentication:
Finite State Model:
Physical Security:
Cryptographic Key Management:
EMI/EMC:
Self-Tests:
Design Assurance:
Operational Environment:
Mitigation of Other Attacks:
Tested in the following configuration(s):

Level 3
Level 3
Level 3
Level 3
Level 3
Level 3
Level 3
Level 3
Level 3
Level 3
Level N/A
N/A

Download FIPS 140-2 LEVEL 3 VALIDATED Document Here

Safe Protected Files & Directories (SPF)

SAFE Protected Files allows the user to store, access, or send data files, by secure encrypted means, that prevent anyone from opening or reading the data files other than the selected user or recipient with a SAFE-Key Device. Perfect for sending bank statements, legal documents, health records, wire transfers, credit card transactions, or any file or document that must be transmitted and stored securely. All data is protected both in transit and at rest in storage.

SAFE PROTECTED EMAIL

With SAFE Protected Email, a user composes an “Eyes Only Message” that is transmitted by email as an encrypted attachment, which can only be opened by the selected recipient’s SAFE-Key Device. Once the email has been read and closed, it remains encrypted, and can only be reopened with the designated device and recipient’s username and password.

Safe Desktop Login

The SAFE-Key Desktop Login feature may be activated to require two-factor authentication to control the access to a user’s desktop, laptop, or tablet with a standard USB interface. Without the user’s SAFE-Key and password, no one, not even the user, can access the computer. This feature is available for Windows and Apple operating systems. Where multiple users share the same resource, Desktop Login allows each user to access the computer with their individual SAFE-Key and password.

SAFE Vault

SAFE Protected Password Vault: Secure an entire list of Usernames and Passwords with AES 256 encryption. The user’s SAFE-Key Device is required to open and view the SP Vault. The unique Cut & Paste feature does not expose the username or password in plain text when used to login into an account.

SAFE Digital Signature

The SAFE-Key device can also be used to produce digital signatures in order to verify that a document both came from the claimed author and that it has not been altered. The device enforces password validation so the digital signature is also validated by a 2-factor scheme.