Security architecture[ edit ] There are two primary architectures for software tokens: shared secret and public-key cryptography. For a shared secret, an administrator will typically generate a configuration file for each end-user.
The file will contain a username, a personal identification numberand the secret. This configuration file is given to the user.
The shared secret architecture is potentially vulnerable in a number of areas. The configuration file can be compromised if it is stolen and jeton pentru computer token is copied.
Ce este un simbol și de ce este necesar Omenirea inventează în mod constant noi modalități de protecție împotriva intrușilor. Unul dintre ele este un token USB. Cum functioneazã? Ceea ce este el?
With time-based software tokens, it is possible to borrow an individual's PDA or laptop, set the clock forward, and generate codes that will be valid in the future. Any software token that uses shared secrets and stores the PIN alongside the shared secret in a software client jeton pentru computer be stolen and subjected to offline attacks. Shared secret tokens can be difficult to distribute, since each token is essentially a different piece of software.
Each user must receive a copy of the secret, which can create time constraints. Some newer software tokens rely on public-key cryptographyor asymmetric cryptography. This architecture eliminates some of the traditional weaknesses of software tokens, but does not affect their primary weakness ability to duplicate.
A PIN can be stored on a remote authentication server instead of with the token client, making a stolen software token no good unless opțiuni 0 100 PIN is known as well.
However, in the case of a virus infection the cryptographic material can be duplicated and then the PIN can be captured via keylogging or similar the next time the user authenticates.
If there are attempts made to guess the PIN, it can be detected and logged on the authentication server, which can disable the token. Using asymmetric cryptography also simplifies implementation, since the token client can generate its own key pair and exchange public keys with the server.