These settings are :
Private data caching mode
RSA key secondary authentication
In PKI Client 4.5, public information stored on the eToken is cached to enhance performance. This option defines when private information (excluding private keys on the eToken PRO / NG OTP / Smartcard) can be cached outside the eToken.
Select one of the following options:
Always (fastest): always caches private information in the application memory. This enables fast performance, as certain information is cached on the host machine. However, this option is less secure than if no cache is allowed.
While user is logged on: caches private data outside the eToken as long as the user is logged on to the eToken. Once the user logs out, all the private data in the cache is erased.
Never: does not cache private data.
An authentication password may be set for an RSA key. If this option is used, then in addition to having the eToken and knowing the eToken's password, accessing the RSA key requires knowing the password set for that particular key.
This option defines the policy for using this secondary authentication of RSA keys.
Always: every time an RSA key is generated, you are prompted to enter a secondary password for accessing this key. Clicking OK generates the key and uses the entered password as the secondary RSA password for that key. Clicking Cancel causes key generation to fail.
Always prompt user: every time an RSA key is generated, a secondary password for accessing this key is requested. However, the user can choose to dismiss the prompt (by clicking Cancel), and key generation will continue without using a secondary password for the generated RSA key.
Prompt on application request: this enables applications that use secondary authentication for RSA keys to make use of this feature on the eToken (when creating the key in Crypto API with a user protected flag).
Never: secondary passwords are not created for any RSA key and the authentication method uses only the eToken password to access the key.