Tokens

Tokens
• Also known as smart tokens. Are password-
generating devices that subjects must carry with
them. It is an example of Type 2 factor, or
“something you have”

• It can be a static password device, such as an

ATM card or other memory card.
Four types of token devices:
• Static tokens
• Synchronous dynamic password tokens
• Asynchronous dynamic password tokens
• Challenge-response tokens
Static token
• Offer a physical means to provide identity.
• Require an additional factor to provide
authentication
• Most device static tokens host a cryptographic
key, such as a private key, digital signature, or
encrypted logon credentials
• Cryptographic key can be used as an identifier or as
an authentication mechanism
• The cryptographic key is much stronger than a
password because it is pre-encrypted using a strong
encryption, it is significantly longer, and it resides
only in the token.
• Mostly used as identification rather than
authentication factors.
Examples of Static token:
• Swipe card
• Smart card
• Floppy disk
Synchronous dynamic password token
• Generates passwords at fixed time intervals
• Time interval tokens require that the clock on the
authentication server and the clock on the token device
be synchronized.
• The generated password is entered into the system by
the subject along with a PIN, pass phrase, or password.
• The generated password provides the identification, and
the PIN/pass
Asynchronous dynamic password token
• Generates passwords based on the occurrence of an
event.
• An event token requires that the subject press a key on
the token and on the authentication server. This action
advances to the next password value.
• The generated password and the subject’s PIN, pass
phrase, or password are entered into the system for
authentication.
 One-Time Password Generators
• Create the passwords for your users and make one-time
passwords reasonable to deploy.
• Users only need to possess the token device, have
knowledge of the logon procedure , and possibly have
memorized a short PIN.
Challenge-response Tokens
• Generate passwords or responses based on instructions
from the authentication system.
Advantage
• Uses two or more factors to establish identity and provide
authentication
• The subject must be in physical possession of the token
device
Disadvantage
• If the battery dies or device is broken, the subject is
unable to gain access
• Can be lost or stolen