Tokens represent a virtually universal solution in the field of user authentication and the
protection of transmitted data. A leader on the market of these technologies is, no doubt, the
company
VASCO. Tokens are devices that
allow verification of a client's identity and the integrity of the transmitted message, and meet
the strictest requirement for security.
Tokens usually look like a common calculator, but they also exist in purely software form.
Client's authentication code
The token generates a sequence of codes depending on the token's internal parameters
(unique for each token). Both communicating parties know the token's internal parameters,
while it is ensured that the parameters cannot be known by a third party. No previous codes can be
used (without the knowledge of the token's internal parameters) to calculate (or predict) the
next code.
The sender (client) uses his or her token to generate an authentication code that he or she
submits to the recipient (e.g., a bank). The recipient's authentication server calculates the
expected code and compares the codes to verify the sender's identity.
Message authentication code (MAC)
The function generating a message authentication code (MAC) is in principle similar to the
generation of a client's authentication code. For generation of a message authentication code,
the token's internal parameters are complemented with selected information from the message
(the amount, the other party's account number, etc.) The sender generates an authentication
code (MAC) and sends it together with the message to the recipient. The recipient calculates the
expected code and compares the codes to verify the sender's identity and the integrity of the
message (if any of the protected data, i.e., the data entered to calculate the code, were changed,
the codes will not match).
Protection of tokens against abuse
The use of a token is protected with a PIN. This prevents the token from being used if
stolen.
Presentation of Digipass GO1 token
