Strengths: Secure storage; PSTS token
Weaknesses: Requires a lot of work for large installations
Verdict: A secure way of providing your users with tokens, but quite a burden of management for large installations
Available with 128MB, 256Mb, 512MB, 1GB and 2GB of memory, MXI's Stealth MXP is a USB flash disk with a built-in fingerprint reader. The reader and USB ports slide inside the drive's housing, but it is stiff to operate and can be difficult to extract.
At its most simple, the stick provides secure removable storage to a maximum of five users. Each user on the drive is given a secure partition, which can only be unlocked using a fingerprint scan. For extra security, a password can be added as well. This gives the Stealth MXP two-factor authentication just to access the hidden partition.
Configuring the drive is done through the access console, which lets you define the number of users on each drive, their role (administrator or general user), register fingerprints and set the drive's policy - you can choose the number of fingerprints that can be registered, if a password has to be used and the number of biometric retries.
For large roll-outs. there is quite a burden of management, as you'll have to do the same job for each device in your company. MXI says it has tools to aid enterprise rollout, but did not supply any for this group test.
We tested our device in Windows, which worked well, apart from a minor gripe, which was that the drive kept disconnecting and reconnecting, bringing up Windows' new drive dialogue box.
While secure storage is useful, it's what you can do with it that's more useful. The Stealth MXP also supports WS-Trust Portable Security Token Service (PSTS). Specific applications can be built into the drive's System Tray icon, too. Our demo unit came preloaded with a Citrix/RSA system login. The Stealth MXP carried the necessary software and secure token to generate our single-use key to log onto the remote system.
To integrate the Stealth MXP with your systems, you'll need the Access Token software, which lets you use the USB key with authentication software that uses the PKCS #11 or Microsoft CAPI standard interfaces. There's also an SDK available, so you can integrate your own applications with the product.
If you've got the existing security infrastructure in place, then the Stealth MXP is a clever way of providing your users with secure removable storage. From the demonstration we've seen, it works brilliantly when integrated properly, but there's quite a lot of work involved to get to this stage.