The issue of electronic security is one of the most important in the modern world. Many different solutions have been proposed. Token is one of them. What is it and what features of its application exist?
Token - what is it?
Initially, we define the terminology. A token is a compact device that is designed to provide
information security to the user. It is used to identify its owner and the ability to provide secure remote access to all kinds of information.
Tokens can be used instead of a password or as an addition to it. Usually they are small in size and quietly fit in a wallet or pocket. More advanced versions also offer the ability to store cryptographic keys (electronic signature, biometric data). Token - what is it externally? Are they all the same? They differ in appearance, and not just in functionality: some have only a screen, others are supplemented with a miniature keyboard, and others just have a small button addition. Tokens are equipped with RFID functions, a USB connector or a Bluetooth interface to transfer the key to the client system. They are made by quite a lot of companies, and a wide range is presented. Among the leading manufacturers there are such enterprises: “E Token” and “RuToken”
Token Types
Tokens come with various functionalities, to the extent that they have several authentication methods. The simplest representatives do not need to be constantly connected to the computer. They generate numbers, and the user simply enters them into the form. There are tokens that use wireless technologies like Bluetooth. They act by transmitting a key sequence. A separate position is occupied by devices that are made in the manner of a USB device. They require a direct connection to the computer on which the data will be received.
The reactions of operating systems to different types of tokens vary. So, some can simply read the key and perform the required cryptographic operations. Others may additionally require a password. Commercial solutions to this technology are provided by companies, as a rule, with their own security mechanisms and implementation features. So, a USB token can be made in the form of a miniature flash drive, or a mobile communication device can act as such. Implementation is also possible when it disguises itself as a keychain or other unobtrusive thing.
Vulnerabilities
There are two main problems when using tokens:
- Loss or theft. If these processes were random, then there is nothing to worry about. But if these actions were committed by someone intentionally, then in this case two-factor authorization will help to minimize the risks, when to complete the identification process not only a token is needed, but also an access password (static or constantly generated and sent to the phone).
- The “man in the middle” scheme. This is manifested when working through an unreliable network (the Internet is a very good example). The essence of the scheme is that a cryptanalyst is connected to the data channel, which can read and change messages as desired. Moreover, none of the correspondents can understand (on the technical side of the matter) that these are not messages from his messaging partner.
Mobile devices as tokens
Token - what is it from such an unusual angle? Are there any features in comparison with the standard procedure? A mobile computing device, such as a smartphone or tablet, can be used as a token. They can also provide two-factor identification, which does not require that a person constantly have additional physical equipment with him. Some manufacturers have developed applications that are tokens, installed on mobile devices, and generate a cryptographic key. This solution allows for a high level of security, including the elimination of the “man in the middle” problems. Now we can say that the basic information about the token - what it is and how it functions - is known to you.