USB Token

What is a USB token?

USB Token is hardware device, which is used to store Digital Signatures Certificate for security. It is secure device and certified by International standards (FIPS). All Digital Certificate subscribers must to store their DSCs on FIPS Certified USB Tokens only. DSC stored in USB Token can not be copied to any other device. CCA (Controller of Certifying Authority) as well as all Certifying Authrorities i.e. eMudhra, (n)Code Solutions, Sify and TCS recommend to use FIPS certified tokens only. There are number of USB tokens available in India which are FIPS Certified, for example Watchdata USB Token, Trustkey Token from Watchdata Singapore, Aladdin eToken from Israel and few others like Gemalto, Athena, ePass from Fetian, China which are FIPS Certified. The only token which is FIPS Certified and plug n play (Built in driver with 1MB Flash memory) available is Trustkey from Watchdata.

USB Token is hardware mechanism used for password authentication via using identity management technique and provides hacking problem solution to the user. It fits in the USB port of the computer. Besides, it is also very useful where security is must like personal computer or cyber café pc. It can be most widely used in accessing E-banking, E-commerce, stock trading, and online data and money transactions tasks. Digital Signature Certificates are now used in various applications are of various types like Class II, Class III. Class 3 digital signature certificates are mostly used e-tendering and e-procurement. Class 2 digital signature certificate are mainly used for efiling e.g digital signature certificate for EPFO, Digital Signature for Income Tax, Digital Signature for MCA etc.


ePass PKI USB Token is the world’s foremost cryptographic identity verification module. ePass by FEITIAN provides a host of indispensable protective measures for digital communication and transaction through Public Key Infrastructure (PKI) data encryption technology. The token’s unique private key functions as an individual’s online ID card and brings a new level of accountability and nonrepudiation to the internet. ePass is a smart-card chip based token with a convenient USB insert rendering the device operable with almost all computers without the need for a reader. As a two factor authentication solution ePass can secure local and remote desktop and network log-on. Key cryptography and the digital signing of emails, documents, and transactions are performed onboard in the secure token framework which is impervious to after-market modification and manipulation.


mToken- CryptoID is a two-factor portable USB token that features smartcard technology. Its certificate-based technology generates and stores credentials, such as private keys, passwords and digital certificates within the protected environment of the smart card chip. The built-in Smartcard technology provides highly robust verification and authentication implemented in various industries. MToken CryptoID is certified by Microsoft HCK / HLK and installs Microsoft Windows Update drivers automatically.


The Trustkey USB Token is a hardware cryptographic module validated against the FIPS 140-2 at security level. It is a USB-based PKI, two-factor authentication token device. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user’s private and public key pairs can be generated and stored on the embedded chip. Trustkey has 32K EEPROM and 64K FLASH for the on-card file system divided into the basic areas and extended area. The user’s key pairs reside in the EEPROM. The private key can never be exported. The implementation of FIPS-Approved cryptographic algorithms are tested under the Cryptographic Algorithm Validation Program (CAVP).

Trustkey provides the USB interface that can connect the module to a General Purpose Computer (GPC) in a “plug and play” manner, which eliminates the need to install Smart Card Reader drivers. The WatchKey implements type A USB 1.1 (full speed) specifications and USB CCID (Circuit(s) Cards Interface Device) protocol which enables communication with ISO/IEC 7816 smart cards over USB.


  1. USB Token Application providers issue the USB token with authentication CA certificate to users.
  2. Users should insert the USB token if they want to use the applications.
  3. During users´ online transaction process, USB token should digitally sign the key information, and then send it to the back-end for verification.
  4. After the successful verification, the transaction process is completed; otherwise, the application system from the back-end should terminate the transaction.