Transcription
DATA SHEETFortiToken One-Time Password TokenTMMobile (FTM) One-Time Password (OTP) Application with Push NotificationHardware Token Time-Based OTP Form-Factors: FTK-200, FTK-200CD and FTK-220OverviewFortinet’s FortiToken Mobile (FTM) and hardware OTP Tokens (FTK200, FTK-200CD and FTK-220) are fully integrated with FortiClient,protected by FortiGuard and leverage direct management and usewithin the FortiGate and FortiAuthenticator security platforms. Secureyour network with Fortinet’s easy-to-manage, easy-to-use TwoFactor Authentication solutions.PRODUCT OFFERINGSFortiToken MobileFortiToken Mobile is an OATH compliant OTP generator applicationfor the mobile device supporting both time-based (TOTP) and eventbased (HOTP) tokens.FortiToken 200/200CDFortiToken 200 is part of Fortinet’s broad and flexible two-factorauthentication offering. It is an OATH compliant, TOTP. It is a small,keychain-sized device that offers real mobility and flexibility for theend-user.There is no client software to install; simply press the button and theFortiToken 200 generates and displays a secure one-time passwordevery 60 seconds to verify user identity for access to critical networksand applications. The big LCD screen of the rugged FortiToken 200 ismuch easier to read than other OTP tokens and there is an indicatoron the screen displaying the time left until the next OTP generation.FortiToken 200CD tokens are shipped with an encrypted activation CDfor the ultimate in OTP token seed security.FortiToken 220The FortiToken 220 OTP token is a mini credit card form factor token.The card is shipped with a precut hole for key ring application. Itssleek and slim design fits neatly into your wallet.
DATA SHEET FortiTokenTM One-Time Password TokenHIGHLIGHTSStrong Authentication at your FingertipsLeverage Existing Fortinet PlatformsIt is the client component of Fortinet’s highly secure, simpleto use and administer, and extremely cost effective twofactor solution for meeting your strong authentication needs.This application makes your Android, iOS and Windowsmobile devices behave like a hardware-based OTP tokenwithout the hassles of having to carry yet another device.Push notification allows you to view login details on yourmobile device to approve or deny with one tap.Besides offering out-of-the-box interoperability with anytime-based OATH compliant authentication server, suchas the FortiAuthenticator from Fortinet, the FortiTokencan also be used directly with the FortiGate consolidatedsecurity platform, including High Availability configurations.Alternatively, you can deploy hardware-based OTP token toprevent users’ passwords from stolen, phishing, dictionaryand brute-force attacks.FortiGate has an integrated authentication server forvalidating the OTP as the second authentication factor forSSL VPN, IPsecVPN, Captive Portal and Administrativelogin, thereby eliminating the need for the external RADIUSserver ordinarily required when implementing two-factorsolutions.Ultra-Secure Token ProvisioningOnline Activation with FortiGuard What makes FortiToken mobile OTP application superior toothers on the market is that while being simple to use forthe end user, and easy to administer and provision for thesystem administrator, it is actually more secure than theconventional hard token. The token seeds are generateddynamically, minimizing online exposure. Binding thetoken to the device is enforced and the seeds are alwaysencrypted at rest and in motion.You can activate your FortiToken tokens online directlyfrom FortiGate or FortiAuthenticator using the FortiGuard Center, which maintains your token seeds in a managedservice repository. Once the seeds are activated, they canno longer be accessed from FortiGuard,ensuring that yourseeds are safe from compromise. Alternatively, Fortinet alsooffers an encrypted activation CD solution.Privacy and ControlFortiToken Mobile cannot change settings on your phone,take pictures or video, record or transmit audio, nor canit read or sendemails. Further, it cannot see your browserhistory, and it requires your permission to send younotifications or to change any settings. “Send Feedback by Email”, to automaticallypopulate the “Sender” field nternally share files between applications to preparean attachment to be sent by email for “SendFeedback by Email”And, FortiToken Mobile cannot remotely wipe your phone.Any visibility FortiToken Mobile requires is to verify yourOS version to determine app version compatibility. WhileFortiToken Mobile cannot change any settings withoutyour permission, the following permissions are relevant toFortiToken Mobile operations: FortiToken must keep the phone awake while itis upgrading the internal database to avoid datacorruption2 Access to camera for scanning QR codes for easytoken activation TouchID/FaceID: used for app security, respectively Access to the Internet for communication toactivate tokens and receive push notifications
DATA SHEET FortiTokenTM One-Time Password TokenADVANTAGES Unique token provisioning service via FortiGuard minimizes provisioning overhead and ensuresmaximum seed security Perpetual token license and unlimited devicetransfers eliminate annual subscription fees Scalable solution leveraging existing end-userdevices offers low entry cost and TCO Reduces costs and complexity by using yourexisting FortiGate as the two-factor authenticationserver Zero footprint solutionMAIN FEATURESFortiToken Mobile OATH time- and event-based OTP generator Login details pushed to phone for one-tap approval FortiToken Hardware Devices Integrated with FortiClient and protected byFortiGuardPatented Cross Platform Token Transfer OATH TOTP compliant PIN/Fingerprint protected application Large, easy-to-read, LCD display Copy OTP to the clipboard Long-life Lithium battery OTP time interval display Tamper-resistant/tamper-evident packaging Serial Number display Token and app management Self-erase brute-force protection Apple watch compatibilitySUPPORTED PLATFORMSFortiToken MobileFortiToken Hardware Devices OATH time- and event-based OTP generator FortiOS 4.3 and up Login details pushed to phone for one-tap approval FortiAuthenticator — all versions iOS (iPhone, iPod Touch, iPad), Android, WindowsPhone 8, 8.1, Windows 10 and Windows UniversalPlatform WiFi-only devices supported (for over-the-air tokenactivation)3
DATA SHEET FortiTokenTM One-Time Password TokenSpecificationsOnboard Security AlgorithmOTP SpecComponentDimensions (Length x Width x Height)FORTITOKEN 200/200CDFORTITOKEN 220OATH-TOTP (RFC6238)OATH-TOTP (RFC6238)60 seconds, SHA-160 seconds, SHA-16-digit high contrast LCD displayBuilt-in button, 6-character LCD screen,Globally unique serial number61.5 x 27.5 x 11.5mm68 x 38 x 1 mmRoHS CompliantRoHS, CE, FCC (certificates pending)Hardware CertificationOperating Temperature14–122 F (-10–50 C32–122 F (0–50 C)Storage Temperature-4–158 F (-20–70 C)14–140 F (-10–60 C)Water-ResistantCasingIP54 (Ingress Protection)IP54 (Ingress Protection)Hard Molded Plastic (ABS) Tamper-EvidentHard Molded Plastic (ABS) Tamper-EvidentStatic RAMStatic RAMStandard Lithium BatteryStandard Lithium Battery3–5 Years3–5 YearsCasing Color, Company Logo, FaceplateBrandingCasing Color, Company Logo, FaceplateBrandingSecure Storage MediumBattery TypeBattery LifetimeCustomization Available** Customizations are quantity-basedFORTITOKEN MOBILEOnboard Security AlgorithmOATH time and event basedOTP generatorOTP SpecSupported PlatformsOver-the-Air Token ActivationOne-Tap ApprovalRFC 6238, RFC 4226iOS (iPhone, iPod Touch, iPad,iWatch), Android, WindowsPhone 8/8.1, Windows 10 andWindows Universal PlatformWiFi-only devices supportedLogin details pushed to phonePIN/Fingerprint/Facial SecuritySerial Number DisplayToken and App ManagementSelf-Erase Brute-Force ProtectionPLATFORM SCALABILITYFortiToken scalability for specific platforms can be found in the Fortinet Product Matrix located at tdatasheets/Fortinet Product Matrix.pdfOrder InformationProductSKUDescriptionFortiToken Software License KeyFTM-ELIC-5Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 5 users. Electronic licence certificate.FTM-ELIC-10Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 10 users. Electronic licence certificate.FTM-ELIC-20Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 20 users. Electronic licence certificate.FTM-ELIC-50Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 50 users. Electronic licence certificate.FTM-ELIC-100Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 100 users. Electronic licence certificate.FTM-ELIC-200Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 200 users. Electronic licence certificate.FTM-ELIC-500Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 500 users. Electronic licence certificate.FTM-ELIC-1000Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 1000 users. Electronic licence certificate.FTM-ELIC-2000Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 2000 users. Electronic licence certificate.FTM-ELIC-5000Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 5000 users. Electronic licence certificate.FTM-ELIC-10000Software one-time password tokens for iOS, Android and Windows Phone mobile devices. Perpetual licenses for 10000 users. Electronic licence certificate.FTK-200-55 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-1010 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-2020 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-5050 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-100100 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-200200 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-500500 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-10001000 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200-20002000 pieces, one-time passwork token, time-based password generator. Perpetual license.FTK-200CD-10FortiToken OTP hardware generator shipped with CD containing encrypted seed file — 10-pack.FTK-200CD-2020 pieces one-time password token, time-based password generator shipped with encrypted seed file on CD. Perpetual license.FTK-200CD-50FortiToken OTP hardware generator shipped with CD containing encrypted seed file — 50-pack.FTK-200CD-100FortiToken OTP hardware generator shipped with CD containing encrypted seed file — 100-pack.FTK-220-55 pieces, one-time password token, time-based password generator. Perpetual license.FTK-220-1010 pieces, one-time password token, time-based password generator. Perpetual license.FTK-220-2020 pieces, one-time password token, time-based password generator. Perpetual license.FTK-220-5050 pieces, one-time password token, time-based password generator. Perpetual license.FTK-220-100100 pieces, one-time password token, time-based password generator. Perpetual license.FortiToken 200FortiToken 200CDFortiToken 220www.fortinet.comCopyright 2020 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common lawtrademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except tothe extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current versionof the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication withoutnotice, and the most current version of the publication shall be 6
DATA SHEETFortiToken 300TMOne-Time Password TokenThe FortiToken 300 product is comprised of ahardware token (FortiToken 300 PKI USB token) witha chip operating system that resides on the smartcard chip of the token, and a security client softwareapplication (works only with FortiToken 300).Strong Authentication at your FingertipsEach FortiToken 300 PKI USB token is a hardware-security-modulefor authentication and cryptographic applications based on MicrosoftCAPI* and PKCS#11**.Highlights§§ Driverless USB device§§ High-performance smart card chipCertificate Authority§§ FIPS140-2 Level 3 Certified§§ Windows, Linux and MacOS supportedNetwork Email§§ MS-CAPI and PKCS#11 APIs supported§§ Onboard random number generatorSSL VPN Web AccessPKI Digital Certificateon FortiToken 300§§ Economical PKI authenticatorPKI-based VPNFortiToken 300USB Token§§ Perpetual license§§ Tamper evident hardware USB TokenHigher Level PKI-based ApplicationsFortiToken 300 PKI Ready Client Software(CAPI / PKCS#11)USBInterface§§ Onboard RSA, AES, DES/3DES, SHA-1,SHA-256 algorithms approved by NISTFIPS CAVPNetwork Login**CAPI: Cryptographic Application Programming Interface.**PKCS#11: Public-Key Cryptography Standards #11 v2.20, Cryptographic Token Interface Standard.§§ Easy integration with various
DATA SHEET FortiTokenTM 300SpecificationsFORTITOKEN 300Supported Operating System32-bit and 64-bit Windows XP SP3, Server2003, Vista, Server2008, 7, 8, 10, Server2012, 8.132-bit and 64-bit LinuxMAC OS XMiddlewareWindows middleware for Windows CSPDirect-called library for PKCS#11 under Windows, Linux and MACStandardsX.509 v3 Certificate Storage, SSL v3, IPSec, ISO 7816 1-4 8 9 12, CCIDCryptographic AlgorithmsRSA 512/1024/RSA 2048 bitECDSA 192/256 bitDES/3DESAES 128/192/256 bitSHA-1 / SHA-256Cryptographic FunctionsOnboard key pair generationOnboard digital signature and verificationOnboard data encryption and decryptionCryptographic APIsMicrosoft Crypto API (CAPI), Cryptography API: Next Generation (CNG)PKCS#11PC/SCProcessor16-bit smart card chip (Common Criteria EAL 5 certified)Memory Space64KB (EEPROM)EnduranceAt least 500,000 write/erase cyclesData RetentionMore than 10 yearsConnectivityUSB 2.0 full speed, Connector type AInterfaceISO 7816CCIDPower ConsumptionLess than 250 mWOperating Temperature0–70 C (32–158 F)Storage Temperature-20–85 C (-4–185 F)Humidity0–100% without condensationWater ResistanceIPX8 with glue injection (under evaluation)PLATFORM SCALABILITYFortiToken scalability for specific platforms can be found in the Fortinet Product Matrix located at tdatasheets/Fortinet Product Matrix.pdfOrder InformationProductSKUDescriptionFortiToken 300FTK-300-55 USB tokens for PKI certificate and client software. Perpetual license.FTK-300-1010 USB tokens for PKI certificate and client software. Perpetual license.FTK-300-2020 USB tokens for PKI certificate and client software. Perpetual license.FTK-300-5050 USB tokens for PKI certificate and client software. Perpetual license.FTK-300-200200 USB tokens for PKI certificate and client software. Perpetual license.www.fortinet.comCopyright 2019 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common lawtrademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except tothe extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current versionof the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication withoutnotice, and the most current version of the publication shall be applicable.FST-PROD-DS-FT3HR1FTK-300-DAT-R5-201909
Fortinet's FortiToken Mobile (FTM) and hardware OTP Tokens (FTK-200, FTK-200CD and FTK-220) are fully integrated with FortiClient, protected by FortiGuard and leverage direct management and use within the FortiGate and FortiAuthenticator security platforms. Secure your network with Fortinet's easy-to-manage, easy-to-use Two-
