Token - what is it?

The issue of electronic security is one of the most important in the modern world. Many different ways of solving it have been proposed. A token is one of them. What is it like, and what features of its application exist?

Token - what is this?

Initially, let's define the terminology. A token is a compact device that is designed to provide information security to the user. It is used to identify its owner and the ability to provide secure remote access to all kinds of information.

Tokens can be used instead of a password or as an addition to it. Usually they are of a small size and calmly placed in a purse or pocket. Improved versions also offer the ability to store cryptographic keys (electronic signature, biometric data). Token - what is it externally? Are they all the same? They differ in appearance, and not only in terms of functionality: some have only a screen, others are supplemented by a miniature keyboard, and still others simply have a small button addition. Tokens are equipped with RFID functions, a USB or Bluetooth interface to transfer the key to the client system. They are made by quite a few companies, and the widest range is presented. Among the leading manufacturers there are such enterprises: "E Token" and "RuToken"

Types of tokens

Tokens come with different functionalities, up to the point that they have several authentication methods. The simplest representatives do not need to be constantly connected to the computer. They generate numbers, and the user simply enters them into the form. There are tokens that use wireless technologies like Bluetooth. They act by transferring a key sequence. A separate position is occupied by devices that are made in the manner of the USB device. They require direct connection to the computer on which the data will be received.

There are also different reactions of operating systems to different types of tokens. So, some can just read the key and perform the required cryptographic operations. Others can additionally require a password. Commercial solutions of this technology are provided by companies, usually with their own security mechanisms and with implementation features. So, the USB token can be made in the form of a miniature flash drive, or it can be a mobile communication device. It is also possible to implement it when it is disguised as a keychain or other small thing.

Vulnerabilities

There are two main problems when using tokens:

1. Loss or theft. If these processes were random, then there is nothing to worry about. But if these actions were committed by someone intentionally, in this case, two-factor authentication will help to minimize risks, when not only a token but also an access password (static or constantly generated and sent to the phone) is needed to complete the identification process.
2. The scheme of "a man in the middle." This is manifested when working through an unreliable network (the Internet is a very good example). The essence of the scheme is that a cryptanalyst is connected to the data channel, which can read and change messages at will. And none of the correspondents can understand (technically) that it is not the messages of his partner for the exchange of messages.

Mobile devices as tokens

Token - what's with this unusual perspective? Are there features in comparison with the standard procedure? A token can be a mobile computing device, such as a smartphone or tablet. They can also provide two-factor identification, for which it is not required that a person constantly has with him additional physical equipment. Some manufacturers have developed applications that are tokens when installed on mobile devices and generate a cryptographic key. This solution allows us to provide a high level of security, including eliminating the problems of "the person in the middle." Now we can say that the basic information about the token - what it is and how it functions - is known to you.