Mobile Phone & Software Authentication

Mobile phone- and software-based authentication tokens enable organizations to significantly save on hardware and deployment costs, while users benefit by not having to carry an additional hardware token around with them.

eToken Virtual

Certificate-Based Two-Factor Authentication in a Software Authenticator

eToken Virtual is software-based two-factor authentication security solution that provides full public-key infrastructure (PKI) functionality for secure remote access, network access, and digital signing.

eToken Virtual works with SafeNet Authentication Client and SafeNet Authentication Manager (SAM) to provide a fully managed software smart card implementation with the security benefits and functionality associated with a hardware-based smart card. Just like the hardware-based eToken PRO, SAM can include PKI key pairs and certificates, as well as single sign-on profiles.

eToken Virtual’s security features ensure a high degree of software-based security and integrity: - See more at:

Keys and certificates can be securely created and stored in eToken Virtual, ensuring they are never exposed to an unsecured computing environment. The contents of eToken Virtual are separated into public and private. Public contents are openly available, and private data is encrypted using the AES 128 algorithm.
The contents of eToken Virtual are locked at time of provisioning to a specific storage device or to the PC in use. Once locked, neither eToken Virtual nor its contents can be copied to a different storage device.
eToken Virtual enforces password complexity according to organizational policies. To prevent tampering, the policies are digitally signed using the RSA 2048 key.
eToken Virtual is always stored in non-swappable memory to prevent content being written to disk.
Before deleting an eToken Virtual file from the file system, all the private data is replaced by random data and rewritten to disk to ensure no trace remains.
Technical Specifications
Management eToken TMS 5+
Security Application SafeNet Authentication Client 5+
Windows Supported OS -> Windows 8.1 (32-bit and 64-bit)
-> Windows Server 2012 R
-> All previous Windows versions
Mac Supported OS -> Mac OS X 10.9 (Mavericks)
-> All previous Mac OS X versions
Linux Supported OS Supports latest versions of the following OSs:
-> Red Hat
-> Ubuntu
-> Debian
-> CentOS
-> Fedora
For a full list of supported OSs, see the SafeNet Authentication Client technical specifications.

Features :

  • Lock and Unlock – eToken Virtual limits the number of attempts to access the authenticator, and the locked authenticator can only be unlocked by an administrator password
  • Password Policy – eToken Virtual supports the enforcement of organizational policy for password complexity and rule
  • Full Crypto Functionality using Crypto API - eToken Virtual works in conjunction with eToken PKI Client (5+) supporting full CryptoAPI and PKCS#11
  • Smartcard Login – eToken Virtual supports the ability to provide Smartcard Login to Windows environment in conjunction with eToken Network Logon 5+
  • Device Locking – eToken Virtual can be locked to a specific PC or flash device enforcing the user to use that device only thus maintaining a high level of protection and restricting use on non- authorized devices
  • Full Lifecycle Management – eToken Virtual works with SafeNet Authentication Manager to ensure self service and management capabilities offered so far only with hardware-based authenticator systems


  • Low TCO - more cost-effective than a physical authenticator
  • No downtime – physical authenticators may be misplaced, stolen or broken
  • Convenience – ensures two-factor authentication without an additional hardware device
  • Smooth manageability – software authenticators can be distributed, deployed, managed and recovered easily due to the convenience of software portability
  • Mix and match - Integrated into the mix and match of other SafeNet Authentication products and applications

MobilePASS - Mobile Software Authenticator

Software-Generated One-Time Passwords

SafeNet’s MobilePASS family of one-time password (OTP) software authentication solutions combines the security of proven two-factor strong authentication with the convenience, simplicity, and ease of use of OTPs generated on personal mobile devices or PCs. By turning a mobile phone into a two-factor authentication device, organizations save significantly on hardware and deployment costs, while users benefit by not having to carry an additional hardware token around with them.

Access Control for Remote and Local Networks

Compatible with the broadest range of mobile clients, MobilePASS provides powerful identity protection and convenient access control for remote access systems, such as VPNs, Citrix applications, Cloud applications, Outlook Web Access, and Web portals. It also offers strong authentication for secure local network access.

Superior Deployment and Management
Offering automatic one-step installation and policy-based activation, which determines the token configuration, MobilePASS significantly reduces deployment complexities, IT administration overhead, and cost when implementing strong authentication for thousands of users. Web-based self-service portals offer 24x7 support for users, further reducing help desk calls and overall true cost of ownership (TCO).

Optimized Security

Sophisticated security capabilities, including standards-based activation and dynamic seeding, allow organizations to optimize the balance between ease-of-use and TCO without compromising on security. In addition, central management of MobilePASS alongside other SafeNet authentication solutions enables organizations to adopt a layered approach to security by deploying different authentication devices and methods for different groups of users.


Policy-based Token Configuration

  • Time-sync and event-based OTP
  • Challenge response
  • Configurable PIN and token policy
  • Multi-domain support – Allows several tokens to be deployed within the same MobilePASS app, and for each 'token' to be separately used to access different resources

Simple Deployment

  • Automatic one-step installation and activation
  • Policy-based activation determines token configuration
  • BES one-click installation and activation

Advanced Security

  • Highly secure standards-based activation
  • Dynamic re-seeding means organizations control their own seed data
  • Enables organizations to implement a layered security approach for different risk profiles
  • PIN protection
  • FIPS 140-2 Level 1* certified Crypto Library ensures security and integrity of MobilePASS cryptographic modules


  • Allows optional end-to-end app branding 
  • Enables embedding OTP-based authentication within existing apps 
  • Supported programming languages: Java for Android, Objective C for iOS, and C++ for Windows desktop


  • Automated deployment and activation reduces IT administration and simplifies installation for end users
  • Streamlined management enables centralized and automated administration, provisioning, deployment, and revocation
  • Superior software security mechanisms enable organizations to optimize the balance between TCO and security
  • Convenient, simple, and easy to use for employees and customers
  • Complements SafeNet’s broad range of OTP and certificate-based authentication solutions, allowing organizations to tailor security to use cases and risk levels
  • Ensures compliance with local and international regulations
Technical Specifications
Supported Management Software -> SafeNet Authentication Service
-> SafeNet Authentication Management
-> SafeNet Authenticatino Management Express (SafeWord 2008)
Supported Operating Systems -> Mobile*: BlackBerry, iOS, Java, J2ME, Android, Windows Mobile, Windows Phone 7
-> SMS/E-mail delivery
-> PC: Mac OS, Windows
* SafeNet Authentication Service currently supports iOS, Android, Blackberry and Windows desktops
Supported Applications -> VPNs – all leading vendors, e.g. Cisco, Check Point, IBM, etc.
-> VDI – all leading vendors, e.g. Citrix, VMware, AWS
-> SaaS applications – all leading vendors supporting SAML 2.0, e.g. GoogleApps, Office 365, SalesForce.Com, ZenDesk, ShareFile, RemedyForce, etc.
-> Web-based portals – all leading vendors, e.g. IIS, Outlook Web Access (OWA),harePoint, ERP platforms, etc.
-> Local network access – all leading vendors, e.g. Windows, Oracle, IBM
*Supported integrations may slightly vary by platform
Security Applications -> Event OTP - HOTP HMAC-SHA256
-> Time OTP - TOTP HMAC-SHA256

MP-1 Software Tokens

Our software token enhances the functionality of the computer the user already has, turning it into a token that can be used for strong authentication.

MP-1 Tokens are software tokens that transform a user’s computer into a one-time password generator. Offering the convenience of software-based authenticators, MP-1 Tokens never expire, and can be issued and revoked as often as necessary, without requiring recovery of the software from the user's device.

Self-enrollment of MP-1 Tokens can be tailored to your organization’s policies, including passcode configuration, instructions, notifications, permitted target devices and more.
MP-1 Token provisioning can be automated using SafeNet Authentication Service provisioning rules, allowing end-to-end token administration for an entire workforce.

Automated, Authenticated Logon
Offering fully automated and authenticated logon, MP-1 Tokens provide a simple logon experience, yielding a satisfied end user and few support desk calls. While other software tokens require the user to launch the software token application, generate an OTP and then cut-and-paste it into the password field, the MP-1 can be seamlessly integrated with many web applications, browsers and VPN logons, eliminating these steps.
Instead, when a user requests access to an integrated resource such as Citrix Web Interface or Windows logon, they need only provide their PIN when prompted. If the PIN is correct, the MP-1 will automatically provide the necessary OTP, removing the need to launch the application or cut-and-paste the OTP.

Key Benefits

Secure: The MP-1 uses AES-256 bit encryption to generate OTPs using a combination of digits, digits and letters or digits, letters and special characters.

Compatibility: The MP-1 on SafeStick can be used to logon to SafeNet Authentication Service protected resources including VPNs, Web applications, Citrix and Outlook Web Access.

Integrated Strong Authentication: Logon is automatic with integrated solutions. For integrated solutions there's no need to launch the token application. Instead the user provides their PIN when prompted and the MP-1 completes the logon, providing both the user logon ID and OTP credentials.

Cost Effective: MP-1 tokens never expire and can be issued and revoked as often as necessary. Automated provisioning and self-enrollment and replaceable battery deliver a very high return of investment.

Key Features

  • Event-based OTP
  • Challenge/Response OTP
  • Variable OTP length:
    • 6-8 characters
    • Digits (0 - 9)
    • Hexadecimal: (0 - 9, A - F)
    • Base32 (0 - 9, A - Z)
    • Base64: (0 - 9, Aa - Zz, punctuation)
  • OTP/cycle selection
  • Automatic shut-off
  • Digital transaction signing

Installs on:

  • Windows PCs (32/64 bit):
    • Mac OS X Lion or later (including 10.7 and 10.8)
    • Windows XP - Engineering support to be retired after the 3.3.2 on-prem release of SafeNet Authentication Service
    • Windows Vista
    • Windows 7
    • Windows 2003 Server Family - Engineering support to be retired after the 3.3.2 on-prem release of SafeNet Authentication Service
    • Windows 2008 Server Family
    • Windows Server 2012 R2
  • Mobile Clients:
    • iOS Devices running iOS 4.3 or later
    • Android devices running OS 2.2 or later
    • Blackberry devices running OS 4.5 or later
    • Windows Phone 7 or later (including 7.5 and 8)
    • Java phones CLDC 1.1+ and MIDP 2.0+