SafeNet Smart Card 650 Product Brief
SafeNet Smart Card 650
A High Assurance identification and authentication smart card that brings two-factor authentication to applications and networks where security is critical.
High Assurance Security with Ultimate Flexibility
The SafeNet Smart Card 650 (SC650) is the most secure, certificate-based smart card available today. Supporting numerous algorithms, X.509 digital certificates and on-card certificate validation, the SC650 enables strong two-factor authentication and proof-positive user identification in all Public Key Infrastructure (PKI) environments. The smart card contains a custom smart card ASIC, the SCC650, developed by SafeNet. This SCC650 ASIC is a highly trusted design fabricated at a trusted foundry and implements a security architecture found in other SafeNet certified ASICs.
On-board cryptographic processing including Suite B Operations
The SC650 securely stores the user’s credentials, such as digitally-signed certificates, private keys, and network login credentials and seamlessly supports secure key generation, secure key storage, encryption/decryption, and digital signature processing (sign and verify). The SC650 is capable of performing all private and public key cryptographic functions directly on the smart card, thus eliminating potential threats resulting from private key exposure. In authentication scenarios where cryptographic keys are stored locally on a computer and protected only by software, the keys are vulnerable to accidental loss and malicious acts that could greatly compromise network security and result in unfortunate economic consequences. With the SafeNet SC650, the private keys used for these functions are never exposed to a potentially vulnerable host system.
Additionally, the on-chip cryptographic functions enable users to perform Suite B and other FIPS- approved cryptographic operations on the card.
The SC650, combined with the SafeNet High Assurance Client (SHAC) middleware, is designed to support multi-domain usage by allowing the user’s credentials and certificates to be stored in cryptographically-separated key containers. This capability grants users more flexible and simplified access to sensitive networks and workstations because a user can use a single authentication device, the SC650, to securely authenticate to multiple independent networks (i.e., domains), each requiring its own set of unique private keys, credentials and certificates.
Easy to Integrate and Deploy
The SafeNet SC650 has been designed to provide built-in cryptographic and data container management for all private and sensitive functions, while giving enterprises the ability to add new applications/applets to address future requirements.
- DH/ECDH/DSA/ECDSA/RSA Key Generation
- DH/ECDH Key Agreement
- ECDSA/DSA Sign & Verify
- ECC curves supported: p-256, p-384, p-521
- 3DES encryption/decryption
- AES encryption/decryption (128 and 256 key lengths)
- RSA encrypt/decrypt (1024/2048)
- RSA Sign & Verify (1024/2048)
- HMAc SHA1/256/384/512
- ISO 7816-2 for dimensions and location of the contact for smart cards
- ISO/IEC7816 parts 3 and 4, standard for identification cards (i.e., smart cards)
Token Operating System:
- Java card v2.2.2
- Global platform 2.1.1
- Microsoft Windows 2000
- Microsoft Windows 2003
- Microsoft Windows XP Microsoft
- Windows Vista
- Apple MacOS 10.4.6 and above
Features & Benefits
- High assurance user authentication
- Multi-domain authentication support
- Secure key storage
- Signing and verifying encryption/decryption
- Private/public key generation
- Operationally secure token activation
- Secure random number generation
- Optional On-token certificate validation (includes path validation)
- Interoperates with RedHat CMS 8.0 Secure
- Secure audit logging