| Security Token |
Article Index for Security |
Website Links For Security |
Information AboutSecurity Token |
| CATEGORIES ABOUT SECURITY TOKEN | |
| authentication methods | |
|
.]] A security token (or sometimes a '''hardware token''', '''authentication token''' or '''cryptographic token''') is a physical device that an authorized user of computer services is given to aid in Authentication . Tokens are typically small enough to be carried in a pocket or purse and often are designed to attach to the user's Keychain . Some may store Cryptographic Key s, like a Digital Signature , or Biometric data, like a fingerprint. Some designs feature Tamper Resistant packaging, other may include small keypads, thus allowing entry of a PIN . EMBODIMENTS Some tokens are very simple, others are complex and have embedded several other technologies. There are many vendors with different technologies, many of these are patented. Digital signatures For tokens to identify the user all tokens must have some kind of number that is unique, not all of these fully qualify as Digital Signature s according to national laws. Tokens with no on-board keyboard or another User Interface can not be used in some Signing scenarios, like when confirming a bank transaction based on the bank account number that the funds are to be transferred to. Single sign-on software Some types of Single Sign-on solutions, like Enterprise Single Sign-on , use the token to store software that allows for seamless authentication and Password Filling . One-time passwords In short, a One-time Password is a Password that changes after each Login , or changes after a set time interval. Mathematical algorithm type one-time passwords Mathematical algorithm type One-time Password s uses a complex mathematical algorithm to generate a new password based on the previous one, the first time a password is generated the algorithm typically uses a secret shared key. The open source OATH algorithm is standardized, others algorithms are US patented. = CRYPTOCard CRYPTOCard produce a new One-time Password each time its button is pressed. The computer system will accept several forward values in case the button is pressed more than once by accident, or if the Client failed to authenticate. = Verisign Verisign Unified Authentication uses the OATH standard. Verisign Unified Authentication OEM is Aladdin Knowledge Systems. Time-synchronized one-time passwords A time-synchronized One-time Password is constantly changing given a set time interval, thus to do this some sort of synchronization must exist between the Client 's token and the authentication Server . For Disconnected tokens this time-synchronization is done before the token is distributed to the Client , other token types do the synchronization when the token is inserted into a Input Device . = Booleansoft Booleansoft tokens synchronize with the authentication server when inserted into an Input Device like a USB Input Device or a CD-ROM Drive . US Patent Pending technology. = RSA Security's SecurID RSA Security 's SecurID displays a number which changes at a set interval; e.g. a time-synchronized One-time Password . The Client enters the One-time Password along with a PIN when Authenticating . US Patented technology. = Vasco's DigiPass Vasco 's DigiPass series has a small keyboard where the user can enter a PIN , in addition it generates a new One-time Password every 36 seconds. US Patented technology. TOKEN MODEL TYPES Some tokens types are disconnected; thus they don't need an Input Device , on the other hand, some token types need Input Device 's. For the purchaser of a security token solution there may be hidden costs in expensive Input Device s. Bluetooth Bluetooth tokens are often combined with a USB token, thus working in both a connected and a Disconnected state. Bluetooth authentication works when closer than 32 feet (10 meters), if the token is not within the range then the token must be inserted into USB Input Device to function as an authentication device. Disconnected tokens Disconnected tokens are by far the most commen today, VASCO 's Digipass and RSA Security 's SecurID are some examples. The advantage with Disconnected tokens is that you don't need any Input Device s. On the downside, they have a relatively short estimated battery lifetime, usually only 3-5 years, which is low compared to USB tokens which may last 10 years. Some Disconnected tokens allows the batteries to be changed after they expire, thus reducing the cost of purchasing new tokens. PC cards The PC Card tokens are made to only work with Laptop s. Type II PC Card s are preferred as a token as they are half as thin as Type III. Mykotronx Corp. Mykotronx Corp. makes the Fortezza card token for laptops with a PC Card Input Device . Smart cards Smart Card Input Device s are relatively expensive compared to other token Input Device s. There are also significant wear-and-tear on the Smart Card s themselves because of the friction when sliding the card through the Input Device , thus shortening the lifespan of the Smart Card token. Universal Serial Bus (USB) The USB Input Device has become a standard in Computer 's today, USB tokens are therefore a cheaper alternative than other tokens needing a Input Device . The Input interface is also very simple, causing less friction when inserting the USB token into the Input Device , thus USB are not victimized of friction damage over time. Booleansoft Booleansoft has several types of USB tokens, some include fingerprint Biometric s. Each Client that requires secure authentication is supplied with a personal security token. When the USB token is inserted into a PC 's USB Input Device , a Software program stored on the token (called the 'token software') is then automatically started. The token software lets the user generate new One-time Password s and Digital Signature s to access a remote resource for Authentication purposes. Verisign Verisign 's Unified Authentication provides a single, integrated platform for provisioning and managing all types of two-factor authentication credentials. Other types Some use a special purpose interface (e.g. the crypto ignition key deployed by the United States National Security Agency ). Tokens can also be used as a photo ID Card . Cell Phones and PDAs can also serve as security tokens with proper programming. Booleansoft provides CD tokens, some the size of a standard credit cards. USB tokens have the advantage of being self-contained since they can be plugged directly to a Computer 's USB Input Device and therefore do not need a separate reader. From the Computer Operating System 's point of view such a token is a USB -connected Smart Card reader with one non-removable Smart Card present. RELATED TECHNOLOGIES Enterprise single sign-on Some Enterprise Single Sign-on (E-SSO) solutions uses security tokens. Two-factor authentication (T-FA) Security tokens provide the "what you have" component in Two-factor Authentication and multi-factor authentication solutions. USAGE The simplest security tokens do not need any connection to a Computer . The Client enters the number displayed on his or her token, usually along with a PIN , when asked to do so. Others connect to the computer using wireless techniques, such as Bluetooth . Still others plug into the computer. For these one must: # Connect the token to the computer using an appropriate Input Device # Enter the PIN if necessary Depending on type of the token the Computer OS will now either
A related application is the hardware Dongle required by some computer programs to prove ownership of the Software . The Dongle is placed in a Input Device and the Software accesses the I/O Device in question to Authorize the use of the Software in question. SEE ALSO REFERENCES |
|
|