SanDisk Launches "TrustedSignins" Authentication System to Protect Against On-Line Fraud

Technology That Uses One-Time Passwords For Multiple Accounts Will Be Installed On Select SanDisk USB Flash Drives and Mobile Formats



NICE, FRANCE, OCTOBER 23, 2006 – Online banking, shopping and other transactions will soon have added security with a new dual-factor authentication product called TrustedSignins™, which was introduced today by SanDisk® Corporation (NASDAQ: SNDK), the world’s largest supplier of flash memory cards. The announcement was made at the RSA® Conference, where SanDisk is giving demonstrations at Stand 38 in the Nice Acropolis.

The TrustedSignins authentication system provides highly secure protection against online fraud because it uses dual-factor authentication, which requires the combination of something you know, such as a password or user name, with something you have, such as a SanDisk USB flash drive or mobile card. The TrustedSignins solution is based on the same SanDisk USB flash drives and mobile card formats sold at many of the more than 187,000 stores worldwide that carry SanDisk products.

“TrustedSignins technology will be available to financial and other institutions for pilot programs before becoming a standard feature on select SanDisk USB flash drives in 2007,” said Ron LaPedis, product marketing manager for SanDisk. “TrustedSignins software is stored and launched directly from the USB flash drive and requires no installation on a host computer, thus making it consumer-friendly.”

In addition to entering a static user name and password, a consumer connects the SanDisk flash drive containing TrustedSignins technology to a PC and a one-time password (OTP) is generated and supplied to the website for an extra level of security. The one-time password can be routed seamlessly to an identity protection network for validation, allowing the user to access multiple accounts such as those from a bank, auction house or brokerage.

RSA, The Security Division of EMC, and Verisign are each working with SanDisk to enable and provide consumer-friendly, two-factor authentication for end-users who purchase SanDisk mass-storage devices at retail outlets and then use them at either an RSA SecurID® enabled webite or a VeriSign-enabled website. The generic term for a device with this functionality is called a token. TrustedSignins supports multiple virtual tokens and multiple algorithms, so the technology is versatile and expandable.

“As the public grows increasingly aware of the risks associated with transacting online, consumers are looking to their banks and other institutions to deliver more effective means of protecting their identities,” said Jim Melvin, vice president of marketing at RSA, The Security Division of EMC. “Delivering SanDisk flash drives with embedded RSA SecurID® technology will provide consumers with access to market-leading technology and the ability to strongly authenticate using a device they already carry. We are excited to see this initiative move forward and pleased that SanDisk has chosen to support RSA’s efforts to provide more flexible options for stronger user authentication.”

”The VeriSign® Identitiy Protection (VIP) Shared Authentication Network provides an integrated network intelligence platform that allows consumers to utilize their two-factor credentials across the internet,” said Nico Popp, vice president, Authentication Services for VeriSign. ”Combined with SanDisk’s USB and mobile cards, consumers now have the benefit of a device that offers strong online security experience while preserving the convenience of their current web lifestyle.”

The TrustedSignins platform is built upon SanDisk’s 32-bit memory controller driving an embedded high-performance cryptographic engine. This provides real-time encryption and tamper-resistant security to keep stored data highly secure. As a secure platform that is transparent to the consumer, it is ideal for supporting one-time passwords and other secure value-added applications.

The main advantage for enterprises over existing token-based authentication solutions is that the institution does not need to bear the expense of stocking and supplying tokens to its user base but can simply advise customers to buy a TrustedSignins compatible SanDisk memory device in whatever capacity they like. As an incentive, the institution can offer a rebate to customers who use a memory device as their authentication method.

For consumers, the benefit is in having an authentication system on a device that they would normally carry with them, as opposed to a dedicated device that can only generate one-time passwords. SanDisk provides an automatic OTP fill-in browser plug-in with simple, clickable icons that makes the system easy to use and adopt.

Under the partnership with VeriSign, SanDisk is embedding the capability to access the VeriSign® Identity Protection (VIP) Service based on Open Authentication (OATH) compliant One-Time Password algorithms.

“OATH is very pleased that San Disk is introducing the TrustedSignin One Time Password solution that uses the OATH algorithm,” said Donald Malloy, director of business development at OATH. “By promoting the use of Open Authentication solutions, member company San Disk is providing a device that offers strong authentication and is compatible with other OATH complaint systems.”

As announced in February at RSA Conference 2006, RSA and SanDisk are working together so that SanDisk will be embedding the industry-leading RSA SecurID one-time-password (OTP) algorithm into the flash drives.

SanDisk is the original inventor of flash storage cards and is the world’s largest supplier of flash data storage card products, using its patented, high-density flash memory and controller technology. SanDisk is headquartered in Milpitas, California, and has operations worldwide, with more than half its sales outside the U.S.

SanDisk’s product and executive images can be downloaded from
http://www.sandisk.com/corporate/media.asp
SanDisk’s web site/home page address: http://www.sandisk.com

SanDisk and the SanDisk logo are trademarks of SanDisk Corporation, registered in the United States and other countries. TrustedSignins and TrustedFlash are trademarks of SanDisk Corporation. RSA and SecurID are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder (s).

This press release contains certain forward-looking statements, including expectations for new product and technology introductions, applications, markets, and customers that are based on our current expectations and involve numerous risks and uncertainties that may cause these forward-looking statements to be inaccurate. Risks that may cause these forward-looking statements to be inaccurate include among others: we may not be able to successfully integrate the described technology, if we do integrate the technology, market demand for our products may grow more slowly than our expectations or there may be a slower adoption rate for these products in new markets that we are targeting, and the other risks detailed from time-to-time in our Securities and Exchange Commission filings and reports, including, but not limited to, Form 10-K and our quarterly reports on Form 10-Q. We do not intend to update the information contained in this press release.

Contact Information

Mike Wong

SanDisk Corporation

Contact via E-mail