USB Token

What is a USB token?

USB Token is hardware device, which is used to store Digital Signatures Certificate for security. It is secure device and certified by International standards (FIPS). All Digital Certificate subscribers must to store their DSCs on FIPS Certified USB Tokens only. DSC stored in USB Token can not be copied to any other device. CCA (Controller of Certifying Authority) as well as all Certifying Authrorities i.e. eMudhra, (n)Code Solutions, Sify and TCS recommend to use FIPS certified tokens only. There are number of USB tokens available in India which are FIPS Certified, for example Watchdata USB Token, Trustkey Token from Watchdata Singapore, Aladdin eToken from Israel and few others like Gemalto, Athena, ePass from Fetian, China which are FIPS Certified. The only token which is FIPS Certified and plug n play (Built in driver with 1MB Flash memory) available is Trustkey from Watchdata.

USB Token is hardware mechanism used for password authentication via using identity management technique and provides hacking problem solution to the user. It fits in the USB port of the computer. Besides, it is also very useful where security is must like personal computer or cyber café pc. It can be most widely used in accessing E-banking, E-commerce, stock trading, and online data and money transactions tasks. Digital Signature Certificates are now used in various applications are of various types like Class II, Class III. Class 3 digital signature certificates are mostly used e-tendering and e-procurement. Class 2 digital signature certificate are mainly used for efiling e.g digital signature certificate for EPFO, Digital Signature for Income Tax, Digital Signature for MCA etc.


The Trustkey USB Token is a hardware cryptographic module validated against the FIPS 140-2 at security level. It is a USB-based PKI, two-factor authentication token device. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user’s private and public key pairs can be generated and stored on the embedded chip. Trustkey has 32K EEPROM and 64K FLASH for the on-card file system divided into the basic areas and extended area. The user’s key pairs reside in the EEPROM. The private key can never be exported. The implementation of FIPS-Approved cryptographic algorithms are tested under the Cryptographic Algorithm Validation Program (CAVP).

Trustkey provides the USB interface that can connect the module to a General Purpose Computer (GPC) in a “plug and play” manner, which eliminates the need to install Smart Card Reader drivers. The WatchKey implements type A USB 1.1 (full speed) specifications and USB CCID (Circuit(s) Cards Interface Device) protocol which enables communication with ISO/IEC 7816 smart cards over USB.


  1. USB Token Application providers issue the USB token with authentication CA certificate to users.
  2. Users should insert the USB token if they want to use the applications.
  3. During users´ online transaction process, USB token should digitally sign the key information, and then send it to the back-end for verification.
  4. After the successful verification, the transaction process is completed; otherwise, the application system from the back-end should terminate the transaction.