Here you will find information about various devices and equipment that may be used in Rohos software for authentication purposes. Rohos software uses different types of hardware tokens  to store passwords or logon profiles. Some of them support PIN code for two-factor authentication. All Rohos data blocks are stored on a USB key in encrypted form.

The list of supported tokens:

1. USB flash drives
2. USB tokens, PKCS#11 compliant
3. Smartcards
4. Bluetooth proximity
5. One-Time-Password tokens
6. RFID wireless tags and MiFare cards
   
7. Biometrics
8. Custom devices

USB flash drives

Supported in Rohos Logon Key (Windows and Mac) and Rohos Disk Encryption. After USB key has been configured it’s still may be used as a storage disk.

+ Supports PIN code for 2-factor authentication with limited fail-attempts before lock (3)
+ Configuration creates encrypted logon profiles in \_rohos\roh.roh folder
+ By default password is not stored on the USB Key in plain form.

Also, including any USB storage device that has its own drive letter in Windows:

• U3 smart USB flash drives
• FingerPrint & Biometric enabled USB flash drives are also supported
  
• Memory cards (like SD/MMC) via card readers
• Any MP3 player like iPod

Also USB Flash Drive with Hardware Encryption. Rohos may use authentication panel of any Encrypted Usb drive to authenticate into Windows:

• IronKey
• Kanguru Defender
• Kingston DataTreveler secure

Tested devices: Apacer, LG, Lexar, Transcend, TakeMS, SanDisk, SD memory cards, IronKey, Kaguru Defender, Kingston SecureVault .

USB tokens, PKCS#11 compliant

Supported in Rohos Logon Key (Windows) and Rohos Disk Encryption. In general any PKCS11 enabled token may be used in Rohos products.

+ Supports PIN code for 2-factor authentication with security provided by the token (number of fail attempts, unblocking features, change PIN)
+ Configuration creates 1 or 2 data blocks in private memory (up to 10 kb)

Tested tokens: Aladdin eToken PRO, ruToken, uaToken, Securetoken ST2/ST3, SenseLock trueToken, Futako HiToken, ePass, CrypToken, iKey ***, SecureToken ST series.

See note below on how to use any PKCS11 token in Rohos in addition to the listed in Rohos setup window.

Smartcards

SC25J10 Smart Card. HiCOS PKI smartcard. Powered by Futako Ltd.

BlueTooth enabled mobiles.

Any bluetooth enabled mobile phone or Pocket PC device may be used as a wire-less key to unlock your computer or notebook. Supported in Rohos Logon Key (Windows and Mac).

Learn more in article:  How to use bluetooth mobile to lock/unlock Windows computer.

+ PIN code is supported in Mac version only
+ Configuration creates encrypted logon profiles in Windows registry
+ USB key security works on uniqueness of MAC address

Tested devices: A computer or notebook with MS Bluetooth stack (Windows XP sp1, sp2. Vista) + mobile phone (qTeck, Nokia, Sagem). Mac OS X 10.5 + mobile phone.

One-Time-Password tokens

Yubikey and Swekey. Supported in Rohos Logon Key (Windows and Mac) and Rohos Disk Encryption.

+ PIN code for Yubikey is emulated by Rohos (with 3 fail attempts counter)
+ Configuration creates encrypted logon profiles in Windows registry
+ Security works on USB device serial number being unique, OTP validation via online API of the manufacturer (requires internet), or PIN code.

Learn more on how to use YubiKey for Windows Logon and Swekey release notes.

Tested devices: Yubikey (in static and dynamic OTP mode), Swekey.

RFID wireless tags and MiFare cards.

Rohos Logon Key and Rohos Disk support the following RFID reader devices with MiFare 1K support:

• ACS ACR122 and ACR128 NFC readers
• SCM SCL010,  SCL011G and SCL3711 RFID readers
• Easident FS-2044 RFID reader (only with RFID tag EM4100)
• CR10MW (betta release)

Also Rohos Logon Key support: Touchatag RFID kit (Windows and Mac) and Wireless PC Lock - USB receiver and wireless tag.

Rohos Logon Key features for RFID tags:

+ PIN code is supported via authentication keyA.
+ For Touchatag RFID and Easident FS-2044 RFID readers Rohos configuration creates encrypted logon profiles in local computer.
+ In many cases Windows Active Directory authentication and Remote Desktop authentication with RFID tags are possible.

Please read more about MIFARE 1K support release notes.

Biometrics

FingerPrint & Biometric enabled USB flash drives are also supported in Rohos Logon Key (Windows and Mac).

+ PIN code is supported in Mac and Windows
+ Configuration creates encrypted logon profiles in local computer

Tested devices: Transcend JetFlash 220 Fingerprint, takeMS MEM-Drive Biometric Scanline,
APACER AH620 Fingerprint Flash Drive under Windows and BioSlimDisk under Windows and Mac OS X.

See also Face recognition logon with Rohos Face Logon.

Custom authentication devices:

Rohos Logon Key and Rohos Disk uses internal token API and could work with virtually any authentication device. How to test PKCS11 compliant device:

1. Install Rohos Logon
2. Open regedit.exe
3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Rohos
4. Create strings value
   USBKeyDllName = rohos_pkcs.dll
   USBKeyPkcs11 = dllname.dll where dllname is a PKCS11 supporting module of the token (should be located in c:\windows\system32 or in rohos folder)
5. Open Rohos Logon main window and click “Setup USb Key”. The program should detect the token
6. After setting up USB Key restart to try logon

If you are a Hardware Vendor, manufacturing security devices, Tesline-Service would be glad to operate side by side integrating your devices and equipment into our security solutions thus satisfying increasing customers requirements.
To become a Partner apply now