SanDisk Launches “TrustedSignins” Authentication System to Protect
Against On-Line Fraud

Based On SanDisk TrustedFlash Technology, New Authentication System
Will Be Installed On Select SanDisk USB Flash Drives and Mobile
Formats; Uses One-Time Passwords For Multiple Accounts

NICE, FRANCE, OCTOBER 23, 2006 — Online banking, shopping and other
transactions will soon have added security with a new dual-factor
authentication product called TrustedSignins, which was introduced
today by SanDisk Corporation (NASDAQ: SNDK), the world’s largest
supplier of flash memory cards. The announcement was made at the RSA
Conference, where SanDisk is giving demonstrations at Stand 38 in the
Nice Acropolis.

TrustedSignins is based on SanDisk TrustedFlash technology which
combines SanDisk’s 32-bit controller architecture with an embedded
high-performance cryptographic engine to provide real-time encryption
and tamper-resistant security to keep stored data highly secure. As a
secure platform that is transparent to the consumer, TrustedFlash is
ideal for supporting one time passwords and other secure value-added

The TrustedSignins authentication system provides highly secure
protection against online fraud because it uses dual-factor
authentication, which requires the combination of something you know,
such as a password or user name, with something you have, such as a
SanDisk USB flash drive or mobile card. The TrustedSignins solution
is based on the same SanDisk USB flash drives and mobile card formats
sold at many of the more than 187,000 stores worldwide that carry
SanDisk products.

“TrustedSignins technology will be available to financial and other
institutions for pilot programs before becoming a standard feature on
select SanDisk USB flash drives in 2007,” said Ron LaPedis, product
marketing manager for SanDisk. “TrustedSignins software is stored and
launched directly from the USB flash drive and requires no
installation on a host computer, thus making it consumer-friendly.”

In addition to entering a static user name and password, a consumer
connects the SanDisk flash drive containing TrustedSignins technology
to a PC and a one-time password (OTP) is generated and supplied to
the website for an extra level of security. The one-time password can
be routed seamlessly to an identity protection network for
validation, allowing the user to access multiple accounts such as
those from a bank, auction house or brokerage.

RSA, The Security Division of EMC, and Verisign are each working with
SanDisk to enable and provide consumer-friendly, two-factor
authentication for end-users who purchase SanDisk mass-storage
devices at retail outlets and then use them at either an RSA SecurID
enabled webite or a VeriSign-enabled website. The generic term for a
device with this functionality is called a token. TrustedSignins
supports multiple virtual tokens and multiple algorithms, so the
technology is versatile and expandable.

“As the public grows increasingly aware of the risks associated with
transacting online, consumers are looking to their banks and other
institutions to deliver more effective means of protecting their
identities,” said Jim Melvin, vice president of marketing at RSA, The
Security Division of EMC. “Delivering SanDisk flash drives with
embedded RSA SecurID technology will provide consumers with access to
market-leading technology and the ability to strongly authenticate
using a device they already carry. We are excited to see this
initiative move forward and pleased that SanDisk has chosen to
support RSA’s efforts to provide more flexible options for stronger
user authentication.”

“The VeriSign Identitiy Protection (VIP) Shared Authentication
Network provides an integrated network intelligence platform that
allows consumers to utilize their two-factor credentials across the
internet,” said Nico Popp, vice president, Authentication Services
for VeriSign. “Combined with SanDisk’s USB and mobile cards,
consumers now have the benefit of a device that offers strong online
security experience while preserving the convenience of their current
web lifestyle.”

The TrustedSignins platform is built upon SanDisk’s 32-bit memory
controller driving an embedded high-performance cryptographic engine.
This provides real-time encryption and tamper-resistant security to
keep stored data highly secure. As a secure platform that is
transparent to the consumer, it is ideal for supporting one-time
passwords and other secure value-added applications.

The main advantage for enterprises over existing token-based
authentication solutions is that the institution does not need to
bear the expense of stocking and supplying tokens to its user base
but can simply advise customers to buy a TrustedSignins compatible
SanDisk memory device in whatever capacity they like. As an
incentive, the institution can offer a rebate to customers who use a
memory device as their authentication method.

For consumers, the benefit is in having an authentication system on a
device that they would normally carry with them, as opposed to a
dedicated device that can only generate one-time passwords. SanDisk
provides an automatic OTP fill-in browser plug-in with simple,
clickable icons that makes the system easy to use and adopt.

Under the partnership with VeriSign, SanDisk is embedding the
capability to access the VeriSign Identity Protection (VIP) Service
based on Open Authentication (OATH) compliant One-Time Password

“OATH is very pleased that San Disk is introducing the TrustedSignin
One Time Password solution that uses the OATH algorithm,” said Donald
Malloy, director of business development at OATH. “By promoting the
use of Open Authentication solutions, member company San Disk is
providing a device that offers strong authentication and is
compatible with other OATH complaint systems.”

As announced in February at RSA Conference 2006, RSA and SanDisk are
working together so that SanDisk will be embedding the
industry-leading RSA SecurID one-time-password (OTP) algorithm into
the flash drives.

SanDisk is the original inventor of flash storage cards and is the
world’s largest supplier of flash data storage card products, using
its patented, high-density flash memory and controller technology.
SanDisk is headquartered in Milpitas, California, and has operations
worldwide, with more than half its sales outside the U.S.