Security token

A aegis badge (or sometimes a accouterments token, hardbad token, affidavit token, USB token, cryptographic token,1 or key fob) may be a concrete accessory that an accustomed user of computer casework is accustomed to affluence authentication. The appellation may additionally accredit tocomputer application tokens

.

Security tokens are acclimated to prove one's character electronically (as in the case of a chump aggravating to admission their coffer account). The badge is acclimated in accession to or in abode of a countersign to prove that the chump is who they affirmation to be. The badge acts like an cyberbanking key to admission something.

Some may abundance cryptographic keys, such as a agenda signature, or biometric data, such as fingerprint minutiae. Some designs affection alter aggressive packaging, while others may accommodate baby keypads to acquiesce access of a PIN or a simple button to alpha a breeding accepted with some affectation adequacy to appearance a generated

Embodiments and vendors

Tokens can accommodate chips with functions capricious from actual simple to actual complex, including assorted affidavit methods. Commercial solutions are provided by a array of vendors, anniversary with their own proprietary (and generally patented) accomplishing of abnormally acclimated aegis features. Badge designs affair assertive aegis standards are certified as FIPS compliant. Tokens after any affectionate of acceptance are sometimes beheld as suspect, as they generally do not accommodated accustomed government or industry aegis standards, accept not been put through accurate testing, and acceptable cannot accommodate the aforementioned akin of cryptographic aegis as badge solutions which accept had their designs apart audited by 3rd affair agencies.

Disconnected tokens

Disconnected tokens accept neither a concrete nor analytic affiliation to the applicant computer. They about do not crave a appropriate ascribe device, and instead use a congenital awning to affectation the generated affidavit data, which the user enters manually themselves via a keyboard or keypad. Disconnected tokens are the best accepted blazon of aegis badge acclimated (usually in aggregate with a password) in two-factor affidavit for online identification.2

Connected tokens

Connected tokens are tokens that charge be physically affiliated to the applicant computer. Tokens in this class will automatically address the affidavit advice to the applicant computer already a concrete affiliation is made, eliminating the charge for the user to manually access the affidavit info. However, in adjustment to use a affiliated badge the adapted ascribe accessory charge be installed. The best accepted types of concrete tokens are acute cards and USB tokens, which crave a acute agenda clairvoyant and a USB anchorage respectively.

SmartCards

Many affiliated tokens use SmartCard technology. SmartCards can be actual bargain (around ten cents) and accommodate accurate aegis mechanisms (as acclimated by banking institutions, like banknote cards). However, computational achievement of SmartCards is generally rather bound because of acute low ability burning and ultra attenuate form-factor requirements.

Contactless tokens

Contactless tokens are the third capital blazon of concrete tokens. Unlike affiliated tokens, they anatomy a analytic affiliation to the applicant computer but do not crave a concrete connection. The absence of the charge for concrete acquaintance makes them added acceptable than both affiliated and broken tokens. As a aftereffect contactless tokens are a accepted best for keyless access systems and cyberbanking acquittal solutions such as Mobil Speedpass, which uses RFID to address affidavit advice from a keychain token. However, there accept been assorted aegis apropos aloft about RFID tokens afterwards advisers at Johns Hopkins University and RSA Laboratories apparent that RFID tags could be calmly absurd and cloned.3 Another downside is that contactless tokens accept almost abbreviate array lives; usually alone 3–5 years, which is low compared to USB tokens which may aftermost added than 10 years.citation needed Though some tokens do acquiesce the batteries to be changed, appropriately abbreviation costs.

Single sign-on software tokens

Some types of Distinct sign-on (SSO) solutions, like action distinct sign-on, use the badge to abundancecomputer application that allows for seamless affidavit and countersign filling. As the passwords are stored on the token, users charge not bethink their passwords and accordingly can baddest added defended passwords, or accept added defended passwords assigned.

Mobile device tokens

Mobile accessories tokens use a adaptable accretion accessory such as a acute buzz or book computer as the affidavit device. This provides defended two-factor affidavit that does not crave the user to backpack about an added concrete device. KeyVault offers a adaptable accessory affidavit band-aid that uses a cryptographic key for user authentication. This provides a aerial akin of aegis aegis including aegis from a Man-in-the-middle attack, which can action from a rogue Hotspot (Wi-Fi).