Security token and One Time Passwords

Posted on November 27th, 2009 by Deepak

Security tokenEvery company, specially in IT/Software company heavily relies on Security Token with one time password feature. Wherever security and privacy is an issue security tokens are used. Security token is nothing but a very small crytographic device which you can carry inside your pocket. It is like an electronic key to access private or confidential data. Some of these devices are like you credit cards or ATM cards with cryptographic keys like digital signature and biometric such as fingerprint minutiae. However some more advanced tokens may include small size key board on it which can be used to enter the PIN and generated the password to access the system. Some devices even come with USB, Bluetooth or RFID functions.Generally tokens come in four varieties. Some uses static password and some device uses synchronous Dynamic Password. There are devices which uses asynchronous password as well as challenge response.

OTPThese devices are not very simple as they make use of compex cryptographic algorithms. Moreover the password generated by these device are for only one time usage. That is why they are often called One Time Password or OTP. OTP algorithms uses different approaches to generate the random passwords:

One approach is to use a mathematical algorithm to generate a new password based on the previous password. So the generated passwords follows the chain and are used in predefined sequence.

Another effective approach is based on time-synchronization between the authentication server and the client providing the password. In this approach the passwords are valid for only short duration of time, say 3 minutes. Moreover, it is impossible to guess the next password even if you know know the current password.

One more approach is to use mathematical algorithm where the new password is based on a challenge.

I studied about various cryptographic techniques and algorithm during my engineering and was always curious to know more about it. Practically using these devices and understanding their importance is a wonderful experience for me. RSA and other cryptographic algorithms are highly used in web environment for authentication and secure trancations (like in htpps urls). OTP is yet another wonderful application of cryptography.

Bookmark and Share:
Find some related Blogs

  • Share/Bookmark

Tags: Uncategorized // Add Comment »

Discussion Area - Leave a Comment




« »

Enter your email address:

Delivered by FeedBurner