|
Security token - Definition and Overview |
| Related Words: Armor, Arrogance, Aspiration, Assumption, Assurance, Asylum, Authenticity, Bail, Balance, Belief, Blackout, Bond, Censorship, Certainty |
|
|
|
A security token (or sometimes a hardware token) is a small physical device that an authorized user of computer services is given to aid in authentication. They can also store cryptographic keys and biometric data. Tokens are typically small enough to be carried in a pocket or purse and often are designed to attach to the user's keychain. Better designs feature tamper resistant packaging and some include small keypads, allowing PIN entry.
One type of security token (e.g. RSA's SecurID) displays a number which changes every so often (typically every minute). The user enters that number along with a PIN when logging on to a computer system. The token contain a time of day clock and a unique seed value. The number displayed is a cryptographic hash of the seed, the time of day and perhaps a PIN. The computer also knows the time of day and the user's seed and PIN, so it can verify the entry. The computer can be instructed to accept values one or two minutes off to allow for ordinary error.
Other security tokens connect directly to the computer through various input/output ports such as PC card (e.g. Fortezza), USB, Smartcard or Bluetooth. Some use a special purpose interface (e.g. NSA's crypto ignition key). Tokens can also be used as a photo ID card. Cell phones and PDAs can also serve as security tokens with proper programming.
Security tokens provide the "what you have" component in multi-factor authentication.
|
|
|
