Computers, Security
Token - what is it?
The issue of electronic security is one of the most important in the modern world. Many different ways of solving it have been proposed. A token is one of them. What is it like, and what features of its application exist?
Token - what is this?
Tokens can be used instead of a password or as an addition to it. Usually they are of a small size and calmly placed in a purse or pocket. Improved versions also offer the ability to store cryptographic keys (electronic signature, biometric data). Token - what is it externally? Are they all the same? They differ in appearance, and not only in terms of functionality: some have only a screen, others are supplemented by a miniature keyboard, and still others simply have a small button addition. Tokens are equipped with RFID functions, a USB or Bluetooth interface to transfer the key to the client system. They are made by quite a few companies, and the widest range is presented. Among the leading manufacturers there are such enterprises: "E Token" and "RuToken"
Types of tokens
There are also different reactions of operating systems to different types of tokens. So, some can just read the key and perform the required cryptographic operations. Others can additionally require a password. Commercial solutions of this technology are provided by companies, usually with their own security mechanisms and with implementation features. So, the USB token can be made in the form of a miniature flash drive, or it can be a mobile communication device. It is also possible to implement it when it is disguised as a keychain or other small thing.
Vulnerabilities
- Loss or theft. If these processes were random, then there is nothing to worry about. But if these actions were committed by someone intentionally, in this case, two-factor authentication will help to minimize risks, when not only a token but also an access password (static or constantly generated and sent to the phone) is needed to complete the identification process.
- The scheme of "a man in the middle." This is manifested when working through an unreliable network (the Internet is a very good example). The essence of the scheme is that a cryptanalyst is connected to the data channel, which can read and change messages at will. And none of the correspondents can understand (technically) that it is not the messages of his partner for the exchange of messages.
Mobile devices as tokens
Similar articles
Trending Now