Multi Factor Authentication with YubiKey Token

Step-by-Step Guide
 

The YubiKey is a hardware authentication device manufactured by Yubico. Think of it as a tiny ‘safe’ that can store logon information securely and independently from any computer. It comes in various form factors ranging from a token big enough to be attached to a keyring to the smallest models that are so small they hardly protrude from a device once inserted in the USB port. YubiKey does not require a battery nor extra software to be installed on the host device. Just plug it into a USB port or use NFC and you’re ready to go.

How can you enhance u.trust LAN Crypt with MFA?

u.trust LAN Crypt is a client-side encryption solution that provides file-level encryption. Its powerful key and policy management functionality supports data using different keys for business, personal and shared data. Keys assigned to a particular user are encrypted using standardized private key cryptography. Only a user in control of the private key can access those keys. Hence protection of the private key is paramount. The YubiKey token is an ideal solution for safekeeping private keys. When used, two separate authentication factors are required – knowledge and possession –thus strengthening the general level of security.


Enable Protection

Step1: Define what Data to Protect

In the u.trust LAN Crypt Admin console, define what data to protect and which key to use. A single rule can be sufficient to get all your data encrypted. Define additional rules with different keys if you plan to share data in specified folders. That’s all you need for now. If you are not happy with the result, you can always come back later and fine-tune the protected locations and keys to suit your needs.

Step 2: Assign Keys to Users

Next, assign the policies and associated encryption keys to the users. Each user receives their own personal copy, encrypted with their own personal key. Personal keys are essential for protection against unauthorized access to data. For this reason, access to these keys must be particularly well secured. This ensures that only legitimate users can access encrypted data.


Enroll YubiKey Token

Step 3: Enroll YubiKey Token

YubiKey tokens are a perfect option for keeping personal keys safe. In order to leverage this functionality in u.trust LAN Crypt, the token must first be registered and provisioned. Options include either central management, where tokens are provisioned with the personal keys directly by the issuing authority (e.g. PKI), or a self-service option, in which the user transfers their previously issued personal key to the YubiKey token for better protection.


Activate Multi Factor Authentication

Step 4: Windows and Mac

Once initialized, the use of the YubiKey token is straightforward. Plug the token into your system and you’re all set. No need to install additional software or make any changes to your configuration. Once connected, u.trust LAN Crypt will automatically detect the token and make use of it for decryption of the user’s profile and encryption keys.

Step 5: Multi Factor Authentication

Access to the personal key from now on requires two factors. First the user has to hold the physical YubiKey token. Secondly, he also needs to know the tokens’ end user PIN. This PIN is required to access the personal key. Once the PIN has been provided successfully, u.trust LAN Crypt can perform private key operations and decrypt the user’s keys. The use of YubiKey token adds two factors to the u.trust LAN Crypt authentication – knowledge and possession.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Utimacoのダウンロードについて

      ダウンロードセクションをご覧ください。

      パンフレット、データシート、ホワイトペーパーなどのリソースからお選びいただけます。ほぼすべての資料を直接(ダウンロードボタンをクリックして)閲覧・保存することができます。

      一部の資料については、電子メールアドレスの確認が必要です。ボタンにはEメールのアイコンがあります。

      Download via e-mail

       

      ボタンをクリックすると、オンラインフォームが開きますので、必要事項をご記入の上、送信してください。このタイプのダウンロードをいくつか収集し、1つのフォームをすべてのダウンロードに対して送信するだけで、リンクを電子メールで受け取ることができます。現在のコレクションは空です。