Become a member to view the rest of the video: https://www.studynotesandtheory.com/signup

Hard Token Implementation

Look Up Secret Token

• Consists of a claimant and a verifier

• Uses grid-cards which consists of rows and columns

• Both the claimant and the verifier have the same grid-card

• How it works:

• Claimant wants to access a remote site

• The verifier sends a challenge in the form of the grid coordinates

• Claimant sends back the code locations from the coordinates

• If verifier asks for locations G9, A6, F7, claimant has to send back the codes 1Z, K9, P4

Vulnerabilities: Grid-card can be stolen, grid-card can be photographed

Out-of-Band Token

• Authentication that can take place outside of the Internet i.e. phones

• If you have 2-factor authentication with your bank, you use an out-of-band token when a code is sent to your phone

• How it works:

• First you enter a password (something you know)

• Then your bank sends a code to your phone (something you have)

• You enter this code into the bank's website and proceed to access your account

Vulnerabilities: Key loggers, call re-routing or call-forwarding, turning off 2-factor authentication

One-Time Password Device

• A device in your possession that can generate a one-time passcode

• Client's one-time password device can be synchronized to the server

• How it works:

• ​Client wants to access a system remotely

• System presents a prompt for a one-time passcode

• Client generates a one-time passcode and enters it to login

Vulnerabilities: Token can be stolen or copied (highly unlikely)

Cryptographic Device

• Dedicated device which may contain private keys to calculate crypto operations

• Commonly used with government employees and systems

Vulnerabilities: N/A