Hard Token Implementation

November 30, 2017

 

Become a member to view the rest of the video: https://www.studynotesandtheory.com/signup

 

Hard Token Implementation

 

Look Up Secret Token

  • Consists of a claimant and a verifier 

  • Uses grid-cards which consists of rows and columns

  • Both the claimant and the verifier have the same grid-card

  • How it works: 

    • Claimant wants to access a remote site 

    • The verifier sends a challenge in the form of the grid coordinates 

    • Claimant sends back the code locations from the coordinates 

      • If verifier asks for locations G9, A6, F7, claimant has to send back the codes 1Z, K9, P4

 

Vulnerabilities:  Grid-card can be stolen, grid-card can be photographed

 

Out-of-Band Token

  • Authentication that can take place outside of the Internet i.e. phones

  • If you have 2-factor authentication with your bank, you use an out-of-band token when a code is sent to your phone

  • How it works: 

    • First you enter a password (something you know)

    • Then your bank sends a code to your phone (something you have)

    • You enter this code into the bank's website and proceed to access your account

 

Vulnerabilities: Key loggers, call re-routing or call-forwarding, turning off 2-factor authentication

 

One-Time Password Device 

 

  • A device in your possession that can generate a one-time passcode

  • Client's one-time password device can be synchronized to the server

  • How it works:

    • ​Client wants to access a system remotely 

    • System presents a prompt for a one-time passcode

    • Client generates a one-time passcode and enters it to login

 

Vulnerabilities: Token can be stolen or copied (highly unlikely) 

 

Cryptographic Device

 

  • Dedicated device which may contain private keys to calculate crypto operations

  • Commonly used with government employees and systems 

Vulnerabilities: N/A

Share on Facebook
Share on Twitter
Please reload

STUDY RESOURCES
MEMBERSHIP
  • 200+ CISSP VIDEOS
  • 600+ PRACTICE QUESTIONS
  • PDF NOTES
  • 1,000 FLASHCARDS
  • TELEGRAM GROUP
  • EMAIL UPDATES
  • $29.99 per month
  • $74.99 3-months
  • $144.99 6-months
CRACK THE EXAM

How Guharaman Cracked His CISSP Exam

December 3, 2019

1/26
Please reload

LEARN ABOUT

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.