The storage within the iKey 1000 token is organized into directories and files. Access to files can be controlled through the use of the PIN-based access control security functions. The iKey 1000 security system provides for two levels; the end-user and the Enterprise Security Officer. An end-user can be authorized to perform sensitive functions in the iKey 1000 via PIN or pass phrase authentication. A Security Officer (SO) may also be authenticated to the token with a separate PIN or pass phrase to perform sensitive operations, such as initializing an End-user’s PIN.

One other such sensitive operation is initialization of PKI functionality on the iKey 1000 token. In the Windows version, it is a function of the Security Officer to decide whether to dedicate some of the overall iKey 1000 memory for exclusive use by PKI functionality embodied in the iKey 1000 series software libraries.

When enabled, the PKI libraries divide the dedicated memory into two areas. One area is for public storage where digital certificates, public keys, cookies and other unprotected data can be stored. The second storage area is for private storage of shared secrets and private keys. This private area has authenticated secure access and the data is held in encrypted form.

All PKI functions are performed within a Security Module embedded within the iKey 1000 Series Windows Client Software. When operations involving secure private objects are required, then the Security Module retrieves the necessary Private keys from the iKey 1000 token after first meeting the authentication requirements with a User PIN.

The iKey 1000 series software and token can perform variety of other cryptographic algorithms in addition to RSA, including: DES in ECB and CBC modes, DES, 3DES, RC2, RC4 and RC5.