A security token (or sometimes a hardware token, hard token, authentication token, USB token, cryptographic token, or key fob) may be a physical device that an authorized user of computer services is given to ease authentication. The term may also refer to software tokens.
Security tokens are used to prove one's identity electronically (as in the case of a customer trying to access their bank account). The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.
Hardware tokens are typically small enough to be carried in a pocket or purse and often are designed to attach to the user's keychain. Some may store cryptographic keys, such as a digital signature, or biometric data, such as a fingerprint minutiae. Some designs feature tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generating routine with some display capability to show a generated key number. Special designs include a USB connector, RFID functions or Bluetooth wireless interface to enable transfer of a generated key number sequence to a client system.
This book is your ultimate resource for Security Tokens. Here you will find the most up-to-date information, analysis, background and everything you need to know.
In easy to read chapters, with extensive references and links to get you to know all there is to know about Security Tokens right away, covering: Security token, Access control list, Access Control Matrix, Atomic authorization, Authentication, Authorization, Bell-LaPadula model, Closed-loop authentication, Comparison of privilege authorization features, Computational trust, Context-based access control, Copy protection, Cryptographic log on, DACL, Database audit, DataLock Technology, Delegated administration, Delegation of Control, Digipass, Digital identity, Directory service, Discretionary access control, Distributed Access Control System, Draw a Secret, EAuthentication, Federated identity, Federated identity management, Form-based authentication, Global Trust Council, HERAS-AF, HTTP cookie, HTTP+HTML form-based authentication, IBM Lightweight Third-Party Authentication, IBM Tivoli Access Manager, Identity Assertion Provider, Identity driven networking, Initiative For Open Authentication, Integrated Windows Authentication, Internet Authentication Service, Java Authentication and Authorization Service, Location-based authentication, Logical access control, Login, LOMAC, Mandatory access control, MicroID, Microsoft Fingerprint Reader, Mobilegov, Multi-factor authentication, Mutual authentication, NemID, NIST RBAC model, OAuth, Object-capability model, One-time authorization code, One-time password, Organisation-based access control, PassWindow, Pre-boot authentication, Registered user, Restricting Access to Databases, Richacls, Risk-based authentication, Role hierarchy, Rootkit, Salute picture, Secure attention key, Security Assertion Markup Language, Security question, Security store, Single sign-on, SiteKey, Software token, Spring Security, Strong authentication, Subscriber Identity Module, Syncope (software), Time-based One-time Password Algorithm, Transaction authentication, Transaction authentication number, Tripcode, TUPAS, Two-factor authentication, Universal controls, Vidoop, Voms, Wilmagate, Windows credentials.
This book explains in-depth the real drivers and workings of Security Tokens. It reduces the risk of your technology, time and resources investment decisions by enabling you to compare your understanding of Security Tokens with the objectivity of experienced professionals.