How do rsa tokens work

Jau L Jau L 1 1 gold badge 8 8 silver badges 16 16 bronze badges. What type of tokens? For a very complete explanation although not veeeeery technical , see ais-cur. This should be migrated to the security stack exchange. Moderator launch! Show 1 more comment. Active Oldest Votes. Improve this answer. Rather than reference "bottom of SecureID page in wikipedia" please link directly to the paragraph, or better yet, summarize here. Add a comment. VolkerK VolkerK And how can we be sure that the time on the token will be the same that on the server.

Of course they can start being the same, but unless it is a super duper atomic swiss watch, I don't think they will remain the same unless the token can be connected to internet from time to time to update the internal clock.

Those "unconnected" tokens usually have a lifespan. During that time the device's rtc must be accurate enough to "stay" within a certain timespan window. It doesn't matter much if it drifts for a second over two years; the server compensates by accepting a larger window within specified limits. But if the rcc drifts much further or loses track all together the token is void. VolterK Not completely true. You can't rely on "accurate enough" for this kind of things.

I found the actual answer on ais-cur. They adjust the possible time drifts with the input from the user. I don't have the space to give a more detail explanation here, but in the link I put they explain it very clear in the section "Valid Token Time Window and Clock Drift Adjustment".

Ok, that's a generous additional feature of the RSA turnkey solution. The authentication mechanism searches the local repository for a user profile that matches the user name typed by the user. If there is no match, the search is repeated in the directory service. If authentication fails, the authentication request falls back to TRITON administrator credentials if configured; otherwise the administrator cannot log on. The custom agent supports the creation of a new PIN, if required, as part of the authentication process.

Smart phones and PDA devices, of course, are much more costly than cards and readers or tokens, but if the users already carry them anyway, this can be the most cost-effective as well as the most convenient way to deploy two-factor authentication. Well-known security company RSA named after the popular Rivest Shamir Adleman public key encryption algorithm on which it held the patents provides SecurID authenticators in all three form factors. Authentication agents are available for:.

At the enterprise level, single sign-on is a big issue because users often much manage and remember multiple passwords. This creates frustration and can become a security issue as users resort to writing down passwords in order to remember them all. It also includes technology that allows users to reset their Windows logon passwords. Click OK to save the change. With its well-established reputation and widespread interoperability, RSA smart card or token authentication offers one of the best options for implementing multifactor authentication on your network.

She is also a tech editor, developmental editor and contributor to over 20 additional books.