Hard Token Implementation


Become a member to view the rest of the video: https://www.studynotesandtheory.com/signup

Hard Token Implementation

Look Up Secret Token

  • Consists of a claimant and a verifier

  • Uses grid-cards which consists of rows and columns

  • Both the claimant and the verifier have the same grid-card

  • How it works:

  • Claimant wants to access a remote site

  • The verifier sends a challenge in the form of the grid coordinates

  • Claimant sends back the code locations from the coordinates

  • If verifier asks for locations G9, A6, F7, claimant has to send back the codes 1Z, K9, P4

Vulnerabilities: Grid-card can be stolen, grid-card can be photographed

Out-of-Band Token

  • Authentication that can take place outside of the Internet i.e. phones

  • If you have 2-factor authentication with your bank, you use an out-of-band token when a code is sent to your phone

  • How it works:

  • First you enter a password (something you know)

  • Then your bank sends a code to your phone (something you have)

  • You enter this code into the bank's website and proceed to access your account

Vulnerabilities: Key loggers, call re-routing or call-forwarding, turning off 2-factor authentication

One-Time Password Device

  • A device in your possession that can generate a one-time passcode

  • Client's one-time password device can be synchronized to the server

  • How it works:

  • ​Client wants to access a system remotely

  • System presents a prompt for a one-time passcode

  • Client generates a one-time passcode and enters it to login

Vulnerabilities: Token can be stolen or copied (highly unlikely)

Cryptographic Device

  • Dedicated device which may contain private keys to calculate crypto operations

  • Commonly used with government employees and systems

Vulnerabilities: N/A

STUDY RESOURCES

"How To Think Like A Manager for the CISSP Exam" 

Now available

on Amazon Kindle! 

As an Amazon Associate I earn from qualifying purchases.

As an Amazon Associate I earn from qualifying purchases.

MEMBERSHIP
  • 231+ CISSP VIDEOS
  • 700+ PRACTICE QUESTIONS
  • PDF NOTES
  • 1,250 FLASHCARDS
  • TELEGRAM GROUP
  • MONTHLY
    EMAIL UPDATES
  • $29.99 per month
  • $74.99 3-months
  • $144.99 6-months
CRACK THE EXAM
LEARN ABOUT

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.