Security token

Security tokens can be used to store information such as passwords, cryptographic keys used to generate digital signatures, or biometric data (such as fingerprints).

Connected tokens utilize a variety of interfaces including USB, near-field communication (NFC), radio-frequency identification (RFID), or Bluetooth.

There are four different ways in which this information can be used: Time-synchronized, one-time passwords change constantly at a set time interval; e.g., once per minute.

[2] However, some such systems, such as RSA's SecurID, allow the user to re-synchronize the server with the token, sometimes by entering several consecutive passcodes.

Tokens can contain chips with functions varying from very simple to very complex, including multiple authentication methods.

[4] Alternatively, another form of token that has been widely available for many years is a mobile device which communicates using an out-of-band channel (like voice, SMS, or USSD).

[citation needed] A related application is the hardware dongle required by some computer programs to prove ownership of the software.

Commercial solutions are provided by a variety of vendors, each with their own proprietary (and often patented) implementation of variously used security features.

[5] Tokens without any kind of certification are sometimes viewed as suspect, as they often do not meet accepted government or industry security standards, have not been put through rigorous testing, and likely cannot provide the same level of cryptographic security as token solutions which have had their designs independently audited by third-party agencies.

They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually themselves via a keyboard or keypad.

The audio jack port is a relatively practical method to establish connection between mobile devices, such as iPhone, iPad and Android, and other accessories.

Some use a special purpose interface (e.g. the crypto ignition key deployed by the United States National Security Agency).

However, computational performance of smart cards is often rather limited because of extreme low power consumption and ultra-thin form-factor requirements.

The Bluetooth Low Energy protocols provide long lasting battery lifecycle of wireless transmission.

When the Bluetooth link is not properly operable, the token may be inserted into a USB input device to function.

Another combination is with a smart card to store locally larger amounts of identity data and process information as well.

[citation needed] The NFC protocol bridges short distances to the reader while the Bluetooth connection serves for data provision with the token to enable authentication.

[14][15] In 2012, the Prosecco research team at INRIA Paris-Rocquencourt developed an efficient method of extracting the secret key from several PKCS #11 cryptographic devices.

A Radio-frequency identification card used to open a door.
Example of keypad issued by a bank.
A disconnected token. The number must be copied into the PASSCODE field by hand.