Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Data Encryption

Kaspersky Disk Encryption

Using a token and smart card with Authentication Agent

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

Using a token and smart card with Authentication Agent

April 25, 2024

ID 133615

Get as PDF

A token or smart card can be used for authentication when accessing encrypted hard drives. To do so, you must add the electronic certificate file of a token or smart card to the Manage Authentication Agent accounts task.

Use of a token or smart card is available only if the computer hard drives were encrypted using the AES256 encryption algorithm. If the computer hard drives were encrypted using the AES56 encryption algorithm, addition of the electronic certificate file to the command will be denied.

Kaspersky Endpoint Security supports the following tokens, smart card readers, and smart cards:

  • SafeNet eToken PRO 64K (4.2b);
  • SafeNet eToken PRO 72K Java;
  • SafeNet eToken 4100-72K Java;
  • SafeNet eToken 5100;
  • SafeNet eToken 5105;
  • SafeNet eToken 7300;
  • EMC RSA SID 800;
  • Gemalto IDPrime.NET 510;
  • Gemalto IDPrime.NET 511;
  • Rutoken ECP;
  • Rutoken ECP Flash;
  • Athena IDProtect Laser;
  • SafeNet eToken PRO 72K Java;
  • Aladdin-RD JaCarta PKI.

To add the file of a token or smart card electronic certificate to the command for creating an Authentication Agent account, you must first save the file using third-party software for managing certificates.

The token or smart-card certificate must have the following properties:

  • The certificate must be compliant with the X.509 standard, and the certificate file must have DER encoding.
  • The certificate contains an RSA key with a length of at least 1024 bits.

If the electronic certificate of the token or smart card does not meet these requirements, you cannot load the certificate file into the command for creating an Authentication Agent account.

The KeyUsage parameter of the certificate must have the value keyEncipherment or dataEncipherment. The KeyUsage parameter determines the purpose of the certificate. If the parameter has a different value, Kaspersky Security Center will download the certificate file but will display a warning.

If a user has lost a token or smart card, the administrator must add the file of a token or smart card electronic certificate to the command for creating an Authentication Agent account. Then the user must complete the procedure for receiving access to encrypted devices or restoring data on encrypted devices.

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.